OpenVPN
manage.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#ifdef ENABLE_MANAGEMENT
30
31#include "error.h"
32#include "fdmisc.h"
33#include "options.h"
34#include "base64.h"
35#include "sig.h"
36#include "event.h"
37#include "otime.h"
38#include "integer.h"
39#include "misc.h"
40#include "ssl.h"
41#include "common.h"
42#include "manage.h"
43#include "openvpn.h"
44#include "dco.h"
45#include "push.h"
46#include "multi.h"
47
48#include "memdbg.h"
49
50#ifdef ENABLE_PKCS11
51#include "pkcs11.h"
52#endif
53
54#define MANAGEMENT_ECHO_PULL_INFO 0
55
56#if MANAGEMENT_ECHO_PULL_INFO
57#define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
58#else
59#define MANAGEMENT_ECHO_FLAGS 0
60#endif
61
62/*
63 * Management client versions indicating feature support in client.
64 * Append new values as needed but do not change exisiting ones.
65 */
74
75struct management *management; /* GLOBAL */
76
77/* static forward declarations */
78static void man_output_standalone(struct management *man, volatile int *signal_received);
79
80static void man_reset_client_socket(struct management *man, const bool exiting);
81
82static void
83man_help(void)
84{
85 msg(M_CLIENT, "Management Interface for %s", title_string);
86 msg(M_CLIENT, "Commands:");
87 msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
88 msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
89 msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
90 msg(M_CLIENT,
91 "cr-response response : Send a challenge response answer via CR_RESPONSE to server");
92 msg(M_CLIENT, "exit|quit : Close management session.");
93 msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
94 msg(M_CLIENT, "help : Print this message.");
95 msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
96 msg(M_CLIENT, " release current hold and start tunnel.");
97 msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
98 msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
99 msg(M_CLIENT, "load-stats : Show global server load stats.");
100 msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
101 msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
102 msg(M_CLIENT,
103 "mute [n] : Set log mute level to n, or show level if n is absent.");
104 msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
105 msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
106 msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
107 msg(M_CLIENT, " where action is reply string.");
108 msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
109 msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
110 msg(M_CLIENT, "password type : (version >=5) Enter password base64-encoded on");
111 msg(M_CLIENT, " subsequent lines followed by END.");
112 msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
113 msg(M_CLIENT, "remote-entry-count : Get number of available remote entries.");
114 msg(M_CLIENT, "remote-entry-get i|all [j]: Get remote entry at index = i to to j-1 or all.");
115 msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
116 msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
117#ifdef ENABLE_PKCS11
118 msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
119 msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
120#endif
121 msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
122 msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
123 msg(M_CLIENT,
124 "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
125 msg(M_CLIENT, " text R and optional client reason text CR");
126 msg(M_CLIENT,
127 "client-pending-auth CID KID MSG timeout : Instruct OpenVPN to send AUTH_PENDING and INFO_PRE msg");
128 msg(M_CLIENT,
129 " to the client and wait for a final client-auth/client-deny");
130 msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
131 msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
132 msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
133 msg(M_CLIENT,
134 " Enter signature base64 on subsequent lines followed by END");
135 msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
136 msg(M_CLIENT,
137 " Enter signature base64 on subsequent lines followed by END");
138 msg(M_CLIENT,
139 "certificate : Enter a client certificate in response to >NEED-CERT challenge");
140 msg(M_CLIENT,
141 " Enter certificate base64 on subsequent lines followed by END");
142 msg(M_CLIENT, "signal s : Send signal s to daemon,");
143 msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
144 msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
145 msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
146 msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
147 msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
148 msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
149 msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
150 msg(M_CLIENT, "push-update-broad options : Broadcast a message to update the specified options.");
151 msg(M_CLIENT, " Ex. push-update-broad \"route something, -dns\"");
152 msg(M_CLIENT, "push-update-cid CID options : Send an update message to the client identified by CID.");
153 msg(M_CLIENT, "END");
154}
155
156static const char *
157man_state_name(const int state)
158{
159 switch (state)
160 {
161 case OPENVPN_STATE_INITIAL:
162 return "INITIAL";
163
164 case OPENVPN_STATE_CONNECTING:
165 return "CONNECTING";
166
167 case OPENVPN_STATE_WAIT:
168 return "WAIT";
169
170 case OPENVPN_STATE_AUTH:
171 return "AUTH";
172
173 case OPENVPN_STATE_GET_CONFIG:
174 return "GET_CONFIG";
175
176 case OPENVPN_STATE_ASSIGN_IP:
177 return "ASSIGN_IP";
178
179 case OPENVPN_STATE_ADD_ROUTES:
180 return "ADD_ROUTES";
181
182 case OPENVPN_STATE_CONNECTED:
183 return "CONNECTED";
184
185 case OPENVPN_STATE_RECONNECTING:
186 return "RECONNECTING";
187
188 case OPENVPN_STATE_EXITING:
189 return "EXITING";
190
191 case OPENVPN_STATE_RESOLVE:
192 return "RESOLVE";
193
194 case OPENVPN_STATE_TCP_CONNECT:
195 return "TCP_CONNECT";
196
197 case OPENVPN_STATE_AUTH_PENDING:
198 return "AUTH_PENDING";
199
200 default:
201 return "?";
202 }
203}
204
205static void
206man_welcome(struct management *man)
207{
208 msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
209 MANAGEMENT_VERSION);
210 if (man->persist.special_state_msg)
211 {
212 msg(M_CLIENT, "%s", man->persist.special_state_msg);
213 }
214}
215
216static inline bool
217man_password_needed(struct management *man)
218{
219 return man->settings.up.defined && !man->connection.password_verified;
220}
221
222static void
223man_check_password(struct management *man, const char *line)
224{
225 if (man_password_needed(man))
226 {
227 /* This comparison is not fixed time but since strlen(time) is based on
228 * the attacker choice, it should not give any indication of the real
229 * password length, use + 1 to include the NUL byte that terminates the
230 * string*/
231 size_t compare_len =
232 min_size(strlen(line) + 1, sizeof(man->settings.up.password));
233 if (memcmp_constant_time(line, man->settings.up.password, compare_len) == 0)
234 {
235 man->connection.password_verified = true;
236 msg(M_CLIENT, "SUCCESS: password is correct");
237 man_welcome(man);
238 }
239 else
240 {
241 man->connection.password_verified = false;
242 msg(M_CLIENT, "ERROR: bad password");
243 if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES)
244 {
245 msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
246 MANAGEMENT_N_PASSWORD_RETRIES);
247 man->connection.halt = true;
248 }
249 }
250 }
251}
252
253static void
254man_update_io_state(struct management *man)
255{
256 if (socket_defined(man->connection.sd_cli))
257 {
258 if (buffer_list_defined(man->connection.out))
259 {
260 man->connection.state = MS_CC_WAIT_WRITE;
261 }
262 else
263 {
264 man->connection.state = MS_CC_WAIT_READ;
265 }
266 }
267}
268
269static void
270man_output_list_push_finalize(struct management *man)
271{
272 if (management_connected(man))
273 {
274 man_update_io_state(man);
275 if (!man->persist.standalone_disabled)
276 {
277 volatile int signal_received = 0;
278 man_output_standalone(man, &signal_received);
279 }
280 }
281}
282
283static void
284man_output_list_push_str(struct management *man, const char *str)
285{
286 if (management_connected(man) && str)
287 {
288 buffer_list_push(man->connection.out, str);
289 }
290}
291
292static void
293man_output_list_push(struct management *man, const char *str)
294{
295 man_output_list_push_str(man, str);
296 man_output_list_push_finalize(man);
297}
298
299static void
300man_prompt(struct management *man)
301{
302 if (man_password_needed(man))
303 {
304 man_output_list_push(man, "ENTER PASSWORD:");
305 }
306#if 0 /* should we use prompt? */
307 else
308 {
309 man_output_list_push(man, ">");
310 }
311#endif
312}
313
314
319static void
320report_command_status(const bool status, const char *command)
321{
322 if (status)
323 {
324 msg(M_CLIENT, "SUCCESS: %s command succeeded", command);
325 }
326 else
327 {
328 msg(M_CLIENT, "ERROR: %s command failed", command);
329 }
330}
331
332static void
333man_delete_unix_socket(struct management *man)
334{
335#if UNIX_SOCK_SUPPORT
336 if ((man->settings.flags & (MF_UNIX_SOCK | MF_CONNECT_AS_CLIENT)) == MF_UNIX_SOCK)
337 {
338 socket_delete_unix(&man->settings.local_unix);
339 }
340#endif
341}
342
343static void
344man_close_socket(struct management *man, const socket_descriptor_t sd)
345{
346#ifndef _WIN32
347 /*
348 * Windows doesn't need this because the ne32 event is permanently
349 * enabled at struct management scope.
350 */
351 if (man->persist.callback.delete_event)
352 {
353 (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
354 }
355#endif
356 openvpn_close_socket(sd);
357}
358
359static void
360virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
361{
362 struct management *man = (struct management *)arg;
363 static int recursive_level = 0; /* GLOBAL */
364
365#define AF_DID_PUSH (1 << 0)
366#define AF_DID_RESET (1 << 1)
367 if (recursive_level < 5) /* limit recursion */
368 {
369 struct gc_arena gc = gc_new();
370 struct log_entry e;
371 const char *out = NULL;
372 unsigned int action_flags = 0;
373
374 ++recursive_level;
375
376 CLEAR(e);
377 update_time();
378 e.timestamp = now;
379 e.u.msg_flags = flags;
380 e.string = str;
381
382 if (flags & M_FATAL)
383 {
384 man->persist.standalone_disabled = false;
385 }
386
387 if (flags != M_CLIENT)
388 {
389 log_history_add(man->persist.log, &e);
390 }
391
392 if (!man_password_needed(man))
393 {
394 if (flags == M_CLIENT)
395 {
396 out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
397 }
398 else if (man->connection.log_realtime)
399 {
400 out = log_entry_print(&e,
401 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS
402 | LOG_PRINT_LOG_PREFIX | LOG_PRINT_CRLF,
403 &gc);
404 }
405 if (out)
406 {
407 man_output_list_push_str(man, out);
408 action_flags |= AF_DID_PUSH;
409 }
410 if (flags & M_FATAL)
411 {
412 out = log_entry_print(&e, LOG_FATAL_NOTIFY | LOG_PRINT_CRLF, &gc);
413 if (out)
414 {
415 man_output_list_push_str(man, out);
416 action_flags |= (AF_DID_PUSH | AF_DID_RESET);
417 }
418 }
419 }
420
421 gc_free(&gc);
422
423 if (action_flags & AF_DID_PUSH)
424 {
425 man_output_list_push_finalize(man);
426 }
427 if (action_flags & AF_DID_RESET)
428 {
429 man_reset_client_socket(man, true);
430 }
431
432 --recursive_level;
433 }
434 else
435 {
436 /* cannot use msg here */
437 printf("virtual_output: message to management interface "
438 "dropped due to recursion: <%s>\n",
439 str);
440 }
441}
442
443/*
444 * Given a signal, return the signal with possible remapping applied,
445 * or -1 if the signal should be ignored.
446 */
447static int
448man_mod_signal(const struct management *man, const int signum)
449{
450 const unsigned int flags = man->settings.mansig;
451 int s = signum;
452 if (s == SIGUSR1)
453 {
454 if (flags & MANSIG_MAP_USR1_TO_HUP)
455 {
456 s = SIGHUP;
457 }
458 if (flags & MANSIG_MAP_USR1_TO_TERM)
459 {
460 s = SIGTERM;
461 }
462 }
463 if (flags & MANSIG_IGNORE_USR1_HUP)
464 {
465 if (s == SIGHUP || s == SIGUSR1)
466 {
467 s = -1;
468 }
469 }
470 return s;
471}
472
473static void
474man_signal(struct management *man, const char *name)
475{
476 const int sig = parse_signal(name);
477 if (sig >= 0)
478 {
479 const int sig_mod = man_mod_signal(man, sig);
480 if (sig_mod >= 0)
481 {
482 throw_signal(sig_mod);
483 msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
484 }
485 else
486 {
487 msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
488 if (man->persist.special_state_msg)
489 {
490 msg(M_CLIENT, "%s", man->persist.special_state_msg);
491 }
492 }
493 }
494 else
495 {
496 msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
497 }
498}
499
500static void
501man_command_unsupported(const char *command_name)
502{
503 msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode",
504 command_name);
505}
506
507static void
508man_status(struct management *man, const int version, struct status_output *so)
509{
510 if (man->persist.callback.status)
511 {
512 (*man->persist.callback.status)(man->persist.callback.arg, version, so);
513 }
514 else
515 {
516 man_command_unsupported("status");
517 }
518}
519
520static void
526
527static void
528man_bytecount(struct management *man, const int update_seconds)
529{
530 if (update_seconds > 0)
531 {
532 man->connection.bytecount_update_seconds = update_seconds;
533 event_timeout_init(&man->connection.bytecount_update_interval,
534 man->connection.bytecount_update_seconds, now);
535 }
536 else
537 {
538 man_bytecount_stop(man);
539 }
540
541 /* The newly received bytecount interval may be sooner than the existing
542 * coarse timer wakeup. Reset the timer to ensure it fires at the correct,
543 * earlier time.
544 */
545 if (man->persist.callback.arg)
546 {
547 struct context *c;
548
549 if (man->settings.flags & MF_SERVER)
550 {
551 struct multi_context *m = man->persist.callback.arg;
552 c = &m->top;
553 }
554 else
555 {
556 c = man->persist.callback.arg;
557 }
558
559 reset_coarse_timers(c);
560 }
561
562 msg(M_CLIENT, "SUCCESS: bytecount interval changed");
563}
564
565static void
566man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
567{
568 char in[32];
569 char out[32];
570
571 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
572 snprintf(in, sizeof(in), counter_format, bytes_in_total);
573 snprintf(out, sizeof(out), counter_format, bytes_out_total);
574 msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
575}
576
577static void
578man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total,
579 struct man_def_auth_context *mdac)
580{
581 char in[32];
582 char out[32];
583 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
584 snprintf(in, sizeof(in), counter_format, bytes_in_total);
585 snprintf(out, sizeof(out), counter_format, bytes_out_total);
586 msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
587}
588
589static void
590man_kill(struct management *man, const char *victim)
591{
592 struct gc_arena gc = gc_new();
593
594 if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr)
595 {
596 struct buffer buf;
597 char p1[128];
598 char p2[128];
599 char p3[128];
600 int n_killed;
601
602 buf_set_read(&buf, (uint8_t *)victim, strlen(victim) + 1);
603 buf_parse(&buf, ':', p1, sizeof(p1));
604 buf_parse(&buf, ':', p2, sizeof(p2));
605 buf_parse(&buf, ':', p3, sizeof(p3));
606
607 if (strlen(p1) && strlen(p2) && strlen(p3))
608 {
609 /* IP:port specified */
610 bool status;
611 const in_addr_t addr =
612 getaddr(GETADDR_HOST_ORDER | GETADDR_MSG_VIRT_OUT, p2, 0, &status, NULL);
613 if (status)
614 {
615 const int port = atoi(p3);
616 const uint8_t proto = (streq(p1, "tcp")) ? PROTO_TCP_SERVER
617 : (streq(p1, "udp")) ? PROTO_UDP
618 : PROTO_NONE;
619
620 if ((port > 0 && port <= UINT16_MAX) && (proto != PROTO_NONE))
621 {
622 n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg,
623 addr, (uint16_t)port, proto);
624 if (n_killed > 0)
625 {
626 msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%s:%d killed", n_killed,
627 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
628 port);
629 }
630 else
631 {
632 msg(M_CLIENT, "ERROR: client at address %s:%s:%d not found",
633 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
634 port);
635 }
636 }
637 else
638 {
639 msg(M_CLIENT, "ERROR: port number or protocol out of range: %s %s", p3, p1);
640 }
641 }
642 else
643 {
644 msg(M_CLIENT, "ERROR: error parsing IP address: %s", p2);
645 }
646 }
647 else if (strlen(p1))
648 {
649 /* common name specified */
650 n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
651 if (n_killed > 0)
652 {
653 msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
654 }
655 else
656 {
657 msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
658 }
659 }
660 else
661 {
662 msg(M_CLIENT, "ERROR: kill parse");
663 }
664 }
665 else
666 {
667 man_command_unsupported("kill");
668 }
669
670 gc_free(&gc);
671}
672
673/*
674 * General-purpose history command handler
675 * for the log and echo commands.
676 */
677static void
678man_history(struct management *man, const char *parm, const char *type, struct log_history *log,
679 bool *realtime, const unsigned int lep_flags)
680{
681 struct gc_arena gc = gc_new();
682 int n = 0;
683
684 if (streq(parm, "on"))
685 {
686 *realtime = true;
687 msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
688 }
689 else if (streq(parm, "off"))
690 {
691 *realtime = false;
692 msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
693 }
694 else if (streq(parm, "all") || (n = atoi(parm)) > 0)
695 {
696 const int size = log_history_size(log);
697 const int start = (n ? n : size) - 1;
698 int i;
699
700 for (i = start; i >= 0; --i)
701 {
702 const struct log_entry *e = log_history_ref(log, i);
703 if (e)
704 {
705 const char *out = log_entry_print(e, lep_flags, &gc);
706 virtual_output_callback_func(man, M_CLIENT, out);
707 }
708 }
709 msg(M_CLIENT, "END");
710 }
711 else
712 {
713 msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
714 }
715
716 gc_free(&gc);
717}
718
719static void
720man_log(struct management *man, const char *parm)
721{
722 man_history(man, parm, "log", man->persist.log, &man->connection.log_realtime,
723 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS);
724}
725
726static void
727man_echo(struct management *man, const char *parm)
728{
729 man_history(man, parm, "echo", man->persist.echo, &man->connection.echo_realtime,
730 LOG_PRINT_INT_DATE | MANAGEMENT_ECHO_FLAGS);
731}
732
733static void
734man_state(struct management *man, const char *parm)
735{
736 man_history(man, parm, "state", man->persist.state, &man->connection.state_realtime,
737 LOG_PRINT_INT_DATE | LOG_PRINT_STATE | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP);
738}
739
740static void
741man_up_finalize(struct management *man)
742{
743 switch (man->connection.up_query_mode)
744 {
745 case UP_QUERY_USERNAME:
746 if (strlen(man->connection.up_query.username))
747 {
748 man->connection.up_query.defined = true;
749 }
750 break;
751
752 case UP_QUERY_USER_PASS:
753 if (!strlen(man->connection.up_query.username))
754 {
755 break;
756 }
757
758 /* fall through */
759 case UP_QUERY_PASS:
760 case UP_QUERY_NEED_OK:
761 case UP_QUERY_NEED_STR:
762 if (strlen(man->connection.up_query.password))
763 {
764 man->connection.up_query.defined = true;
765 }
766 break;
767
768 case UP_QUERY_DISABLED:
769 man->connection.up_query.defined = false;
770 break;
771
772 default:
773 ASSERT(0);
774 }
775}
776
777static void
778man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed,
779 const char *prompt, char *dest, int len)
780{
781 if (needed)
782 {
783 ASSERT(man->connection.up_query_type);
784 if (streq(man->connection.up_query_type, type))
785 {
786 strncpynt(dest, string, len);
787 man_up_finalize(man);
788 msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified", type, prompt);
789 }
790 else
791 {
792 msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'", prompt,
793 type, man->connection.up_query_type);
794 }
795 }
796 else
797 {
798 msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
799 }
800}
801
802static void
803man_query_username(struct management *man, const char *type, const char *string)
804{
805 const bool needed =
806 ((man->connection.up_query_mode == UP_QUERY_USER_PASS
807 || man->connection.up_query_mode == UP_QUERY_USERNAME)
808 && man->connection.up_query_type);
809 man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username,
810 USER_PASS_LEN);
811}
812
813static void
814man_query_password(struct management *man, const char *type, const char *string)
815{
816 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
817 || man->connection.up_query_mode == UP_QUERY_USER_PASS)
818 && man->connection.up_query_type);
819 if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
820 {
821 string = blank_up;
822 }
823 man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password,
824 USER_PASS_LEN);
825}
826
827static void
828man_query_need_ok(struct management *man, const char *type, const char *action)
829{
830 const bool needed =
831 ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
832 man_query_user_pass(man, type, action, needed, "needok-confirmation",
833 man->connection.up_query.password, USER_PASS_LEN);
834}
835
836static void
837man_query_need_str(struct management *man, const char *type, const char *action)
838{
839 const bool needed =
840 ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
841 man_query_user_pass(man, type, action, needed, "needstr-string",
842 man->connection.up_query.password, USER_PASS_LEN);
843}
844
845static void
846man_forget_passwords(struct management *man)
847{
848 ssl_purge_auth(false);
849 (void)ssl_clean_auth_token();
850 msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
851}
852
853static void
854man_net(struct management *man)
855{
856 if (man->persist.callback.show_net)
857 {
858 (*man->persist.callback.show_net)(man->persist.callback.arg, M_CLIENT);
859 }
860 else
861 {
862 man_command_unsupported("net");
863 }
864}
865
866static void
867man_send_cc_message(struct management *man, const char *message, const char *parameters)
868{
869 if (man->persist.callback.send_cc_message)
870 {
871 const bool status = (*man->persist.callback.send_cc_message)(man->persist.callback.arg,
872 message, parameters);
873 if (status)
874 {
875 msg(M_CLIENT, "SUCCESS: command succeeded");
876 }
877 else
878 {
879 msg(M_CLIENT, "ERROR: command failed");
880 }
881 }
882 else
883 {
884 man_command_unsupported("cr-repsonse");
885 }
886}
887#ifdef ENABLE_PKCS11
888
889static void
890man_pkcs11_id_count(struct management *man)
891{
892 msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
893}
894
895static void
896man_pkcs11_id_get(struct management *man, const int index)
897{
898 char *id = NULL;
899 char *base64 = NULL;
900
901 if (pkcs11_management_id_get(index, &id, &base64))
902 {
903 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
904 }
905 else
906 {
907 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
908 }
909
910 free(id);
911 free(base64);
912}
913
914#endif /* ifdef ENABLE_PKCS11 */
915
916static void
917man_remote_entry_count(struct management *man)
918{
919 unsigned count = 0;
920 if (man->persist.callback.remote_entry_count)
921 {
922 count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
923 msg(M_CLIENT, "%u", count);
924 msg(M_CLIENT, "END");
925 }
926 else
927 {
928 man_command_unsupported("remote-entry-count");
929 }
930}
931
932static void
933man_remote_entry_get(struct management *man, const char *p1, const char *p2)
934{
935 ASSERT(p1);
936
937 if (man->persist.callback.remote_entry_get && man->persist.callback.remote_entry_count)
938 {
939 unsigned int count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
940
941 unsigned int from = (unsigned int)atoi(p1);
942 unsigned int to = p2 ? (unsigned int)atoi(p2) : from + 1;
943
944 if (!strcmp(p1, "all"))
945 {
946 from = 0;
947 to = count;
948 }
949
950 for (unsigned int i = from; i < min_uint(to, count); i++)
951 {
952 char *remote = NULL;
953 bool res =
954 (*man->persist.callback.remote_entry_get)(man->persist.callback.arg, i, &remote);
955 if (res && remote)
956 {
957 msg(M_CLIENT, "%u,%s", i, remote);
958 }
959 free(remote);
960 }
961 msg(M_CLIENT, "END");
962 }
963 else
964 {
965 man_command_unsupported("remote-entry-get");
966 }
967}
968
969static void
970man_hold(struct management *man, const char *cmd)
971{
972 if (cmd)
973 {
974 if (streq(cmd, "on"))
975 {
976 man->settings.flags |= MF_HOLD;
977 msg(M_CLIENT, "SUCCESS: hold flag set to ON");
978 }
979 else if (streq(cmd, "off"))
980 {
981 man->settings.flags &= ~MF_HOLD;
982 msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
983 }
984 else if (streq(cmd, "release"))
985 {
986 man->persist.hold_release = true;
987 msg(M_CLIENT, "SUCCESS: hold release succeeded");
988 }
989 else
990 {
991 msg(M_CLIENT, "ERROR: bad hold command parameter");
992 }
993 }
994 else
995 {
996 msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
997 }
998}
999
1000#define IER_RESET 0
1001#define IER_NEW 1
1002
1003static void
1004in_extra_reset(struct man_connection *mc, const int mode)
1005{
1006 if (mc)
1007 {
1008 if (mode != IER_NEW)
1009 {
1010 mc->in_extra_cmd = IEC_UNDEF;
1011 mc->in_extra_cid = 0;
1012 mc->in_extra_kid = 0;
1013 }
1014 if (mc->in_extra)
1015 {
1016 buffer_list_free(mc->in_extra);
1017 mc->in_extra = NULL;
1018 }
1019 if (mode == IER_NEW)
1020 {
1021 mc->in_extra = buffer_list_new();
1022 }
1023 }
1024}
1025
1039static void
1040man_query_password_base64(struct management *man, const char *type)
1041{
1042 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
1043 || man->connection.up_query_mode == UP_QUERY_USER_PASS)
1044 && man->connection.up_query_type);
1045 if (!needed)
1046 {
1047 msg(M_CLIENT, "ERROR: no password is currently needed at this time");
1048 return;
1049 }
1050 if (!man->connection.up_query_type || !streq(man->connection.up_query_type, type))
1051 {
1052 msg(M_CLIENT, "ERROR: password of type '%s' entered, but we need one of type '%s'",
1053 type, man->connection.up_query_type);
1054 return;
1055 }
1056 struct man_connection *mc = &man->connection;
1057 mc->in_extra_cmd = IEC_PASSWORD;
1058 in_extra_reset(mc, IER_NEW);
1059}
1060
1061static void
1062in_extra_dispatch(struct management *man)
1063{
1064 switch (man->connection.in_extra_cmd)
1065 {
1066 case IEC_CLIENT_AUTH:
1067 if (man->persist.callback.client_auth)
1068 {
1069 const bool status = (*man->persist.callback.client_auth)(
1070 man->persist.callback.arg, man->connection.in_extra_cid,
1071 man->connection.in_extra_kid, true, NULL, NULL, man->connection.in_extra);
1072 man->connection.in_extra = NULL;
1073 report_command_status(status, "client-auth");
1074 }
1075 else
1076 {
1077 man_command_unsupported("client-auth");
1078 }
1079 break;
1080
1081 case IEC_PK_SIGN:
1082 man->connection.ext_key_state = EKS_READY;
1083 buffer_list_free(man->connection.ext_key_input);
1084 man->connection.ext_key_input = man->connection.in_extra;
1085 man->connection.in_extra = NULL;
1086 return;
1087
1088 case IEC_CERTIFICATE:
1089 man->connection.ext_cert_state = EKS_READY;
1090 buffer_list_free(man->connection.ext_cert_input);
1091 man->connection.ext_cert_input = man->connection.in_extra;
1092 man->connection.in_extra = NULL;
1093 return;
1094
1095 case IEC_PASSWORD:
1096 {
1097 char decoded[USER_PASS_LEN];
1098 CLEAR(decoded);
1099
1100 buffer_list_aggregate(man->connection.in_extra,
1101 OPENVPN_BASE64_LENGTH(USER_PASS_LEN) + 1024);
1102 struct buffer *buf = buffer_list_peek(man->connection.in_extra);
1103
1104 if (buf && BLEN(buf) > 0)
1105 {
1106 if (OPENVPN_BASE64_DECODED_LENGTH(BLEN(buf)) >= USER_PASS_LEN)
1107 {
1108 msg(M_CLIENT, "ERROR: password too long");
1109 buf_clear(buf);
1110 break;
1111 }
1112 int len = openvpn_base64_decode(BSTR(buf), decoded,
1113 USER_PASS_LEN - 1);
1114 if (len < 0)
1115 {
1116 msg(M_CLIENT, "ERROR: could not base64-decode password");
1117 buf_clear(buf);
1118 break;
1119 }
1120 decoded[len] = '\0';
1121 buf_clear(buf);
1122 }
1123
1124 man_query_password(man, man->connection.up_query_type,
1125 decoded);
1126 secure_memzero(decoded, sizeof(decoded));
1127 break;
1128 }
1129 }
1130 in_extra_reset(&man->connection, IER_RESET);
1131}
1132
1133static bool
1134parse_cid(const char *str, unsigned long *cid)
1135{
1136 if (sscanf(str, "%lu", cid) == 1)
1137 {
1138 return true;
1139 }
1140 else
1141 {
1142 msg(M_CLIENT, "ERROR: cannot parse CID");
1143 return false;
1144 }
1145}
1146
1147static bool
1148parse_uint(const char *str, const char *what, unsigned int *uint)
1149{
1150 if (sscanf(str, "%u", uint) == 1)
1151 {
1152 return true;
1153 }
1154 else
1155 {
1156 msg(M_CLIENT, "ERROR: cannot parse %s", what);
1157 return false;
1158 }
1159}
1160
1172static void
1173man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str,
1174 const char *extra, const char *timeout_str)
1175{
1176 unsigned long cid = 0;
1177 unsigned int kid = 0;
1178 unsigned int timeout = 0;
1179 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid)
1180 && parse_uint(timeout_str, "TIMEOUT", &timeout))
1181 {
1182 if (man->persist.callback.client_pending_auth)
1183 {
1184 bool ret = (*man->persist.callback.client_pending_auth)(man->persist.callback.arg, cid,
1185 kid, extra, timeout);
1186
1187 if (ret)
1188 {
1189 msg(M_CLIENT, "SUCCESS: client-pending-auth command succeeded");
1190 }
1191 else
1192 {
1193 msg(M_CLIENT, "ERROR: client-pending-auth command failed."
1194 " Extra parameter might be too long");
1195 }
1196 }
1197 else
1198 {
1199 man_command_unsupported("client-pending-auth");
1200 }
1201 }
1202}
1203
1204static void
1205man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
1206{
1207 struct man_connection *mc = &man->connection;
1208 mc->in_extra_cid = 0;
1209 mc->in_extra_kid = 0;
1210 if (parse_cid(cid_str, &mc->in_extra_cid) && parse_uint(kid_str, "KID", &mc->in_extra_kid))
1211 {
1212 mc->in_extra_cmd = IEC_CLIENT_AUTH;
1213 in_extra_reset(mc, IER_NEW);
1214 if (!extra)
1215 {
1216 in_extra_dispatch(man);
1217 }
1218 }
1219}
1220
1221static void
1222man_client_deny(struct management *man, const char *cid_str, const char *kid_str,
1223 const char *reason, const char *client_reason)
1224{
1225 unsigned long cid = 0;
1226 unsigned int kid = 0;
1227 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid))
1228 {
1229 if (man->persist.callback.client_auth)
1230 {
1231 const bool status = (*man->persist.callback.client_auth)(
1232 man->persist.callback.arg, cid, kid, false, reason, client_reason, NULL);
1233 if (status)
1234 {
1235 msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1236 }
1237 else
1238 {
1239 msg(M_CLIENT, "ERROR: client-deny command failed");
1240 }
1241 }
1242 else
1243 {
1244 man_command_unsupported("client-deny");
1245 }
1246 }
1247}
1248
1249static void
1250man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1251{
1252 unsigned long cid = 0;
1253 if (parse_cid(cid_str, &cid))
1254 {
1255 if (man->persist.callback.kill_by_cid)
1256 {
1257 const bool status =
1258 (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1259 if (status)
1260 {
1261 msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1262 }
1263 else
1264 {
1265 msg(M_CLIENT, "ERROR: client-kill command failed");
1266 }
1267 }
1268 else
1269 {
1270 man_command_unsupported("client-kill");
1271 }
1272 }
1273}
1274
1275static void
1276man_client_n_clients(struct management *man)
1277{
1278 if (man->persist.callback.n_clients)
1279 {
1280 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1281 msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1282 }
1283 else
1284 {
1285 man_command_unsupported("nclients");
1286 }
1287}
1288
1289static void
1290man_env_filter(struct management *man, const int level)
1291{
1292 man->connection.env_filter_level = level;
1293 msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1294}
1295
1296
1297static void
1298man_pk_sig(struct management *man, const char *cmd_name)
1299{
1300 struct man_connection *mc = &man->connection;
1301 if (mc->ext_key_state == EKS_SOLICIT)
1302 {
1303 mc->ext_key_state = EKS_INPUT;
1304 mc->in_extra_cmd = IEC_PK_SIGN;
1305 in_extra_reset(mc, IER_NEW);
1306 }
1307 else
1308 {
1309 msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1310 }
1311}
1312
1313static void
1314man_certificate(struct management *man)
1315{
1316 struct man_connection *mc = &man->connection;
1317 if (mc->ext_cert_state == EKS_SOLICIT)
1318 {
1319 mc->ext_cert_state = EKS_INPUT;
1320 mc->in_extra_cmd = IEC_CERTIFICATE;
1321 in_extra_reset(mc, IER_NEW);
1322 }
1323 else
1324 {
1325 msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1326 }
1327}
1328
1329static void
1330man_load_stats(struct management *man)
1331{
1332 extern counter_type link_read_bytes_global;
1333 extern counter_type link_write_bytes_global;
1334 int nclients = 0;
1335
1336 if (man->persist.callback.n_clients)
1337 {
1338 nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1339 }
1340 msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1341 nclients, link_read_bytes_global, link_write_bytes_global);
1342}
1343
1344#define MN_AT_LEAST (1 << 0)
1355static bool
1356man_need(struct management *man, const char **p, const int n, unsigned int flags)
1357{
1358 int i;
1359 ASSERT(p[0]);
1360 for (i = 1; i <= n; ++i)
1361 {
1362 if (!p[i])
1363 {
1364 msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s", p[0],
1365 (flags & MN_AT_LEAST) ? "at least " : "", n, n > 1 ? "s" : "");
1366 return false;
1367 }
1368 }
1369 return true;
1370}
1371
1372static void
1373man_proxy(struct management *man, const char **p)
1374{
1375 if (man->persist.callback.proxy_cmd)
1376 {
1377 const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1378 report_command_status(status, "proxy");
1379 }
1380 else
1381 {
1382 man_command_unsupported("proxy");
1383 }
1384}
1385
1386static void
1387man_remote(struct management *man, const char **p)
1388{
1389 if (man->persist.callback.remote_cmd)
1390 {
1391 const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1392 report_command_status(status, "remote");
1393 }
1394 else
1395 {
1396 man_command_unsupported("remote");
1397 }
1398}
1399
1400#ifdef TARGET_ANDROID
1401static void
1402man_network_change(struct management *man, bool samenetwork)
1403{
1404 /* Called to signal the OpenVPN that the network configuration has changed and
1405 * the client should either float or reconnect.
1406 *
1407 * The code is currently only used by ics-openvpn
1408 */
1409 if (man->persist.callback.network_change)
1410 {
1411 int fd = (*man->persist.callback.network_change)(man->persist.callback.arg, samenetwork);
1412 man->connection.fdtosend = fd;
1413 msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1414 if (fd == -2)
1415 {
1416 man_signal(man, "SIGUSR1");
1417 }
1418 }
1419}
1420#endif
1421
1422static void
1423set_client_version(struct management *man, const char *version)
1424{
1425 if (version)
1426 {
1427 man->connection.client_version = atoi(version);
1428 /* Until MCV_PKSIGN_ALG, we missed to respond to this command. Acknowledge only if version is newer */
1429 if (man->connection.client_version > MCV_PKSIGN_ALG)
1430 {
1431 msg(M_CLIENT, "SUCCESS: Management client version set to %d", man->connection.client_version);
1432 }
1433 }
1434 else
1435 {
1436 msg(M_CLIENT, "ERROR: Invalid value specified for management client version");
1437 }
1438}
1439
1440static void
1441man_push_update(struct management *man, const char **p, const push_update_type type)
1442{
1443 bool status = false;
1444
1445 if (type == UPT_BROADCAST)
1446 {
1447 if (!man->persist.callback.push_update_broadcast)
1448 {
1449 man_command_unsupported("push-update-broad");
1450 return;
1451 }
1452
1453 status = (*man->persist.callback.push_update_broadcast)(man->persist.callback.arg, p[1]);
1454 }
1455 else if (type == UPT_BY_CID)
1456 {
1457 if (!man->persist.callback.push_update_by_cid)
1458 {
1459 man_command_unsupported("push-update-cid");
1460 return;
1461 }
1462
1463 unsigned long cid = 0;
1464
1465 if (!parse_cid(p[1], &cid))
1466 {
1467 msg(M_CLIENT, "ERROR: push-update-cid fail during cid parsing");
1468 return;
1469 }
1470
1471 status = (*man->persist.callback.push_update_by_cid)(man->persist.callback.arg, cid, p[2]);
1472 }
1473
1474 if (status)
1475 {
1476 msg(M_CLIENT, "SUCCESS: push-update command succeeded");
1477 return;
1478 }
1479 msg(M_CLIENT, "ERROR: push-update command failed");
1480}
1481
1482static void
1483man_dispatch_command(struct management *man, struct status_output *so, const char **p,
1484 const int nparms)
1485{
1486 struct gc_arena gc = gc_new();
1487
1488 ASSERT(p[0]);
1489 if (streq(p[0], "exit") || streq(p[0], "quit"))
1490 {
1491 man->connection.halt = true;
1492 goto done;
1493 }
1494 else if (streq(p[0], "help"))
1495 {
1496 man_help();
1497 }
1498 else if (streq(p[0], "version") && p[1])
1499 {
1500 set_client_version(man, p[1]);
1501 }
1502 else if (streq(p[0], "version"))
1503 {
1504 msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1505 msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1506 msg(M_CLIENT, "END");
1507 }
1508 else if (streq(p[0], "pid"))
1509 {
1510 msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1511 }
1512 else if (streq(p[0], "nclients"))
1513 {
1514 man_client_n_clients(man);
1515 }
1516 else if (streq(p[0], "env-filter"))
1517 {
1518 int level = 0;
1519 if (p[1])
1520 {
1521 level = atoi(p[1]);
1522 }
1523 man_env_filter(man, level);
1524 }
1525 else if (streq(p[0], "signal"))
1526 {
1527 if (man_need(man, p, 1, 0))
1528 {
1529 man_signal(man, p[1]);
1530 }
1531 }
1532#ifdef TARGET_ANDROID
1533 else if (streq(p[0], "network-change"))
1534 {
1535 bool samenetwork = false;
1536 if (p[1] && streq(p[1], "samenetwork"))
1537 {
1538 samenetwork = true;
1539 }
1540
1541 man_network_change(man, samenetwork);
1542 }
1543#endif
1544 else if (streq(p[0], "load-stats"))
1545 {
1546 man_load_stats(man);
1547 }
1548 else if (streq(p[0], "status"))
1549 {
1550 int version = 0;
1551 if (p[1])
1552 {
1553 version = atoi(p[1]);
1554 }
1555 man_status(man, version, so);
1556 }
1557 else if (streq(p[0], "kill"))
1558 {
1559 if (man_need(man, p, 1, 0))
1560 {
1561 man_kill(man, p[1]);
1562 }
1563 }
1564 else if (streq(p[0], "verb"))
1565 {
1566 if (p[1])
1567 {
1568 const int level = atoi(p[1]);
1569 if (set_debug_level(level, 0))
1570 {
1571 msg(M_CLIENT, "SUCCESS: verb level changed");
1572 }
1573 else
1574 {
1575 msg(M_CLIENT, "ERROR: verb level is out of range");
1576 }
1577 }
1578 else
1579 {
1580 msg(M_CLIENT, "SUCCESS: verb=%u", get_debug_level());
1581 }
1582 }
1583 else if (streq(p[0], "mute"))
1584 {
1585 if (p[1])
1586 {
1587 const int level = atoi(p[1]);
1588 if (set_mute_cutoff(level))
1589 {
1590 msg(M_CLIENT, "SUCCESS: mute level changed");
1591 }
1592 else
1593 {
1594 msg(M_CLIENT, "ERROR: mute level is out of range");
1595 }
1596 }
1597 else
1598 {
1599 msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1600 }
1601 }
1602 else if (streq(p[0], "auth-retry"))
1603 {
1604 if (p[1])
1605 {
1606 if (auth_retry_set(M_CLIENT, p[1]))
1607 {
1608 msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1609 }
1610 else
1611 {
1612 msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1613 }
1614 }
1615 else
1616 {
1617 msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1618 }
1619 }
1620 else if (streq(p[0], "state"))
1621 {
1622 if (!p[1])
1623 {
1624 man_state(man, "1");
1625 }
1626 else
1627 {
1628 man_state(man, p[1]);
1629 if (p[2])
1630 {
1631 man_state(man, p[2]);
1632 }
1633 }
1634 }
1635 else if (streq(p[0], "log"))
1636 {
1637 if (man_need(man, p, 1, MN_AT_LEAST))
1638 {
1639 if (p[1])
1640 {
1641 man_log(man, p[1]);
1642 }
1643 if (p[2])
1644 {
1645 man_log(man, p[2]);
1646 }
1647 }
1648 }
1649 else if (streq(p[0], "echo"))
1650 {
1651 if (man_need(man, p, 1, MN_AT_LEAST))
1652 {
1653 if (p[1])
1654 {
1655 man_echo(man, p[1]);
1656 }
1657 if (p[2])
1658 {
1659 man_echo(man, p[2]);
1660 }
1661 }
1662 }
1663 else if (streq(p[0], "username"))
1664 {
1665 if (man_need(man, p, 2, 0))
1666 {
1667 man_query_username(man, p[1], p[2]);
1668 }
1669 }
1670 else if (streq(p[0], "password"))
1671 {
1672 if (man_need(man, p, 1, MN_AT_LEAST))
1673 {
1674 if (p[2])
1675 {
1676 man_query_password(man, p[1], p[2]);
1677 }
1678 else if (man->connection.client_version >= MCV_MULTILINE_PASSWORD)
1679 {
1680 man_query_password_base64(man, p[1]);
1681 }
1682 else
1683 {
1684 msg(M_CLIENT, "ERROR: the 'password' command requires 2 parameters");
1685 }
1686 }
1687 }
1688 else if (streq(p[0], "forget-passwords"))
1689 {
1690 man_forget_passwords(man);
1691 }
1692 else if (streq(p[0], "needok"))
1693 {
1694 if (man_need(man, p, 2, 0))
1695 {
1696 man_query_need_ok(man, p[1], p[2]);
1697 }
1698 }
1699 else if (streq(p[0], "needstr"))
1700 {
1701 if (man_need(man, p, 2, 0))
1702 {
1703 man_query_need_str(man, p[1], p[2]);
1704 }
1705 }
1706 else if (streq(p[0], "cr-response"))
1707 {
1708 if (man_need(man, p, 1, 0))
1709 {
1710 man_send_cc_message(man, "CR_RESPONSE", p[1]);
1711 }
1712 }
1713 else if (streq(p[0], "net"))
1714 {
1715 man_net(man);
1716 }
1717 else if (streq(p[0], "hold"))
1718 {
1719 man_hold(man, p[1]);
1720 }
1721 else if (streq(p[0], "bytecount"))
1722 {
1723 if (man_need(man, p, 1, 0))
1724 {
1725 man_bytecount(man, atoi(p[1]));
1726 }
1727 }
1728 else if (streq(p[0], "client-kill"))
1729 {
1730 if (man_need(man, p, 1, MN_AT_LEAST))
1731 {
1732 man_client_kill(man, p[1], p[2]);
1733 }
1734 }
1735 else if (streq(p[0], "client-deny"))
1736 {
1737 if (man_need(man, p, 3, MN_AT_LEAST))
1738 {
1739 man_client_deny(man, p[1], p[2], p[3], p[4]);
1740 }
1741 }
1742 else if (streq(p[0], "client-auth-nt"))
1743 {
1744 if (man_need(man, p, 2, 0))
1745 {
1746 man_client_auth(man, p[1], p[2], false);
1747 }
1748 }
1749 else if (streq(p[0], "client-auth"))
1750 {
1751 if (man_need(man, p, 2, 0))
1752 {
1753 man_client_auth(man, p[1], p[2], true);
1754 }
1755 }
1756 else if (streq(p[0], "client-pending-auth"))
1757 {
1758 if (man_need(man, p, 4, 0))
1759 {
1760 man_client_pending_auth(man, p[1], p[2], p[3], p[4]);
1761 }
1762 }
1763 else if (streq(p[0], "rsa-sig"))
1764 {
1765 man_pk_sig(man, "rsa-sig");
1766 }
1767 else if (streq(p[0], "pk-sig"))
1768 {
1769 man_pk_sig(man, "pk-sig");
1770 }
1771 else if (streq(p[0], "certificate"))
1772 {
1773 man_certificate(man);
1774 }
1775#ifdef ENABLE_PKCS11
1776 else if (streq(p[0], "pkcs11-id-count"))
1777 {
1778 man_pkcs11_id_count(man);
1779 }
1780 else if (streq(p[0], "pkcs11-id-get"))
1781 {
1782 if (man_need(man, p, 1, 0))
1783 {
1784 man_pkcs11_id_get(man, atoi(p[1]));
1785 }
1786 }
1787#endif
1788 else if (streq(p[0], "remote-entry-count"))
1789 {
1790 man_remote_entry_count(man);
1791 }
1792 else if (streq(p[0], "remote-entry-get"))
1793 {
1794 if (man_need(man, p, 1, MN_AT_LEAST))
1795 {
1796 man_remote_entry_get(man, p[1], p[2]);
1797 }
1798 }
1799 else if (streq(p[0], "proxy"))
1800 {
1801 if (man_need(man, p, 1, MN_AT_LEAST))
1802 {
1803 man_proxy(man, p);
1804 }
1805 }
1806 else if (streq(p[0], "remote"))
1807 {
1808 if (man_need(man, p, 1, MN_AT_LEAST))
1809 {
1810 man_remote(man, p);
1811 }
1812 }
1813 else if (streq(p[0], "push-update-broad"))
1814 {
1815 if (man_need(man, p, 1, 0))
1816 {
1817 man_push_update(man, p, UPT_BROADCAST);
1818 }
1819 }
1820 else if (streq(p[0], "push-update-cid"))
1821 {
1822 if (man_need(man, p, 2, 0))
1823 {
1824 man_push_update(man, p, UPT_BY_CID);
1825 }
1826 }
1827#if 1
1828 else if (streq(p[0], "test"))
1829 {
1830 if (man_need(man, p, 1, 0))
1831 {
1832 int i;
1833 const int n = atoi(p[1]);
1834 for (i = 0; i < n; ++i)
1835 {
1836 msg(M_CLIENT,
1837 "[%d] The purpose of this command is to generate large amounts of output.", i);
1838 }
1839 }
1840 }
1841#endif
1842 else
1843 {
1844 msg(M_CLIENT, "ERROR: unknown command [%s], enter 'help' for more options", p[0]);
1845 }
1846
1847done:
1848 gc_free(&gc);
1849}
1850
1851#ifdef _WIN32
1852
1853static void
1854man_start_ne32(struct management *man)
1855{
1856 switch (man->connection.state)
1857 {
1858 case MS_LISTEN:
1859 net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1860 break;
1861
1862 case MS_CC_WAIT_READ:
1863 case MS_CC_WAIT_WRITE:
1864 net_event_win32_start(&man->connection.ne32, FD_READ | FD_WRITE | FD_CLOSE,
1865 man->connection.sd_cli);
1866 break;
1867
1868 default:
1869 ASSERT(0);
1870 }
1871}
1872
1873static void
1874man_stop_ne32(struct management *man)
1875{
1876 net_event_win32_stop(&man->connection.ne32);
1877}
1878
1879#endif /* ifdef _WIN32 */
1880
1881static void
1882man_connection_settings_reset(struct management *man)
1883{
1884 man->connection.state_realtime = false;
1885 man->connection.log_realtime = false;
1886 man->connection.echo_realtime = false;
1887 man->connection.bytecount_update_seconds = 0;
1888 man->connection.password_verified = false;
1889 man->connection.password_tries = 0;
1890 man->connection.halt = false;
1891 man->connection.state = MS_CC_WAIT_WRITE;
1892}
1893
1894static void
1895man_new_connection_post(struct management *man, const char *description)
1896{
1897 struct gc_arena gc = gc_new();
1898
1899 set_nonblock(man->connection.sd_cli);
1900
1901 man_connection_settings_reset(man);
1902
1903#ifdef _WIN32
1904 man_start_ne32(man);
1905#endif
1906
1907#if UNIX_SOCK_SUPPORT
1908 if (man->settings.flags & MF_UNIX_SOCK)
1909 {
1910 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1911 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1912 }
1913 else
1914#endif
1915 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1916 {
1917 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1918 print_sockaddr(man->settings.local->ai_addr, &gc));
1919 }
1920 else
1921 {
1922 struct sockaddr_storage addr;
1923 socklen_t addrlen = sizeof(addr);
1924 if (!getpeername(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen))
1925 {
1926 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1927 print_sockaddr((struct sockaddr *)&addr, &gc));
1928 }
1929 else
1930 {
1931 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description, "unknown");
1932 }
1933 }
1934
1935 buffer_list_reset(man->connection.out);
1936
1937 if (!man_password_needed(man))
1938 {
1939 man_welcome(man);
1940 }
1941 man_prompt(man);
1942 man_update_io_state(man);
1943
1944 gc_free(&gc);
1945}
1946
1947#if UNIX_SOCK_SUPPORT
1948static bool
1949man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1950{
1951 if (socket_defined(sd) && (man->settings.user.user_valid || man->settings.group.group_valid))
1952 {
1953 static const char err_prefix[] =
1954 "MANAGEMENT: unix domain socket client connection rejected --";
1955 uid_t uid;
1956 gid_t gid;
1957 if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1958 {
1959 if (man->settings.user.user_valid && man->settings.user.uid != uid)
1960 {
1961 msg(D_MANAGEMENT,
1962 "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1963 err_prefix, uid, man->settings.user.uid);
1964 return false;
1965 }
1966 if (man->settings.group.group_valid && man->settings.group.gid != gid)
1967 {
1968 msg(D_MANAGEMENT,
1969 "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1970 err_prefix, gid, man->settings.group.gid);
1971 return false;
1972 }
1973 }
1974 else
1975 {
1976 msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1977 return false;
1978 }
1979 }
1980 return true;
1981}
1982#endif /* if UNIX_SOCK_SUPPORT */
1983
1984static void
1985man_accept(struct management *man)
1986{
1987 struct link_socket_actual act;
1988 CLEAR(act);
1989
1990 /*
1991 * Accept the TCP or Unix domain socket client.
1992 */
1993#if UNIX_SOCK_SUPPORT
1994 if (man->settings.flags & MF_UNIX_SOCK)
1995 {
1996 struct sockaddr_un remote;
1997 man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1998 if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1999 {
2000 sd_close(&man->connection.sd_cli);
2001 }
2002 }
2003 else
2004#endif
2005 {
2006 man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
2007 }
2008
2009 if (socket_defined(man->connection.sd_cli))
2010 {
2011 man->connection.remote = act.dest;
2012
2013 if (socket_defined(man->connection.sd_top))
2014 {
2015#ifdef _WIN32
2016 man_stop_ne32(man);
2017#endif
2018 }
2019
2020 man_new_connection_post(man, "Client connected from");
2021 }
2022}
2023
2024static void
2025man_listen(struct management *man)
2026{
2027 struct gc_arena gc = gc_new();
2028
2029 /*
2030 * Initialize state
2031 */
2032 man->connection.state = MS_LISTEN;
2033 man->connection.sd_cli = SOCKET_UNDEFINED;
2034
2035 /*
2036 * Initialize listening socket
2037 */
2038 if (man->connection.sd_top == SOCKET_UNDEFINED)
2039 {
2040#if UNIX_SOCK_SUPPORT
2041 if (man->settings.flags & MF_UNIX_SOCK)
2042 {
2043 man_delete_unix_socket(man);
2044 man->connection.sd_top = create_socket_unix();
2045 socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
2046 }
2047 else
2048#endif
2049 {
2050 man->connection.sd_top = create_socket_tcp(man->settings.local);
2051 socket_bind(man->connection.sd_top, man->settings.local, man->settings.local->ai_family,
2052 "MANAGEMENT", false);
2053 }
2054
2055 /*
2056 * Listen for connection
2057 */
2058 if (listen(man->connection.sd_top, 1))
2059 {
2060 msg(M_ERR, "MANAGEMENT: listen() failed");
2061 }
2062
2063 /*
2064 * Set misc socket properties
2065 */
2066 set_nonblock(man->connection.sd_top);
2067
2068#if UNIX_SOCK_SUPPORT
2069 if (man->settings.flags & MF_UNIX_SOCK)
2070 {
2071 msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
2072 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
2073 }
2074 else
2075#endif
2076 {
2077 const struct sockaddr *man_addr = man->settings.local->ai_addr;
2078 struct sockaddr_storage addr;
2079 socklen_t addrlen = sizeof(addr);
2080 if (!getsockname(man->connection.sd_top, (struct sockaddr *)&addr, &addrlen))
2081 {
2082 man_addr = (struct sockaddr *)&addr;
2083 }
2084 else
2085 {
2086 msg(M_WARN | M_ERRNO, "Failed to get the management socket address");
2087 }
2088 msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
2089 print_sockaddr(man_addr, &gc));
2090 }
2091 }
2092
2093#ifdef _WIN32
2094 man_start_ne32(man);
2095#endif
2096
2097 gc_free(&gc);
2098}
2099
2100static void
2101man_connect(struct management *man)
2102{
2103 struct gc_arena gc = gc_new();
2104 int status;
2105 int signal_received = 0;
2106
2107 /*
2108 * Initialize state
2109 */
2110 man->connection.state = MS_INITIAL;
2111 man->connection.sd_top = SOCKET_UNDEFINED;
2112
2113#if UNIX_SOCK_SUPPORT
2114 if (man->settings.flags & MF_UNIX_SOCK)
2115 {
2116 man->connection.sd_cli = create_socket_unix();
2117 status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
2118 if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
2119 {
2120#ifdef EPERM
2121 status = EPERM;
2122#else
2123 status = 1;
2124#endif
2125 sd_close(&man->connection.sd_cli);
2126 }
2127 }
2128 else
2129#endif
2130 {
2131 man->connection.sd_cli = create_socket_tcp(man->settings.local);
2132 status = openvpn_connect(man->connection.sd_cli, man->settings.local->ai_addr, 5,
2133 &signal_received);
2134 }
2135
2136 if (signal_received)
2137 {
2138 throw_signal(signal_received);
2139 goto done;
2140 }
2141
2142 if (status)
2143 {
2144#if UNIX_SOCK_SUPPORT
2145 if (man->settings.flags & MF_UNIX_SOCK)
2146 {
2147 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to unix socket %s failed",
2148 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
2149 }
2150 else
2151#endif
2152 {
2153 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to %s failed",
2154 print_sockaddr(man->settings.local->ai_addr, &gc));
2155 }
2156 throw_signal_soft(SIGTERM, "management-connect-failed");
2157 goto done;
2158 }
2159
2160 man_new_connection_post(man, "Connected to management server at");
2161
2162done:
2163 gc_free(&gc);
2164}
2165
2166static void
2167man_reset_client_socket(struct management *man, const bool exiting)
2168{
2169 if (socket_defined(man->connection.sd_cli))
2170 {
2171 man_bytecount_stop(man);
2172#ifdef _WIN32
2173 man_stop_ne32(man);
2174#endif
2175 man_close_socket(man, man->connection.sd_cli);
2176 man->connection.sd_cli = SOCKET_UNDEFINED;
2177 man->connection.state = MS_INITIAL;
2178 command_line_reset(man->connection.in);
2179 buffer_list_reset(man->connection.out);
2180 in_extra_reset(&man->connection, IER_RESET);
2181 msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
2182 }
2183 if (!exiting)
2184 {
2185 if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man))
2186 {
2187 msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect");
2188 ssl_purge_auth(false);
2189 (void)ssl_clean_auth_token();
2190 }
2191
2192 if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
2193 {
2194 int mysig = man_mod_signal(man, SIGUSR1);
2195 if (mysig >= 0)
2196 {
2197 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
2198 throw_signal_soft(mysig, "management-disconnect");
2199 }
2200 }
2201
2202 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2203 {
2204 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
2205 throw_signal_soft(SIGTERM, "management-exit");
2206 }
2207 else
2208 {
2209 man_listen(man);
2210 }
2211 }
2212}
2213
2214static void
2215man_process_command(struct management *man, const char *line)
2216{
2217 struct gc_arena gc = gc_new();
2218 struct status_output *so;
2219 int nparms;
2220 char *parms[MAX_PARMS + 1];
2221
2222 CLEAR(parms);
2223 so = status_open(NULL, 0, -1, &man->persist.vout, 0);
2224 in_extra_reset(&man->connection, IER_RESET);
2225
2226 if (man_password_needed(man))
2227 {
2228 man_check_password(man, line);
2229 }
2230 else
2231 {
2232 nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
2233 if (parms[0] && streq(parms[0], "password"))
2234 {
2235 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
2236 }
2237 else if (!streq(line, "load-stats"))
2238 {
2239 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
2240 }
2241
2242#if 0
2243 /* DEBUGGING -- print args */
2244 {
2245 int i;
2246 for (i = 0; i < nparms; ++i)
2247 {
2248 msg(M_INFO, "[%d] '%s'", i, parms[i]);
2249 }
2250 }
2251#endif
2252
2253 if (nparms > 0)
2254 {
2255 man_dispatch_command(man, so, (const char **)parms, nparms);
2256 }
2257 }
2258
2259 CLEAR(parms);
2260 status_close(so);
2261 gc_free(&gc);
2262}
2263
2264static bool
2265man_io_error(struct management *man, const char *prefix)
2266{
2267 bool crt_error = false;
2268 int err = openvpn_errno_maybe_crt(&crt_error);
2269
2270 if (!ignore_sys_error(err, crt_error))
2271 {
2272 struct gc_arena gc = gc_new();
2273 msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix, strerror(err));
2274 gc_free(&gc);
2275 return true;
2276 }
2277 else
2278 {
2279 return false;
2280 }
2281}
2282
2283#ifdef TARGET_ANDROID
2284static ssize_t
2285man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2286{
2287 struct msghdr msg = { 0 };
2288 struct iovec iov[1];
2289
2290 union
2291 {
2292 struct cmsghdr cm;
2293 char control[CMSG_SPACE(sizeof(int))];
2294 } control_un;
2295 struct cmsghdr *cmptr;
2296
2297 msg.msg_control = control_un.control;
2298 msg.msg_controllen = sizeof(control_un.control);
2299
2300 cmptr = CMSG_FIRSTHDR(&msg);
2301 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2302 cmptr->cmsg_level = SOL_SOCKET;
2303 cmptr->cmsg_type = SCM_RIGHTS;
2304 *((int *)CMSG_DATA(cmptr)) = sendfd;
2305
2306 msg.msg_name = NULL;
2307 msg.msg_namelen = 0;
2308
2309 iov[0].iov_base = ptr;
2310 iov[0].iov_len = nbytes;
2311 msg.msg_iov = iov;
2312 msg.msg_iovlen = 1;
2313
2314 return (sendmsg(fd, &msg, flags));
2315}
2316
2317static ssize_t
2318man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2319{
2320 struct msghdr msghdr = { 0 };
2321 struct iovec iov[1];
2322 ssize_t n;
2323
2324 union
2325 {
2326 struct cmsghdr cm;
2327 char control[CMSG_SPACE(sizeof(int))];
2328 } control_un;
2329 struct cmsghdr *cmptr;
2330
2331 msghdr.msg_control = control_un.control;
2332 msghdr.msg_controllen = sizeof(control_un.control);
2333
2334 msghdr.msg_name = NULL;
2335 msghdr.msg_namelen = 0;
2336
2337 iov[0].iov_base = ptr;
2338 iov[0].iov_len = nbytes;
2339 msghdr.msg_iov = iov;
2340 msghdr.msg_iovlen = 1;
2341
2342 if ((n = recvmsg(fd, &msghdr, flags)) <= 0)
2343 {
2344 return (n);
2345 }
2346
2347 if ((cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2348 {
2349 if (cmptr->cmsg_level != SOL_SOCKET)
2350 {
2351 msg(M_ERR, "control level != SOL_SOCKET");
2352 }
2353 if (cmptr->cmsg_type != SCM_RIGHTS)
2354 {
2355 msg(M_ERR, "control type != SCM_RIGHTS");
2356 }
2357 *recvfd = *((int *)CMSG_DATA(cmptr));
2358 }
2359 else
2360 {
2361 *recvfd = -1; /* descriptor was not passed */
2362 }
2363 return (n);
2364}
2365
2366/*
2367 * The android control method will instruct the GUI part of openvpn to do
2368 * the route/ifconfig/open tun command. See doc/android.txt for details.
2369 */
2370bool
2371management_android_control(struct management *man, const char *command, const char *msg)
2372{
2373 if (!man)
2374 {
2375 msg(M_FATAL, "Required management interface not available.");
2376 }
2377 struct user_pass up;
2378 CLEAR(up);
2379 strncpy(up.username, msg, sizeof(up.username) - 1);
2380
2381 management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK, (void *)0);
2382 return strcmp("ok", up.password) == 0;
2383}
2384
2385/*
2386 * In Android 4.4 it is not possible to open a new tun device and then close the
2387 * old tun device without breaking the whole VPNService stack until the device
2388 * is rebooted. This management method ask the UI what method should be taken to
2389 * ensure the optimal solution for the situation
2390 */
2391int
2392managment_android_persisttun_action(struct management *man)
2393{
2394 struct user_pass up;
2395 CLEAR(up);
2396 strcpy(up.username, "tunmethod");
2397 management_query_user_pass(management, &up, "PERSIST_TUN_ACTION", GET_USER_PASS_NEED_OK,
2398 (void *)0);
2399 if (!strcmp("NOACTION", up.password))
2400 {
2401 return ANDROID_KEEP_OLD_TUN;
2402 }
2403 else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2404 {
2405 return ANDROID_OPEN_BEFORE_CLOSE;
2406 }
2407 else
2408 {
2409 msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query",
2410 up.password);
2411 }
2412
2413 ASSERT(0);
2414 return ANDROID_OPEN_BEFORE_CLOSE;
2415}
2416
2417
2418#endif /* ifdef TARGET_ANDROID */
2419
2420static ssize_t
2421man_read(struct management *man)
2422{
2423 /*
2424 * read command line from socket
2425 */
2426 unsigned char buf[256];
2427 ssize_t len = 0;
2428
2429#ifdef TARGET_ANDROID
2430 int fd;
2431 len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2432 if (fd >= 0)
2433 {
2434 man->connection.lastfdreceived = fd;
2435 }
2436#else /* ifdef TARGET_ANDROID */
2437 len = recv(man->connection.sd_cli, (void *)buf, sizeof(buf), MSG_NOSIGNAL);
2438#endif
2439
2440 if (len == 0)
2441 {
2442 man_reset_client_socket(man, false);
2443 }
2444 else if (len > 0)
2445 {
2446 bool processed_command = false;
2447
2448 ASSERT(len <= (ssize_t)sizeof(buf));
2449 command_line_add(man->connection.in, buf, (size_t)len);
2450
2451 /*
2452 * Reset output object
2453 */
2454 buffer_list_reset(man->connection.out);
2455
2456 /*
2457 * process command line if complete
2458 */
2459 {
2460 const char *line;
2461 while ((line = command_line_get(man->connection.in)))
2462 {
2463 if (man->connection.in_extra)
2464 {
2465 if (!strcmp(line, "END"))
2466 {
2467 in_extra_dispatch(man);
2468 }
2469 else
2470 {
2471 buffer_list_push(man->connection.in_extra, line);
2472 }
2473 }
2474 else
2475 {
2476 man_process_command(man, (char *)line);
2477 }
2478 if (man->connection.halt)
2479 {
2480 break;
2481 }
2482 command_line_next(man->connection.in);
2483 processed_command = true;
2484 }
2485 }
2486
2487 /*
2488 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2489 */
2490 if (man->connection.halt)
2491 {
2492 man_reset_client_socket(man, false);
2493 len = 0;
2494 }
2495 else
2496 {
2497 if (processed_command)
2498 {
2499 man_prompt(man);
2500 }
2501 man_update_io_state(man);
2502 }
2503 }
2504 else /* len < 0 */
2505 {
2506 if (man_io_error(man, "recv"))
2507 {
2508 man_reset_client_socket(man, false);
2509 }
2510 }
2511 return len;
2512}
2513
2514static ssize_t
2515man_write(struct management *man)
2516{
2517 const int size_hint = 1024;
2518 ssize_t sent = 0;
2519 const struct buffer *buf;
2520
2521 buffer_list_aggregate(man->connection.out, size_hint);
2522 buf = buffer_list_peek(man->connection.out);
2523 if (buf && BLEN(buf))
2524 {
2525 const int len = min_int(size_hint, BLEN(buf));
2526#ifdef TARGET_ANDROID
2527 if (man->connection.fdtosend > 0)
2528 {
2529 sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,
2530 man->connection.fdtosend);
2531 man->connection.fdtosend = -1;
2532 }
2533 else
2534#endif
2535 {
2536 sent = send(man->connection.sd_cli, (const void *)BPTR(buf), len, MSG_NOSIGNAL);
2537 }
2538 if (sent >= 0)
2539 {
2540 buffer_list_advance(man->connection.out, sent);
2541 }
2542 else
2543 {
2544 if (man_io_error(man, "send"))
2545 {
2546 man_reset_client_socket(man, false);
2547 }
2548 }
2549 }
2550
2551 /*
2552 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2553 */
2554 man_update_io_state(man);
2555
2556 return sent;
2557}
2558
2559static void
2560man_connection_clear(struct man_connection *mc)
2561{
2562 CLEAR(*mc);
2563
2564 /* set initial state */
2565 mc->state = MS_INITIAL;
2566
2567 /* clear socket descriptors */
2568 mc->sd_top = SOCKET_UNDEFINED;
2569 mc->sd_cli = SOCKET_UNDEFINED;
2570}
2571
2572static void
2573man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size,
2574 const int state_buffer_size)
2575{
2576 struct man_persist *mp = &man->persist;
2577 if (!mp->defined)
2578 {
2579 CLEAR(*mp);
2580
2581 /* initialize log history store */
2582 mp->log = log_history_init(log_history_cache);
2583
2584 /*
2585 * Initialize virtual output object, so that functions
2586 * which write to a virtual_output object can be redirected
2587 * here to the management object.
2588 */
2589 mp->vout.func = virtual_output_callback_func;
2590 mp->vout.arg = man;
2591 mp->vout.flags_default = M_CLIENT;
2592 msg_set_virtual_output(&mp->vout);
2593
2594 /*
2595 * Initialize --echo list
2596 */
2597 man->persist.echo = log_history_init(echo_buffer_size);
2598
2599 /*
2600 * Initialize --state list
2601 */
2602 man->persist.state = log_history_init(state_buffer_size);
2603
2604 mp->defined = true;
2605 }
2606}
2607
2608static void
2609man_persist_close(struct man_persist *mp)
2610{
2611 if (mp->log)
2612 {
2613 msg_set_virtual_output(NULL);
2614 log_history_close(mp->log);
2615 }
2616
2617 if (mp->echo)
2618 {
2619 log_history_close(mp->echo);
2620 }
2621
2622 if (mp->state)
2623 {
2624 log_history_close(mp->state);
2625 }
2626
2627 CLEAR(*mp);
2628}
2629
2630static void
2631man_settings_init(struct man_settings *ms, const char *addr, const char *port,
2632 const char *pass_file, const char *client_user, const char *client_group,
2633 const int log_history_cache, const int echo_buffer_size,
2634 const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
2635{
2636 if (!ms->defined)
2637 {
2638 CLEAR(*ms);
2639
2640 ms->flags = flags;
2641
2642 /*
2643 * Get username/password
2644 */
2645 if (pass_file)
2646 {
2647 get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2648 }
2649
2650#if UNIX_SOCK_SUPPORT
2651 /*
2652 * lookup client UID/GID if specified
2653 */
2654 if (client_user)
2655 {
2656 ASSERT(platform_user_get(client_user, &ms->user));
2657 msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->user.uid);
2658 }
2659 if (client_group)
2660 {
2661 ASSERT(platform_group_get(client_group, &ms->group));
2662 msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->group.gid);
2663 }
2664
2665 if (ms->flags & MF_UNIX_SOCK)
2666 {
2667 sockaddr_unix_init(&ms->local_unix, addr);
2668 }
2669 else
2670#endif
2671 {
2672 /*
2673 * Run management over tunnel, or
2674 * separate channel?
2675 */
2676 if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2677 {
2678 ms->management_over_tunnel = true;
2679 }
2680 else
2681 {
2682 int status;
2683 int resolve_flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL;
2684
2685 if (!(flags & MF_CONNECT_AS_CLIENT))
2686 {
2687 resolve_flags |= GETADDR_PASSIVE;
2688 }
2689
2690 status =
2691 openvpn_getaddrinfo(resolve_flags, addr, port, 0, NULL, AF_UNSPEC, &ms->local);
2692 ASSERT(status == 0);
2693 }
2694 }
2695
2696 /*
2697 * Log history and echo buffer may need to be resized
2698 */
2699 ms->log_history_cache = log_history_cache;
2700 ms->echo_buffer_size = echo_buffer_size;
2701 ms->state_buffer_size = state_buffer_size;
2702
2703 /*
2704 * Set remap sigusr1 flags
2705 */
2706 if (remap_sigusr1 == SIGHUP)
2707 {
2708 ms->mansig |= MANSIG_MAP_USR1_TO_HUP;
2709 }
2710 else if (remap_sigusr1 == SIGTERM)
2711 {
2712 ms->mansig |= MANSIG_MAP_USR1_TO_TERM;
2713 }
2714
2715 ms->defined = true;
2716 }
2717}
2718
2719static void
2720man_settings_close(struct man_settings *ms)
2721{
2722 if (ms->local)
2723 {
2724 freeaddrinfo(ms->local);
2725 }
2726 CLEAR(*ms);
2727}
2728
2729
2730static void
2731man_connection_init(struct management *man)
2732{
2733 if (man->connection.state == MS_INITIAL)
2734 {
2735#ifdef _WIN32
2736 /*
2737 * This object is a sort of TCP/IP helper
2738 * for Windows.
2739 */
2740 net_event_win32_init(&man->connection.ne32);
2741#endif
2742
2743 /*
2744 * Allocate helper objects for command line input and
2745 * command output from/to the socket.
2746 */
2747 man->connection.in = command_line_new(1024);
2748 man->connection.out = buffer_list_new();
2749
2750 /*
2751 * Initialize event set for standalone usage, when we are
2752 * running outside of the primary event loop.
2753 */
2754 {
2755 int maxevents = 1;
2756 man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2757 }
2758
2759 man->connection.client_version = MCV_DEFAULT; /* default version */
2760
2761 /*
2762 * Listen/connect socket
2763 */
2764 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2765 {
2766 man_connect(man);
2767 }
2768 else
2769 {
2770 man_listen(man);
2771 }
2772 }
2773}
2774
2775static void
2776man_connection_close(struct management *man)
2777{
2778 struct man_connection *mc = &man->connection;
2779
2780 event_free(mc->es);
2781#ifdef _WIN32
2782 net_event_win32_close(&mc->ne32);
2783#endif
2784 if (socket_defined(mc->sd_top))
2785 {
2786 man_close_socket(man, mc->sd_top);
2787 man_delete_unix_socket(man);
2788 }
2789 if (socket_defined(mc->sd_cli))
2790 {
2791 man_close_socket(man, mc->sd_cli);
2792 }
2793
2794 command_line_free(mc->in);
2795 buffer_list_free(mc->out);
2796
2797 event_timeout_clear(&mc->bytecount_update_interval);
2798
2799 in_extra_reset(&man->connection, IER_RESET);
2800 buffer_list_free(mc->ext_key_input);
2801 man_connection_clear(mc);
2802}
2803
2804struct management *
2805management_init(void)
2806{
2807 struct management *man;
2808 ALLOC_OBJ_CLEAR(man, struct management);
2809
2810 man_persist_init(man, MANAGEMENT_LOG_HISTORY_INITIAL_SIZE, MANAGEMENT_ECHO_BUFFER_SIZE,
2811 MANAGEMENT_STATE_BUFFER_SIZE);
2812
2813 man_connection_clear(&man->connection);
2814
2815 return man;
2816}
2817
2818bool
2819management_open(struct management *man, const char *addr, const char *port, const char *pass_file,
2820 const char *client_user, const char *client_group, const int log_history_cache,
2821 const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1,
2822 const unsigned int flags)
2823{
2824 bool ret = false;
2825
2826 /*
2827 * Save the settings only if they have not
2828 * been saved before.
2829 */
2830 man_settings_init(&man->settings, addr, port, pass_file, client_user, client_group,
2831 log_history_cache, echo_buffer_size, state_buffer_size, remap_sigusr1, flags);
2832
2833 /*
2834 * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2835 * but may be changed here. Ditto for echo and state buffers.
2836 */
2837 log_history_resize(man->persist.log, man->settings.log_history_cache);
2838 log_history_resize(man->persist.echo, man->settings.echo_buffer_size);
2839 log_history_resize(man->persist.state, man->settings.state_buffer_size);
2840
2841 /*
2842 * If connection object is uninitialized and we are not doing
2843 * over-the-tunnel management, then open (listening) connection.
2844 */
2845 if (man->connection.state == MS_INITIAL)
2846 {
2847 if (!man->settings.management_over_tunnel)
2848 {
2849 man_connection_init(man);
2850 ret = true;
2851 }
2852 }
2853
2854 return ret;
2855}
2856
2857void
2858management_close(struct management *man)
2859{
2860 man_output_list_push_finalize(man); /* flush output queue */
2861 man_connection_close(man);
2862 man_settings_close(&man->settings);
2863 man_persist_close(&man->persist);
2864 free(man);
2865}
2866
2867void
2868management_set_callback(struct management *man, const struct management_callback *cb)
2869{
2870 man->persist.standalone_disabled = true;
2871 man->persist.callback = *cb;
2872}
2873
2874void
2875management_clear_callback(struct management *man)
2876{
2877 man->persist.standalone_disabled = false;
2878 man->persist.hold_release = false;
2879 CLEAR(man->persist.callback);
2880 man_output_list_push_finalize(man); /* flush output queue */
2881}
2882
2883void
2884management_set_state(struct management *man, const int state, const char *detail,
2885 const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6,
2886 const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
2887{
2888 if (man->persist.state
2889 && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2890 {
2891 struct gc_arena gc = gc_new();
2892 struct log_entry e;
2893 const char *out = NULL;
2894
2895 update_time();
2896 CLEAR(e);
2897 e.timestamp = now;
2898 e.u.state = state;
2899 e.string = detail;
2900 if (tun_local_ip)
2901 {
2902 e.local_ip = *tun_local_ip;
2903 }
2904 if (tun_local_ip6)
2905 {
2906 e.local_ip6 = *tun_local_ip6;
2907 }
2908 if (local)
2909 {
2910 e.local_sock = *local;
2911 }
2912 if (remote)
2913 {
2914 e.remote_sock = *remote;
2915 }
2916
2917 log_history_add(man->persist.state, &e);
2918
2919 if (man->connection.state_realtime)
2920 {
2921 out = log_entry_print(&e,
2922 LOG_PRINT_STATE_PREFIX | LOG_PRINT_INT_DATE | LOG_PRINT_STATE
2923 | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP | LOG_PRINT_CRLF
2924 | LOG_ECHO_TO_LOG,
2925 &gc);
2926 }
2927
2928 if (out)
2929 {
2930 man_output_list_push(man, out);
2931 }
2932
2933 gc_free(&gc);
2934 }
2935}
2936
2937static bool
2938env_filter_match(const char *env_str, const int env_filter_level)
2939{
2940 static const char *env_names[] = { "username=",
2941 "password=",
2942 "X509_0_CN=",
2943 "tls_serial_",
2944 "untrusted_ip=",
2945 "ifconfig_local=",
2946 "ifconfig_netmask=",
2947 "daemon_start_time=",
2948 "daemon_pid=",
2949 "dev=",
2950 "ifconfig_pool_remote_ip=",
2951 "ifconfig_pool_netmask=",
2952 "time_duration=",
2953 "bytes_sent=",
2954 "bytes_received=",
2955 "session_id=",
2956 "session_state=" };
2957
2958 if (env_filter_level == 0)
2959 {
2960 return true;
2961 }
2962 else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2963 {
2964 return true;
2965 }
2966 else if (env_filter_level <= 2)
2967 {
2968 size_t i;
2969 for (i = 0; i < SIZE(env_names); ++i)
2970 {
2971 const char *en = env_names[i];
2972 const size_t len = strlen(en);
2973 if (!strncmp(env_str, en, len))
2974 {
2975 return true;
2976 }
2977 }
2978 return false;
2979 }
2980 return false;
2981}
2982
2983static void
2984man_output_env(const struct env_set *es, const bool tail, const int env_filter_level,
2985 const char *prefix)
2986{
2987 if (es)
2988 {
2989 struct env_item *e;
2990 for (e = es->list; e != NULL; e = e->next)
2991 {
2992 if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2993 {
2994 msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2995 }
2996 }
2997 }
2998 if (tail)
2999 {
3000 msg(M_CLIENT, ">%s:ENV,END", prefix);
3001 }
3002}
3003
3004static void
3005man_output_extra_env(struct management *man, const char *prefix)
3006{
3007 struct gc_arena gc = gc_new();
3008 struct env_set *es = env_set_create(&gc);
3009 if (man->persist.callback.n_clients)
3010 {
3011 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
3012 setenv_int(es, "n_clients", nclients);
3013 }
3014 man_output_env(es, false, man->connection.env_filter_level, prefix);
3015 gc_free(&gc);
3016}
3017
3018void
3019management_up_down(struct management *man, const char *updown, const struct env_set *es)
3020{
3021 if (man->settings.flags & MF_UP_DOWN)
3022 {
3023 msg(M_CLIENT, ">UPDOWN:%s", updown);
3024 man_output_env(es, true, 0, "UPDOWN");
3025 }
3026}
3027
3028void
3029management_notify(struct management *man, const char *severity, const char *type, const char *text)
3030{
3031 msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
3032}
3033
3034void
3035management_notify_generic(struct management *man, const char *str)
3036{
3037 msg(M_CLIENT, "%s", str);
3038}
3039
3040static void
3041man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
3042{
3043 char line[256];
3044 if (man->persist.callback.get_peer_info)
3045 {
3046 const char *peer_info =
3047 (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
3048 if (peer_info)
3049 {
3050 struct buffer buf;
3051 buf_set_read(&buf, (const uint8_t *)peer_info, strlen(peer_info));
3052 while (buf_parse(&buf, '\n', line, sizeof(line)))
3053 {
3054 chomp(line);
3055 if (validate_peer_info_line(line))
3056 {
3057 msg(M_CLIENT, ">CLIENT:ENV,%s", line);
3058 }
3059 else
3060 {
3061 msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
3062 }
3063 }
3064 }
3065 }
3066}
3067
3068void
3069management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id,
3070 struct man_def_auth_context *mdac, const struct env_set *es)
3071{
3072 if (!(mdac->flags & DAF_CONNECTION_CLOSED))
3073 {
3074 const char *mode = "CONNECT";
3075 if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
3076 {
3077 mode = "REAUTH";
3078 }
3079 msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
3080 man_output_extra_env(management, "CLIENT");
3081 if (management->connection.env_filter_level > 0)
3082 {
3083 man_output_peer_info_env(management, mdac);
3084 }
3085 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3086 mdac->flags |= DAF_INITIAL_AUTH;
3087 }
3088}
3089
3090void
3091management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac,
3092 const struct env_set *es, const char *response)
3093{
3094 struct gc_arena gc;
3095 if (management)
3096 {
3097 gc = gc_new();
3098
3099 msg(M_CLIENT, ">CLIENT:CR_RESPONSE,%lu,%u,%s", mdac->cid, mda_key_id, response);
3100 man_output_extra_env(management, "CLIENT");
3101 if (management->connection.env_filter_level > 0)
3102 {
3103 man_output_peer_info_env(management, mdac);
3104 }
3105 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3106 gc_free(&gc);
3107 }
3108}
3109
3110void
3111management_connection_established(struct management *management, struct man_def_auth_context *mdac,
3112 const struct env_set *es)
3113{
3114 mdac->flags |= DAF_CONNECTION_ESTABLISHED;
3115 msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
3116 man_output_extra_env(management, "CLIENT");
3117 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3118}
3119
3120void
3121management_notify_client_close(struct management *management, struct man_def_auth_context *mdac,
3122 const struct env_set *es)
3123{
3124 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3125 {
3126 msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
3127 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3128 mdac->flags |= DAF_CONNECTION_CLOSED;
3129 }
3130}
3131
3132void
3133management_learn_addr(struct management *management, struct man_def_auth_context *mdac,
3134 const struct mroute_addr *addr, const bool primary)
3135{
3136 struct gc_arena gc = gc_new();
3137 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3138 {
3139 msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d", mdac->cid,
3140 mroute_addr_print_ex(addr, MAPF_SUBNET, &gc), BOOL_CAST(primary));
3141 }
3142 gc_free(&gc);
3143}
3144
3145void
3146management_echo(struct management *man, const char *string, const bool pull)
3147{
3148 if (man->persist.echo)
3149 {
3150 struct gc_arena gc = gc_new();
3151 struct log_entry e;
3152 const char *out = NULL;
3153
3154 update_time();
3155 CLEAR(e);
3156 e.timestamp = now;
3157 e.string = string;
3158 e.u.intval = BOOL_CAST(pull);
3159
3160 log_history_add(man->persist.echo, &e);
3161
3162 if (man->connection.echo_realtime)
3163 {
3164 out = log_entry_print(&e,
3165 LOG_PRINT_INT_DATE | LOG_PRINT_ECHO_PREFIX | LOG_PRINT_CRLF
3166 | MANAGEMENT_ECHO_FLAGS,
3167 &gc);
3168 }
3169
3170 if (out)
3171 {
3172 man_output_list_push(man, out);
3173 }
3174
3175 gc_free(&gc);
3176 }
3177}
3178
3179void
3180management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
3181{
3182 /*
3183 * If we are running management over the tunnel,
3184 * this is the place to initialize the connection.
3185 */
3186 if (man->settings.management_over_tunnel && man->connection.state == MS_INITIAL)
3187 {
3188 /* listen on our local TUN/TAP IP address */
3189 struct in_addr ia;
3190 int ret;
3191 char buf[INET_ADDRSTRLEN];
3192
3193 ia.s_addr = htonl(tun_local_ip);
3194 inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3195 ret =
3196 openvpn_getaddrinfo(GETADDR_PASSIVE, buf, NULL, 0, NULL, AF_INET, &man->settings.local);
3197 ASSERT(ret == 0);
3198 man_connection_init(man);
3199 }
3200}
3201
3202void
3203management_pre_tunnel_close(struct management *man)
3204{
3205 if (man->settings.management_over_tunnel)
3206 {
3207 man_connection_close(man);
3208 }
3209}
3210
3211void
3212management_auth_failure(struct management *man, const char *type, const char *reason)
3213{
3214 if (reason)
3215 {
3216 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3217 }
3218 else
3219 {
3220 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3221 }
3222}
3223
3224void
3225management_auth_token(struct management *man, const char *token)
3226{
3227 msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3228}
3229
3230static inline bool
3231man_persist_state(unsigned int *persistent, const int n)
3232{
3233 if (persistent)
3234 {
3235 if (*persistent == (unsigned int)n)
3236 {
3237 return false;
3238 }
3239 *persistent = n;
3240 }
3241 return true;
3242}
3243
3244#ifdef _WIN32
3245
3246void
3247management_socket_set(struct management *man, struct event_set *es, void *arg,
3248 unsigned int *persistent)
3249{
3250 if (man->connection.state != MS_INITIAL)
3251 {
3252 event_t ev = net_event_win32_get_event(&man->connection.ne32);
3253 net_event_win32_reset_write(&man->connection.ne32);
3254
3255 switch (man->connection.state)
3256 {
3257 case MS_LISTEN:
3258 if (man_persist_state(persistent, 1))
3259 {
3260 event_ctl(es, ev, EVENT_READ, arg);
3261 }
3262 break;
3263
3264 case MS_CC_WAIT_READ:
3265 if (man_persist_state(persistent, 2))
3266 {
3267 event_ctl(es, ev, EVENT_READ, arg);
3268 }
3269 break;
3270
3271 case MS_CC_WAIT_WRITE:
3272 if (man_persist_state(persistent, 3))
3273 {
3274 event_ctl(es, ev, EVENT_READ | EVENT_WRITE, arg);
3275 }
3276 break;
3277
3278 default:
3279 ASSERT(0);
3280 }
3281 }
3282}
3283
3284void
3285management_io(struct management *man)
3286{
3287 if (man->connection.state != MS_INITIAL)
3288 {
3289 long net_events;
3290 net_event_win32_reset(&man->connection.ne32);
3291 net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3292
3293 if (net_events & FD_CLOSE)
3294 {
3295 man_reset_client_socket(man, false);
3296 }
3297 else
3298 {
3299 if (man->connection.state == MS_LISTEN)
3300 {
3301 if (net_events & FD_ACCEPT)
3302 {
3303 man_accept(man);
3304 net_event_win32_clear_selected_events(&man->connection.ne32, FD_ACCEPT);
3305 }
3306 }
3307 else if (man->connection.state == MS_CC_WAIT_READ
3308 || man->connection.state == MS_CC_WAIT_WRITE)
3309 {
3310 if (net_events & FD_READ)
3311 {
3312 while (man_read(man) > 0)
3313 {
3314 }
3315 net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
3316 }
3317
3318 if (net_events & FD_WRITE)
3319 {
3320 ssize_t status = man_write(man);
3321 if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3322 {
3323 net_event_win32_clear_selected_events(&man->connection.ne32, FD_WRITE);
3324 }
3325 }
3326 }
3327 }
3328 }
3329}
3330
3331#else /* ifdef _WIN32 */
3332
3333void
3334management_socket_set(struct management *man, struct event_set *es, void *arg,
3335 unsigned int *persistent)
3336{
3337 switch (man->connection.state)
3338 {
3339 case MS_LISTEN:
3340 if (man_persist_state(persistent, 1))
3341 {
3342 event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3343 }
3344 break;
3345
3346 case MS_CC_WAIT_READ:
3347 if (man_persist_state(persistent, 2))
3348 {
3349 event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3350 }
3351 break;
3352
3353 case MS_CC_WAIT_WRITE:
3354 if (man_persist_state(persistent, 3))
3355 {
3356 event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3357 }
3358 break;
3359
3360 case MS_INITIAL:
3361 break;
3362
3363 default:
3364 ASSERT(0);
3365 }
3366}
3367
3368void
3369management_io(struct management *man)
3370{
3371 switch (man->connection.state)
3372 {
3373 case MS_LISTEN:
3374 man_accept(man);
3375 break;
3376
3377 case MS_CC_WAIT_READ:
3378 man_read(man);
3379 break;
3380
3381 case MS_CC_WAIT_WRITE:
3382 man_write(man);
3383 break;
3384
3385 case MS_INITIAL:
3386 break;
3387
3388 default:
3389 ASSERT(0);
3390 }
3391}
3392
3393#endif /* ifdef _WIN32 */
3394
3395static inline bool
3396man_standalone_ok(const struct management *man)
3397{
3398 return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3399}
3400
3401static bool
3402man_check_for_signals(volatile int *signal_received)
3403{
3404 if (signal_received)
3405 {
3406 get_signal(signal_received);
3407 if (*signal_received)
3408 {
3409 return true;
3410 }
3411 }
3412 return false;
3413}
3414
3415/*
3416 * Wait for socket I/O when outside primary event loop
3417 */
3418static int
3419man_block(struct management *man, volatile int *signal_received, const time_t expire)
3420{
3421 struct timeval tv;
3422 struct event_set_return esr;
3423 int status = -1;
3424
3425 if (man_standalone_ok(man))
3426 {
3427 /* expire time can be already overdue, for this case init zero
3428 * timeout to avoid waiting first time and exit loop early with
3429 * either obtained event or timeout.
3430 */
3431 tv.tv_usec = 0;
3432 tv.tv_sec = 0;
3433
3434 while (true)
3435 {
3436 event_reset(man->connection.es);
3437 management_socket_set(man, man->connection.es, NULL, NULL);
3438 if (man_check_for_signals(signal_received))
3439 {
3440 status = -1;
3441 break;
3442 }
3443 status = event_wait(man->connection.es, &tv, &esr, 1);
3444 update_time();
3445 if (man_check_for_signals(signal_received))
3446 {
3447 status = -1;
3448 break;
3449 }
3450
3451 if (status > 0)
3452 {
3453 break;
3454 }
3455 else if (expire && now >= expire)
3456 {
3457 /* set SIGINT signal if expiration time exceeded */
3458 status = 0;
3459 if (signal_received)
3460 {
3461 *signal_received = SIGINT;
3462 }
3463 break;
3464 }
3465
3466 /* wait one second more */
3467 tv.tv_sec = 1;
3468 tv.tv_usec = 0;
3469 }
3470 }
3471 return status;
3472}
3473
3474/*
3475 * Perform management socket output outside primary event loop
3476 */
3477static void
3478man_output_standalone(struct management *man, volatile int *signal_received)
3479{
3480 if (man_standalone_ok(man))
3481 {
3482 while (man->connection.state == MS_CC_WAIT_WRITE)
3483 {
3484 management_io(man);
3485 if (man->connection.state == MS_CC_WAIT_WRITE)
3486 {
3487 man_block(man, signal_received, 0);
3488 }
3489 if (signal_received && *signal_received)
3490 {
3491 break;
3492 }
3493 }
3494 }
3495}
3496
3497/*
3498 * Process management event loop outside primary event loop
3499 */
3500static int
3501man_standalone_event_loop(struct management *man, volatile int *signal_received,
3502 const time_t expire)
3503{
3504 int status = -1;
3505 if (man_standalone_ok(man))
3506 {
3507 status = man_block(man, signal_received, expire);
3508 if (status > 0)
3509 {
3510 management_io(man);
3511 }
3512 }
3513 return status;
3514}
3515
3516#define MWCC_PASSWORD_WAIT (1 << 0)
3517#define MWCC_HOLD_WAIT (1 << 1)
3518#define MWCC_OTHER_WAIT (1 << 2)
3519
3520/*
3521 * Block until client connects
3522 */
3523static void
3524man_wait_for_client_connection(struct management *man, volatile int *signal_received,
3525 const time_t expire, unsigned int flags)
3526{
3527 ASSERT(man_standalone_ok(man));
3528 if (man->connection.state == MS_LISTEN)
3529 {
3530 if (flags & MWCC_PASSWORD_WAIT)
3531 {
3532 msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3533 }
3534 if (flags & MWCC_HOLD_WAIT)
3535 {
3536 msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3537 }
3538 if (flags & MWCC_OTHER_WAIT)
3539 {
3540 msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3541 }
3542 do
3543 {
3544 man_standalone_event_loop(man, signal_received, expire);
3545 if (signal_received && *signal_received)
3546 {
3547 break;
3548 }
3549 } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3550 }
3551}
3552
3553/*
3554 * Process the management event loop for sec seconds
3555 */
3556void
3557management_event_loop_n_seconds(struct management *man, int sec)
3558{
3559 if (man_standalone_ok(man))
3560 {
3561 volatile int signal_received = 0;
3562 const bool standalone_disabled_save = man->persist.standalone_disabled;
3563 time_t expire = 0;
3564
3565 /* This is so M_CLIENT messages will be correctly passed through msg() */
3566 man->persist.standalone_disabled = false;
3567
3568 /* set expire time */
3569 update_time();
3570 if (sec >= 0)
3571 {
3572 expire = now + sec;
3573 }
3574
3575 /* if no client connection, wait for one */
3576 man_wait_for_client_connection(man, &signal_received, expire, 0);
3577 if (signal_received)
3578 {
3579 return;
3580 }
3581
3582 /* run command processing event loop */
3583 do
3584 {
3585 man_standalone_event_loop(man, &signal_received, expire);
3586 if (!signal_received)
3587 {
3588 man_check_for_signals(&signal_received);
3589 }
3590 if (signal_received)
3591 {
3592 return;
3593 }
3594 update_time();
3595 } while (expire && expire > now);
3596
3597 /* revert state */
3598 man->persist.standalone_disabled = standalone_disabled_save;
3599 }
3600 else if (sec > 0)
3601 {
3602 sleep(sec);
3603 }
3604}
3605
3606/*
3607 * Get a username/password from management channel in standalone mode.
3608 */
3609bool
3610management_query_user_pass(struct management *man, struct user_pass *up, const char *type,
3611 const unsigned int flags, const char *static_challenge)
3612{
3613 struct gc_arena gc = gc_new();
3614 bool ret = false;
3615
3616 if (man_standalone_ok(man))
3617 {
3618 volatile int signal_received = 0;
3619 const bool standalone_disabled_save = man->persist.standalone_disabled;
3620 struct buffer alert_msg = alloc_buf_gc(128, &gc);
3621 const char *alert_type = NULL;
3622 const char *prefix = NULL;
3623 unsigned int up_query_mode = 0;
3624 const char *sc = NULL;
3625 ret = true;
3626 /* This is so M_CLIENT messages will be correctly passed through msg() */
3627 man->persist.standalone_disabled = false;
3628 man->persist.special_state_msg = NULL;
3629
3630 CLEAR(man->connection.up_query);
3631
3632 if (flags & GET_USER_PASS_NEED_OK)
3633 {
3634 up_query_mode = UP_QUERY_NEED_OK;
3635 prefix = "NEED-OK";
3636 alert_type = "confirmation";
3637 }
3638 else if (flags & GET_USER_PASS_NEED_STR)
3639 {
3640 up_query_mode = UP_QUERY_NEED_STR;
3641 prefix = "NEED-STR";
3642 alert_type = "string";
3643 }
3644 else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3645 {
3646 up_query_mode = UP_QUERY_PASS;
3647 prefix = "PASSWORD";
3648 alert_type = "password";
3649 }
3650 else if ((man->connection.client_version >= MCV_USERNAME_ONLY) && (flags & GET_USER_PASS_USERNAME_ONLY))
3651 {
3652 up_query_mode = UP_QUERY_USERNAME;
3653 prefix = "PASSWORD";
3654 alert_type = "username";
3655 }
3656 else
3657 {
3658 up_query_mode = UP_QUERY_USER_PASS;
3659 prefix = "PASSWORD";
3660 alert_type = "username/password";
3661 if (static_challenge)
3662 {
3663 sc = static_challenge;
3664 }
3665 }
3666 buf_printf(&alert_msg, ">%s:Need '%s' %s", prefix, type, alert_type);
3667
3668 if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3669 {
3670 buf_printf(&alert_msg, " MSG:%s", up->username);
3671 }
3672
3673 if (sc)
3674 {
3675 buf_printf(&alert_msg, " SC:%d,%s",
3676 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO)
3677 | (BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT) << 1),
3678 sc);
3679 }
3680
3681 man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3682 if (signal_received)
3683 {
3684 ret = false;
3685 }
3686
3687 if (ret)
3688 {
3689 man->persist.special_state_msg = BSTR(&alert_msg);
3690 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3691
3692 /* tell command line parser which info we need */
3693 man->connection.up_query_mode = up_query_mode;
3694 man->connection.up_query_type = type;
3695
3696 /* run command processing event loop until we get our username/password/response */
3697 do
3698 {
3699 man_standalone_event_loop(man, &signal_received, 0);
3700 if (!signal_received)
3701 {
3702 man_check_for_signals(&signal_received);
3703 }
3704 if (signal_received)
3705 {
3706 ret = false;
3707 break;
3708 }
3709 } while (!man->connection.up_query.defined);
3710 }
3711
3712 /* revert state */
3713 man->connection.up_query_mode = UP_QUERY_DISABLED;
3714 man->connection.up_query_type = NULL;
3715 man->persist.standalone_disabled = standalone_disabled_save;
3716 man->persist.special_state_msg = NULL;
3717
3718 /* pass through blank passwords */
3719 if (!strcmp(man->connection.up_query.password, blank_up))
3720 {
3721 CLEAR(man->connection.up_query.password);
3722 }
3723
3724 /*
3725 * Transfer u/p to return object, zero any record
3726 * we hold in the management object.
3727 */
3728 if (ret)
3729 {
3730 /* preserve caller's settings */
3731 man->connection.up_query.nocache = up->nocache;
3732 *up = man->connection.up_query;
3733 }
3734 secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3735 }
3736
3737 gc_free(&gc);
3738 return ret;
3739}
3740
3741static int
3742management_query_multiline(struct management *man, const char *b64_data, const char *prompt,
3743 const char *cmd, int *state, struct buffer_list **input)
3744{
3745 struct gc_arena gc = gc_new();
3746 int ret = 0;
3747 volatile int signal_received = 0;
3748 struct buffer alert_msg = clear_buf();
3749 const bool standalone_disabled_save = man->persist.standalone_disabled;
3750 struct man_connection *mc = &man->connection;
3751
3752 if (man_standalone_ok(man))
3753 {
3754 /* This is so M_CLIENT messages will be correctly passed through msg() */
3755 man->persist.standalone_disabled = false;
3756 man->persist.special_state_msg = NULL;
3757
3758 *state = EKS_SOLICIT;
3759
3760 if (b64_data)
3761 {
3762 alert_msg = alloc_buf_gc(strlen(b64_data) + strlen(prompt) + 3, &gc);
3763 buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3764 }
3765 else
3766 {
3767 alert_msg = alloc_buf_gc(strlen(prompt) + 3, &gc);
3768 buf_printf(&alert_msg, ">%s", prompt);
3769 }
3770
3771 man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3772
3773 if (signal_received)
3774 {
3775 goto done;
3776 }
3777
3778 man->persist.special_state_msg = BSTR(&alert_msg);
3779 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3780
3781 /* run command processing event loop until we get our signature */
3782 do
3783 {
3784 man_standalone_event_loop(man, &signal_received, 0);
3785 if (!signal_received)
3786 {
3787 man_check_for_signals(&signal_received);
3788 }
3789 if (signal_received)
3790 {
3791 goto done;
3792 }
3793 } while (*state != EKS_READY);
3794
3795 ret = 1;
3796 }
3797
3798done:
3799 if (*state == EKS_READY && ret)
3800 {
3801 msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3802 }
3803 else if (*state == EKS_INPUT || *state == EKS_READY)
3804 {
3805 msg(M_CLIENT, "ERROR: %s command failed", cmd);
3806 }
3807
3808 /* revert state */
3809 man->persist.standalone_disabled = standalone_disabled_save;
3810 man->persist.special_state_msg = NULL;
3811 in_extra_reset(mc, IER_RESET);
3812 *state = EKS_UNDEF;
3813
3814 gc_free(&gc);
3815 return ret;
3816}
3817
3818static char *
3819/* returns allocated base64 signature */
3820management_query_multiline_flatten_newline(struct management *man, const char *b64_data,
3821 const char *prompt, const char *cmd, int *state,
3822 struct buffer_list **input)
3823{
3824 int ok;
3825 char *result = NULL;
3826 struct buffer *buf;
3827
3828 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3829 if (ok && buffer_list_defined(*input))
3830 {
3831 buffer_list_aggregate_separator(*input, 10000, "\n");
3832 buf = buffer_list_peek(*input);
3833 if (buf && BLEN(buf) > 0)
3834 {
3835 result = (char *)malloc(BLENZ(buf) + 1);
3836 check_malloc_return(result);
3837 memcpy(result, buf->data, BLENZ(buf));
3838 result[BLEN(buf)] = '\0';
3839 }
3840 }
3841
3842 buffer_list_free(*input);
3843 *input = NULL;
3844
3845 return result;
3846}
3847
3848static char *
3849/* returns allocated base64 signature */
3850management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt,
3851 const char *cmd, int *state, struct buffer_list **input)
3852{
3853 int ok;
3854 char *result = NULL;
3855 struct buffer *buf;
3856
3857 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3858 if (ok && buffer_list_defined(*input))
3859 {
3860 buffer_list_aggregate(*input, 2048);
3861 buf = buffer_list_peek(*input);
3862 if (buf && BLEN(buf) > 0)
3863 {
3864 result = (char *)malloc(BLENZ(buf) + 1);
3865 check_malloc_return(result);
3866 memcpy(result, buf->data, BLENZ(buf));
3867 result[BLEN(buf)] = '\0';
3868 }
3869 }
3870
3871 buffer_list_free(*input);
3872 *input = NULL;
3873
3874 return result;
3875}
3876
3877char *
3878/* returns allocated base64 signature */
3879management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
3880{
3881 const char *prompt = "PK_SIGN";
3882 const char *desc = "pk-sign";
3883 struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
3884
3885 if (man->connection.client_version <= MCV_DEFAULT)
3886 {
3887 prompt = "RSA_SIGN";
3888 desc = "rsa-sign";
3889 }
3890
3891 buf_write(&buf_data, b64_data, (int)strlen(b64_data));
3892 if (man->connection.client_version >= MCV_PKSIGN_ALG)
3893 {
3894 buf_write(&buf_data, ",", (int)strlen(","));
3895 buf_write(&buf_data, algorithm, (int)strlen(algorithm));
3896 }
3897 char *ret = management_query_multiline_flatten(man, (char *)buf_bptr(&buf_data), prompt, desc,
3898 &man->connection.ext_key_state,
3899 &man->connection.ext_key_input);
3900 free_buf(&buf_data);
3901 return ret;
3902}
3903
3904char *
3905management_query_cert(struct management *man, const char *cert_name)
3906{
3907 const char prompt_1[] = "NEED-CERTIFICATE:";
3908 struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3909 buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3910 buf_write(&buf_prompt, cert_name, strlen(cert_name) + 1); /* +1 for \0 */
3911
3912 char *result;
3913 result = management_query_multiline_flatten_newline(
3914 management, NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3915 &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3916 free_buf(&buf_prompt);
3917 return result;
3918}
3919
3920/*
3921 * Return true if management_hold() would block
3922 */
3923bool
3924management_would_hold(struct management *man)
3925{
3926 return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3927}
3928
3929/*
3930 * If the hold flag is enabled, hibernate until a management client releases the hold.
3931 * Return true if the caller should not sleep for an additional time interval.
3932 */
3933bool
3934management_hold(struct management *man, int holdtime)
3935{
3936 if (management_would_hold(man))
3937 {
3938 volatile int signal_received = 0;
3939 const bool standalone_disabled_save = man->persist.standalone_disabled;
3940 struct gc_arena gc = gc_new();
3941
3942 man->persist.standalone_disabled =
3943 false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3944 man->persist.special_state_msg = NULL;
3945 man->settings.mansig |= MANSIG_IGNORE_USR1_HUP;
3946
3947 man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3948
3949 if (!signal_received)
3950 {
3951 struct buffer out = alloc_buf_gc(128, &gc);
3952 buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3953 man->persist.special_state_msg = BSTR(&out);
3954 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3955
3956 /* run command processing event loop until we get our username/password */
3957 do
3958 {
3959 man_standalone_event_loop(man, &signal_received, 0);
3960 if (!signal_received)
3961 {
3962 man_check_for_signals(&signal_received);
3963 }
3964 if (signal_received)
3965 {
3966 break;
3967 }
3968 } while (!man->persist.hold_release);
3969 }
3970
3971 /* revert state */
3972 man->persist.standalone_disabled = standalone_disabled_save;
3973 man->persist.special_state_msg = NULL;
3974 man->settings.mansig &= ~MANSIG_IGNORE_USR1_HUP;
3975
3976 gc_free(&gc);
3977 return true;
3978 }
3979 return false;
3980}
3981
3982/*
3983 * struct command_line
3984 */
3985
3986struct command_line *
3987command_line_new(const size_t buf_len)
3988{
3989 struct command_line *cl;
3990 ALLOC_OBJ_CLEAR(cl, struct command_line);
3991 cl->buf = alloc_buf(buf_len);
3992 cl->residual = alloc_buf(buf_len);
3993 return cl;
3994}
3995
3996void
3997command_line_reset(struct command_line *cl)
3998{
3999 buf_clear(&cl->buf);
4000 buf_clear(&cl->residual);
4001}
4002
4003void
4004command_line_free(struct command_line *cl)
4005{
4006 if (!cl)
4007 {
4008 return;
4009 }
4010 command_line_reset(cl);
4011 free_buf(&cl->buf);
4012 free_buf(&cl->residual);
4013 free(cl);
4014}
4015
4016void
4017command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
4018{
4019 for (size_t i = 0; i < len; ++i)
4020 {
4021 if (buf[i] && char_class(buf[i], (CC_PRINT | CC_NEWLINE)))
4022 {
4023 if (!buf_write_u8(&cl->buf, buf[i]))
4024 {
4025 buf_clear(&cl->buf);
4026 }
4027 }
4028 }
4029}
4030
4031const char *
4032command_line_get(struct command_line *cl)
4033{
4034 const char *ret = NULL;
4035
4036 int i = buf_substring_len(&cl->buf, '\n');
4037 if (i >= 0)
4038 {
4039 buf_copy_excess(&cl->residual, &cl->buf, i);
4040 buf_chomp(&cl->buf);
4041 ret = BSTR(&cl->buf);
4042 }
4043 return ret;
4044}
4045
4046void
4047command_line_next(struct command_line *cl)
4048{
4049 buf_clear(&cl->buf);
4050 buf_copy(&cl->buf, &cl->residual);
4051 buf_clear(&cl->residual);
4052}
4053
4054/*
4055 * struct log_entry
4056 */
4057
4058const char *
4059log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
4060{
4061 struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
4062 if (flags & LOG_FATAL_NOTIFY)
4063 {
4064 buf_printf(&out, ">FATAL:");
4065 }
4066 if (flags & LOG_PRINT_LOG_PREFIX)
4067 {
4068 buf_printf(&out, ">LOG:");
4069 }
4070 if (flags & LOG_PRINT_ECHO_PREFIX)
4071 {
4072 buf_printf(&out, ">ECHO:");
4073 }
4074 if (flags & LOG_PRINT_STATE_PREFIX)
4075 {
4076 buf_printf(&out, ">STATE:");
4077 }
4078 if (flags & LOG_PRINT_INT_DATE)
4079 {
4080 buf_printf(&out, "%u,", (unsigned int)e->timestamp);
4081 }
4082 if (flags & LOG_PRINT_MSG_FLAGS)
4083 {
4084 buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
4085 }
4086 if (flags & LOG_PRINT_STATE)
4087 {
4088 buf_printf(&out, "%s,", man_state_name(e->u.state));
4089 }
4090 if (flags & LOG_PRINT_INTVAL)
4091 {
4092 buf_printf(&out, "%d,", e->u.intval);
4093 }
4094 if (e->string)
4095 {
4096 buf_printf(&out, "%s", e->string);
4097 }
4098 if (flags & LOG_PRINT_LOCAL_IP)
4099 {
4100 buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
4101 }
4102 if (flags & LOG_PRINT_REMOTE_IP)
4103 {
4104 buf_printf(&out, ",%s",
4105 (!addr_defined(&e->remote_sock)
4106 ? ","
4107 : print_sockaddr_ex(&e->remote_sock.addr.sa, ",",
4108 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4109 buf_printf(&out, ",%s",
4110 (!addr_defined(&e->local_sock)
4111 ? ","
4112 : print_sockaddr_ex(&e->local_sock.addr.sa, ",",
4113 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4114 }
4115 if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
4116 {
4117 buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
4118 }
4119 if (flags & LOG_ECHO_TO_LOG)
4120 {
4121 msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
4122 }
4123 if (flags & LOG_PRINT_CRLF)
4124 {
4125 buf_printf(&out, "\r\n");
4126 }
4127 return BSTR(&out);
4128}
4129
4130static void
4131log_entry_free_contents(struct log_entry *e)
4132{
4133 /* Cast away constness of const char* */
4134 free((char *)e->string);
4135 CLEAR(*e);
4136}
4137
4138/*
4139 * struct log_history
4140 */
4141
4142static inline int
4143log_index(const struct log_history *h, int i)
4144{
4145 return modulo_add(h->base, i, h->capacity);
4146}
4147
4148static void
4149log_history_obj_init(struct log_history *h, int capacity)
4150{
4151 CLEAR(*h);
4152 h->capacity = capacity;
4153 ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
4154}
4155
4156struct log_history *
4157log_history_init(const int capacity)
4158{
4159 struct log_history *h;
4160 ASSERT(capacity > 0);
4161 ALLOC_OBJ(h, struct log_history);
4162 log_history_obj_init(h, capacity);
4163 return h;
4164}
4165
4166static void
4167log_history_free_contents(struct log_history *h)
4168{
4169 int i;
4170 for (i = 0; i < h->size; ++i)
4171 {
4172 log_entry_free_contents(&h->array[log_index(h, i)]);
4173 }
4174 free(h->array);
4175}
4176
4177void
4178log_history_close(struct log_history *h)
4179{
4180 log_history_free_contents(h);
4181 free(h);
4182}
4183
4184void
4185log_history_add(struct log_history *h, const struct log_entry *le)
4186{
4187 struct log_entry *e;
4188 ASSERT(h->size >= 0 && h->size <= h->capacity);
4189 if (h->size == h->capacity)
4190 {
4191 e = &h->array[h->base];
4192 log_entry_free_contents(e);
4193 h->base = log_index(h, 1);
4194 }
4195 else
4196 {
4197 e = &h->array[log_index(h, h->size)];
4198 ++h->size;
4199 }
4200
4201 *e = *le;
4202 e->string = string_alloc(le->string, NULL);
4203}
4204
4205void
4206log_history_resize(struct log_history *h, const int capacity)
4207{
4208 if (capacity != h->capacity)
4209 {
4210 struct log_history newlog;
4211 int i;
4212
4213 ASSERT(capacity > 0);
4214 log_history_obj_init(&newlog, capacity);
4215
4216 for (i = 0; i < h->size; ++i)
4217 {
4218 log_history_add(&newlog, &h->array[log_index(h, i)]);
4219 }
4220
4221 log_history_free_contents(h);
4222 *h = newlog;
4223 }
4224}
4225
4226const struct log_entry *
4227log_history_ref(const struct log_history *h, const int index)
4228{
4229 if (index >= 0 && index < h->size)
4230 {
4231 return &h->array[log_index(h, (h->size - 1) - index)];
4232 }
4233 else
4234 {
4235 return NULL;
4236 }
4237}
4238
4239void
4240management_sleep(const int n)
4241{
4242 if (n < 0)
4243 {
4244 return;
4245 }
4246 else if (management)
4247 {
4248 management_event_loop_n_seconds(management, n);
4249 }
4250 else
4251 {
4252#ifdef _WIN32
4253 win32_sleep(n);
4254#else
4255 if (n > 0)
4256 {
4257 sleep(n);
4258 }
4259#endif
4260 }
4261}
4262
4263void
4264management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
4265{
4266 if (man->persist.callback.flags & MCF_SERVER)
4267 {
4268 return;
4269 }
4270
4271 if (event_timeout_trigger(&man->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4272 {
4273 if (dco_enabled(&c->options))
4274 {
4275 if (dco_get_peer_stats(c, true) < 0)
4276 {
4277 return;
4278 }
4279 }
4280
4281 man_bytecount_output_client(c->c2.dco_read_bytes + man->persist.bytes_in + c->c2.link_read_bytes,
4282 c->c2.dco_write_bytes + man->persist.bytes_out + c->c2.link_write_bytes);
4283 }
4284}
4285
4286void
4287management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
4288{
4289 if (!(management->persist.callback.flags & MCF_SERVER))
4290 {
4291 return;
4292 }
4293
4294 if (event_timeout_trigger(&management->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4295 {
4296 /* fetch counters from dco */
4297 if (dco_enabled(&multi->top.options))
4298 {
4299 if (dco_get_peer_stats_multi(&multi->top.c1.tuntap->dco, true) < 0)
4300 {
4301 return;
4302 }
4303 }
4304
4305 /* iterate over peers and report counters for each connected peer */
4306 struct hash_iterator hi;
4307 struct hash_element *he;
4308 hash_iterator_init(multi->hash, &hi);
4309 while ((he = hash_iterator_next(&hi)))
4310 {
4311 struct multi_instance *mi = (struct multi_instance *)he->value;
4312 struct context_2 *c2 = &mi->context.c2;
4313
4314 if ((c2->mda_context.flags & (DAF_CONNECTION_ESTABLISHED | DAF_CONNECTION_CLOSED)) == DAF_CONNECTION_ESTABLISHED)
4315 {
4316 man_bytecount_output_server(c2->dco_read_bytes + c2->link_read_bytes, c2->dco_write_bytes + c2->link_write_bytes, &c2->mda_context);
4317 }
4318 }
4319 hash_iterator_free(&hi);
4320 }
4321}
4322
4323/* context_2 stats are reset on reconnect. Since client expects stats
4324 * to be preserved across reconnects, we need to save context_2
4325 * stats before tearing the tunnel down.
4326 */
4327void
4328man_persist_client_stats(struct management *man, struct context *c)
4329{
4330 man->persist.bytes_in += c->c2.link_read_bytes;
4331 man->persist.bytes_out += c->c2.link_write_bytes;
4332
4333 /* no need to raise SIGUSR1 on error since we are already closing the instance */
4334 if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
4335 {
4336 man->persist.bytes_in += c->c2.dco_read_bytes;
4337 man->persist.bytes_out += c->c2.dco_write_bytes;
4338 }
4339}
4340
4341#else /* ifdef ENABLE_MANAGEMENT */
4342
4343#include "win32.h"
4344void
4345management_sleep(const int n)
4346{
4347#ifdef _WIN32
4348 win32_sleep(n);
4349#else
4350 if (n > 0)
4351 {
4352 sleep(n);
4353 }
4354#endif /* ifdef _WIN32 */
4355}
4356
4357#endif /* ENABLE_MANAGEMENT */
OPENVPN_BASE64_DECODED_LENGTH
#define OPENVPN_BASE64_DECODED_LENGTH(base64_length)
Compute the maximal number of bytes encoded in a base64 string.
Definition base64.h:41
OPENVPN_BASE64_LENGTH
#define OPENVPN_BASE64_LENGTH(binary_length)
Compute resulting base64 length.
Definition base64.h:38
buffer_list_defined
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition buffer.c:1192
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:184
buffer_list_aggregate_separator
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1268
buf_clear
void buf_clear(struct buffer *buf)
Definition buffer.c:163
buffer_list_reset
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition buffer.c:1198
buffer_list_aggregate
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1313
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
buffer_list_new
struct buffer_list * buffer_list_new(void)
Allocate an empty buffer list of capacity max_size.
Definition buffer.c:1173
chomp
void chomp(char *str)
Definition buffer.c:613
buffer_list_peek
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition buffer.c:1255
buffer_list_free
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition buffer.c:1182
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
buffer_list_advance
void buffer_list_advance(struct buffer_list *ol, ssize_t n)
Definition buffer.c:1336
buf_parse
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition buffer.c:824
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:648
buffer_list_push
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition buffer.c:1213
buf_chomp
void buf_chomp(struct buffer *buf)
Definition buffer.c:553
char_class
bool char_class(const unsigned char c, const unsigned int flags)
Definition buffer.c:888
buf_substring_len
int buf_substring_len(const struct buffer *buf, int delim)
Definition buffer.c:802
buf_bptr
static uint8_t * buf_bptr(const struct buffer *buf)
Definition buffer.h:241
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition buffer.h:1083
BSTR
#define BSTR(buf)
Definition buffer.h:129
clear_buf
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:223
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:705
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition buffer.h:1104
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition buffer.h:740
CC_NEWLINE
#define CC_NEWLINE
newline
Definition buffer.h:892
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:254
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition buffer.h:349
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:415
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:661
buf_write_u8
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:685
BLEN
#define BLEN(buf)
Definition buffer.h:126
BLENZ
#define BLENZ(buf)
Definition buffer.h:127
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:362
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1131
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1049
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition buffer.h:886
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1088
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1041
counter_type
uint64_t counter_type
Definition common.h:31
counter_format
#define counter_format
Definition common.h:32
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition crypto_openssl.c:1338
dco_get_peer_stats_multi
static int dco_get_peer_stats_multi(dco_context_t *dco, const bool raise_sigusr1_on_err)
Definition dco.h:369
dco_get_peer_stats
static int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
Definition dco.h:375
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition env_set.c:291
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_MANAGEMENT_DEBUG
#define D_MANAGEMENT_DEBUG
Definition errlevel.h:137
M_INFO
#define M_INFO
Definition errlevel.h:54
D_MANAGEMENT
#define D_MANAGEMENT
Definition errlevel.h:87
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition errlevel.h:56
event_set_init
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition event.c:1187
EVENT_METHOD_FAST
#define EVENT_METHOD_FAST
Definition event.h:79
event_free
static void event_free(struct event_set *es)
Definition event.h:159
event_wait
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition event.h:186
EVENT_WRITE
#define EVENT_WRITE
Definition event.h:38
EVENT_READ
#define EVENT_READ
Definition event.h:37
event_reset
static void event_reset(struct event_set *es)
Definition event.h:168
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition event.h:180
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition fdmisc.c:68
link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:49
link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:48
reset_coarse_timers
void reset_coarse_timers(struct context *c)
Definition init.c:1306
min_size
static size_t min_size(size_t x, size_t y)
Definition integer.h:79
min_uint
static unsigned int min_uint(unsigned int x, unsigned int y)
Definition integer.h:66
min_int
static int min_int(int x, int y)
Definition integer.h:105
modulo_add
static int modulo_add(int x, int y, int mod)
Definition integer.h:185
status
static SERVICE_STATUS status
Definition interactive.c:51
event_timeout_trigger
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition interval.c:42
ETT_DEFAULT
#define ETT_DEFAULT
Definition interval.h:222
event_timeout_init
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t last)
Initialises a timer struct.
Definition interval.h:172
event_timeout_clear
static void event_timeout_clear(struct event_timeout *et)
Clears the timeout and reset all values to 0.
Definition interval.h:153
hash_iterator_free
void hash_iterator_free(struct hash_iterator *hi)
Definition list.c:270
hash_iterator_next
struct hash_element * hash_iterator_next(struct hash_iterator *hi)
Definition list.c:276
hash_iterator_init
void hash_iterator_init(struct hash *hash, struct hash_iterator *hi)
Definition list.c:234
management_pre_tunnel_close
void management_pre_tunnel_close(struct management *man)
Definition manage.c:3203
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3212
log_history_close
void log_history_close(struct log_history *h)
Definition manage.c:4178
management
struct management * management
Definition manage.c:75
man_status
static void man_status(struct management *man, const int version, struct status_output *so)
Definition manage.c:508
management_check_bytecount_server
void management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
Definition manage.c:4287
man_up_finalize
static void man_up_finalize(struct management *man)
Definition manage.c:741
man_io_error
static bool man_io_error(struct management *man, const char *prefix)
Definition manage.c:2265
man_log
static void man_log(struct management *man, const char *parm)
Definition manage.c:720
man_reset_client_socket
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition manage.c:2167
man_bytecount
static void man_bytecount(struct management *man, const int update_seconds)
Definition manage.c:528
management_notify_client_close
void management_notify_client_close(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3121
man_connect
static void man_connect(struct management *man)
Definition manage.c:2101
MWCC_OTHER_WAIT
#define MWCC_OTHER_WAIT
Definition manage.c:3518
man_read
static ssize_t man_read(struct management *man)
Definition manage.c:2421
man_check_for_signals
static bool man_check_for_signals(volatile int *signal_received)
Definition manage.c:3402
man_bytecount_output_server
static void man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total, struct man_def_auth_context *mdac)
Definition manage.c:578
man_output_list_push
static void man_output_list_push(struct management *man, const char *str)
Definition manage.c:293
management_socket_set
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition manage.c:3247
command_line_free
void command_line_free(struct command_line *cl)
Definition manage.c:4004
man_block
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3419
man_certificate
static void man_certificate(struct management *man)
Definition manage.c:1314
command_line_next
void command_line_next(struct command_line *cl)
Definition manage.c:4047
man_net
static void man_net(struct management *man)
Definition manage.c:854
management_clear_callback
void management_clear_callback(struct management *man)
Definition manage.c:2875
man_persist_init
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition manage.c:2573
management_query_cert
char * management_query_cert(struct management *man, const char *cert_name)
Definition manage.c:3905
command_line_new
struct command_line * command_line_new(const size_t buf_len)
Definition manage.c:3987
man_standalone_ok
static bool man_standalone_ok(const struct management *man)
Definition manage.c:3396
management_hold
bool management_hold(struct management *man, int holdtime)
Definition manage.c:3934
man_settings_init
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2631
log_index
static int log_index(const struct log_history *h, int i)
Definition manage.c:4143
man_connection_clear
static void man_connection_clear(struct man_connection *mc)
Definition manage.c:2560
AF_DID_RESET
#define AF_DID_RESET
man_start_ne32
static void man_start_ne32(struct management *man)
Definition manage.c:1854
man_connection_settings_reset
static void man_connection_settings_reset(struct management *man)
Definition manage.c:1882
man_help
static void man_help(void)
Definition manage.c:83
man_update_io_state
static void man_update_io_state(struct management *man)
Definition manage.c:254
man_bytecount_stop
static void man_bytecount_stop(struct management *man)
Definition manage.c:521
man_check_password
static void man_check_password(struct management *man, const char *line)
Definition manage.c:223
man_persist_state
static bool man_persist_state(unsigned int *persistent, const int n)
Definition manage.c:3231
man_need
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Checks if the correct number of arguments to a management command are present and otherwise prints an...
Definition manage.c:1356
man_connection_init
static void man_connection_init(struct management *man)
Definition manage.c:2731
env_filter_match
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition manage.c:2938
man_client_pending_auth
static void man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str, const char *extra, const char *timeout_str)
Will send a notification to the client that succesful authentication will require an additional step ...
Definition manage.c:1173
man_connection_close
static void man_connection_close(struct management *man)
Definition manage.c:2776
man_query_password
static void man_query_password(struct management *man, const char *type, const char *string)
Definition manage.c:814
man_client_kill
static void man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
Definition manage.c:1250
log_history_init
struct log_history * log_history_init(const int capacity)
Definition manage.c:4157
man_listen
static void man_listen(struct management *man)
Definition manage.c:2025
man_stop_ne32
static void man_stop_ne32(struct management *man)
Definition manage.c:1874
man_query_username
static void man_query_username(struct management *man, const char *type, const char *string)
Definition manage.c:803
man_push_update
static void man_push_update(struct management *man, const char **p, const push_update_type type)
Definition manage.c:1441
MWCC_PASSWORD_WAIT
#define MWCC_PASSWORD_WAIT
Definition manage.c:3516
man_dispatch_command
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition manage.c:1483
virtual_output_callback_func
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition manage.c:360
man_signal
static void man_signal(struct management *man, const char *name)
Definition manage.c:474
man_prompt
static void man_prompt(struct management *man)
Definition manage.c:300
mcv
mcv
Definition manage.c:67
MCV_USERNAME_ONLY
@ MCV_USERNAME_ONLY
Definition manage.c:71
MCV_PKSIGN_ALG
@ MCV_PKSIGN_ALG
Definition manage.c:70
MCV_DEFAULT
@ MCV_DEFAULT
Definition manage.c:68
MCV_PKSIGN
@ MCV_PKSIGN
Definition manage.c:69
MCV_MULTILINE_PASSWORD
@ MCV_MULTILINE_PASSWORD
Definition manage.c:72
man_state
static void man_state(struct management *man, const char *parm)
Definition manage.c:734
man_client_deny
static void man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
Definition manage.c:1222
man_echo
static void man_echo(struct management *man, const char *parm)
Definition manage.c:727
management_learn_addr
void management_learn_addr(struct management *management, struct man_def_auth_context *mdac, const struct mroute_addr *addr, const bool primary)
Definition manage.c:3133
management_query_multiline_flatten
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3850
man_proxy
static void man_proxy(struct management *man, const char **p)
Definition manage.c:1373
management_init
struct management * management_init(void)
Definition manage.c:2805
in_extra_reset
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition manage.c:1004
command_line_reset
void command_line_reset(struct command_line *cl)
Definition manage.c:3997
man_query_need_str
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition manage.c:837
management_would_hold
bool management_would_hold(struct management *man)
Definition manage.c:3924
man_history
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition manage.c:678
management_query_user_pass
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition manage.c:3610
man_bytecount_output_client
static void man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
Definition manage.c:566
log_history_add
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition manage.c:4185
log_entry_free_contents
static void log_entry_free_contents(struct log_entry *e)
Definition manage.c:4131
man_mod_signal
static int man_mod_signal(const struct management *man, const int signum)
Definition manage.c:448
MN_AT_LEAST
#define MN_AT_LEAST
Definition manage.c:1344
management_event_loop_n_seconds
void management_event_loop_n_seconds(struct management *man, int sec)
Definition manage.c:3557
man_persist_close
static void man_persist_close(struct man_persist *mp)
Definition manage.c:2609
man_kill
static void man_kill(struct management *man, const char *victim)
Definition manage.c:590
management_close
void management_close(struct management *man)
Definition manage.c:2858
man_pk_sig
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition manage.c:1298
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition manage.c:2884
man_output_list_push_finalize
static void man_output_list_push_finalize(struct management *man)
Definition manage.c:270
man_load_stats
static void man_load_stats(struct management *man)
Definition manage.c:1330
man_password_needed
static bool man_password_needed(struct management *man)
Definition manage.c:217
set_client_version
static void set_client_version(struct management *man, const char *version)
Definition manage.c:1423
log_entry_print
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition manage.c:4059
management_auth_token
void management_auth_token(struct management *man, const char *token)
Definition manage.c:3225
man_accept
static void man_accept(struct management *man)
Definition manage.c:1985
man_client_auth
static void man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
Definition manage.c:1205
parse_cid
static bool parse_cid(const char *str, unsigned long *cid)
Definition manage.c:1134
man_send_cc_message
static void man_send_cc_message(struct management *man, const char *message, const char *parameters)
Definition manage.c:867
man_delete_unix_socket
static void man_delete_unix_socket(struct management *man)
Definition manage.c:333
management_io
void management_io(struct management *man)
Definition manage.c:3285
man_wait_for_client_connection
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition manage.c:3524
IER_NEW
#define IER_NEW
Definition manage.c:1001
man_output_peer_info_env
static void man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
Definition manage.c:3041
AF_DID_PUSH
#define AF_DID_PUSH
management_open
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2819
man_welcome
static void man_welcome(struct management *man)
Definition manage.c:206
management_notify_generic
void management_notify_generic(struct management *man, const char *str)
Definition manage.c:3035
management_connection_established
void management_connection_established(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3111
man_query_need_ok
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition manage.c:828
management_query_multiline_flatten_newline
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3820
man_output_extra_env
static void man_output_extra_env(struct management *man, const char *prefix)
Definition manage.c:3005
man_persist_client_stats
void man_persist_client_stats(struct management *man, struct context *c)
Definition manage.c:4328
man_new_connection_post
static void man_new_connection_post(struct management *man, const char *description)
Definition manage.c:1895
log_history_obj_init
static void log_history_obj_init(struct log_history *h, int capacity)
Definition manage.c:4149
man_query_password_base64
static void man_query_password_base64(struct management *man, const char *type)
Enter multi-line base64 mode for receiving a password that exceeds the single-line parameter size lim...
Definition manage.c:1040
report_command_status
static void report_command_status(const bool status, const char *command)
Small function to report the success or failure of a command to the management interface.
Definition manage.c:320
IER_RESET
#define IER_RESET
Definition manage.c:1000
man_close_socket
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition manage.c:344
parse_uint
static bool parse_uint(const char *str, const char *what, unsigned int *uint)
Definition manage.c:1148
management_set_callback
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition manage.c:2868
management_notify_client_needing_auth
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3069
man_client_n_clients
static void man_client_n_clients(struct management *man)
Definition manage.c:1276
man_output_standalone
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition manage.c:3478
management_notify_client_cr_response
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
Definition manage.c:3091
management_echo
void management_echo(struct management *man, const char *string, const bool pull)
Definition manage.c:3146
man_remote_entry_get
static void man_remote_entry_get(struct management *man, const char *p1, const char *p2)
Definition manage.c:933
log_history_ref
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition manage.c:4227
man_remote_entry_count
static void man_remote_entry_count(struct management *man)
Definition manage.c:917
man_settings_close
static void man_settings_close(struct man_settings *ms)
Definition manage.c:2720
management_check_bytecount_client
void management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
Definition manage.c:4264
man_env_filter
static void man_env_filter(struct management *man, const int level)
Definition manage.c:1290
MANAGEMENT_ECHO_FLAGS
#define MANAGEMENT_ECHO_FLAGS
Definition manage.c:59
man_output_list_push_str
static void man_output_list_push_str(struct management *man, const char *str)
Definition manage.c:284
management_up_down
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition manage.c:3019
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3879
man_remote
static void man_remote(struct management *man, const char **p)
Definition manage.c:1387
man_forget_passwords
static void man_forget_passwords(struct management *man)
Definition manage.c:846
command_line_add
void command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
Definition manage.c:4017
man_standalone_event_loop
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3501
man_process_command
static void man_process_command(struct management *man, const char *line)
Definition manage.c:2215
management_query_multiline
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3742
man_output_env
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition manage.c:2984
command_line_get
const char * command_line_get(struct command_line *cl)
Definition manage.c:4032
log_history_free_contents
static void log_history_free_contents(struct log_history *h)
Definition manage.c:4167
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition manage.c:4240
man_state_name
static const char * man_state_name(const int state)
Definition manage.c:157
log_history_resize
void log_history_resize(struct log_history *h, const int capacity)
Definition manage.c:4206
in_extra_dispatch
static void in_extra_dispatch(struct management *man)
Definition manage.c:1062
man_command_unsupported
static void man_command_unsupported(const char *command_name)
Definition manage.c:501
management_notify
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition manage.c:3029
MWCC_HOLD_WAIT
#define MWCC_HOLD_WAIT
Definition manage.c:3517
management_post_tunnel_open
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition manage.c:3180
man_query_user_pass
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition manage.c:778
man_write
static ssize_t man_write(struct management *man)
Definition manage.c:2515
man_hold
static void man_hold(struct management *man, const char *cmd)
Definition manage.c:970
MANSIG_MAP_USR1_TO_TERM
#define MANSIG_MAP_USR1_TO_TERM
Definition manage.h:257
MS_LISTEN
#define MS_LISTEN
Definition manage.h:271
OPENVPN_STATE_ADD_ROUTES
#define OPENVPN_STATE_ADD_ROUTES
Definition manage.h:453
UP_QUERY_USER_PASS
#define UP_QUERY_USER_PASS
Definition manage.h:263
IEC_PASSWORD
#define IEC_PASSWORD
Definition manage.h:300
OPENVPN_STATE_INITIAL
#define OPENVPN_STATE_INITIAL
Definition manage.h:450
MF_FORGET_DISCONNECT
#define MF_FORGET_DISCONNECT
Definition manage.h:31
UP_QUERY_DISABLED
#define UP_QUERY_DISABLED
Definition manage.h:262
LOG_FATAL_NOTIFY
#define LOG_FATAL_NOTIFY
Definition manage.h:127
MS_INITIAL
#define MS_INITIAL
Definition manage.h:270
MANAGEMENT_STATE_BUFFER_SIZE
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition manage.h:57
MANAGEMENT_VERSION
#define MANAGEMENT_VERSION
Definition manage.h:53
OPENVPN_STATE_CONNECTING
#define OPENVPN_STATE_CONNECTING
Definition manage.h:451
EKS_SOLICIT
#define EKS_SOLICIT
Definition manage.h:306
MS_CC_WAIT_WRITE
#define MS_CC_WAIT_WRITE
Definition manage.h:273
LOG_PRINT_REMOTE_IP
#define LOG_PRINT_REMOTE_IP
Definition manage.h:131
LOG_PRINT_STATE_PREFIX
#define LOG_PRINT_STATE_PREFIX
Definition manage.h:119
OPENVPN_STATE_RECONNECTING
#define OPENVPN_STATE_RECONNECTING
Definition manage.h:455
LOG_PRINT_INT_DATE
#define LOG_PRINT_INT_DATE
Definition manage.h:121
DAF_INITIAL_AUTH
#define DAF_INITIAL_AUTH
Definition manage.h:68
IEC_PK_SIGN
#define IEC_PK_SIGN
Definition manage.h:299
MANSIG_MAP_USR1_TO_HUP
#define MANSIG_MAP_USR1_TO_HUP
Definition manage.h:256
LOG_PRINT_ECHO_PREFIX
#define LOG_PRINT_ECHO_PREFIX
Definition manage.h:118
LOG_PRINT_LOCAL_IP
#define LOG_PRINT_LOCAL_IP
Definition manage.h:124
MANAGEMENT_ECHO_BUFFER_SIZE
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition manage.h:56
DAF_CONNECTION_CLOSED
#define DAF_CONNECTION_CLOSED
Definition manage.h:67
MCF_SERVER
#define MCF_SERVER
Definition manage.h:175
OPENVPN_STATE_CLIENT_BASE
#define OPENVPN_STATE_CLIENT_BASE
Definition manage.h:467
MS_CC_WAIT_READ
#define MS_CC_WAIT_READ
Definition manage.h:272
LOG_PRINT_STATE
#define LOG_PRINT_STATE
Definition manage.h:123
OPENVPN_STATE_CONNECTED
#define OPENVPN_STATE_CONNECTED
Definition manage.h:454
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition manage.h:462
LOG_ECHO_TO_LOG
#define LOG_ECHO_TO_LOG
Definition manage.h:133
UP_QUERY_NEED_STR
#define UP_QUERY_NEED_STR
Definition manage.h:266
OPENVPN_STATE_EXITING
#define OPENVPN_STATE_EXITING
Definition manage.h:456
management_connected
static bool management_connected(const struct management *man)
Definition manage.h:415
MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition manage.h:55
OPENVPN_STATE_AUTH_PENDING
#define OPENVPN_STATE_AUTH_PENDING
Definition manage.h:464
log_history_size
static int log_history_size(const struct log_history *h)
Definition manage.h:156
IEC_UNDEF
#define IEC_UNDEF
Definition manage.h:294
IEC_CERTIFICATE
#define IEC_CERTIFICATE
Definition manage.h:298
MANSIG_IGNORE_USR1_HUP
#define MANSIG_IGNORE_USR1_HUP
Definition manage.h:255
OPENVPN_STATE_AUTH
#define OPENVPN_STATE_AUTH
Definition manage.h:460
EKS_READY
#define EKS_READY
Definition manage.h:308
LOG_PRINT_LOG_PREFIX
#define LOG_PRINT_LOG_PREFIX
Definition manage.h:117
OPENVPN_STATE_WAIT
#define OPENVPN_STATE_WAIT
Definition manage.h:459
LOG_PRINT_INTVAL
#define LOG_PRINT_INTVAL
Definition manage.h:129
LOG_PRINT_CRLF
#define LOG_PRINT_CRLF
Definition manage.h:126
DAF_CONNECTION_ESTABLISHED
#define DAF_CONNECTION_ESTABLISHED
Definition manage.h:66
MF_SERVER
#define MF_SERVER
Definition manage.h:27
OPENVPN_STATE_ASSIGN_IP
#define OPENVPN_STATE_ASSIGN_IP
Definition manage.h:452
MANAGEMENT_N_PASSWORD_RETRIES
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition manage.h:54
MF_UP_DOWN
#define MF_UP_DOWN
Definition manage.h:39
UP_QUERY_PASS
#define UP_QUERY_PASS
Definition manage.h:264
EKS_UNDEF
#define EKS_UNDEF
Definition manage.h:305
MF_HOLD
#define MF_HOLD
Definition manage.h:29
IEC_CLIENT_AUTH
#define IEC_CLIENT_AUTH
Definition manage.h:295
MF_SIGNAL
#define MF_SIGNAL
Definition manage.h:30
UP_QUERY_NEED_OK
#define UP_QUERY_NEED_OK
Definition manage.h:265
MF_UNIX_SOCK
#define MF_UNIX_SOCK
Definition manage.h:35
OPENVPN_STATE_GET_CONFIG
#define OPENVPN_STATE_GET_CONFIG
Definition manage.h:461
MF_CONNECT_AS_CLIENT
#define MF_CONNECT_AS_CLIENT
Definition manage.h:32
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition manage.h:463
LOG_PRINT_MSG_FLAGS
#define LOG_PRINT_MSG_FLAGS
Definition manage.h:122
UP_QUERY_USERNAME
#define UP_QUERY_USERNAME
Definition manage.h:267
EKS_INPUT
#define EKS_INPUT
Definition manage.h:307
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition misc.c:721
USER_PASS_LEN
#define USER_PASS_LEN
Definition misc.h:67
GET_USER_PASS_STATIC_CHALLENGE_CONCAT
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
indicates password and response should be concatenated
Definition misc.h:128
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:115
GET_USER_PASS_USERNAME_ONLY
#define GET_USER_PASS_USERNAME_ONLY
indicate that only username should be prompted for auth-user-pass
Definition misc.h:130
GET_USER_PASS_STATIC_CHALLENGE_ECHO
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
SCRV1 protocol – echo response.
Definition misc.h:123
GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NEED_OK
Definition misc.h:116
blank_up
static const char blank_up[]
Definition misc.h:52
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:155
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition misc.h:118
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:377
MAPF_SUBNET
#define MAPF_SUBNET
Definition mroute.h:155
multi.h
Header file for server-mode related structures and functions.
BOOL_CAST
#define BOOL_CAST(x)
Definition basic.h:26
CLEAR
#define CLEAR(x)
Definition basic.h:32
SIZE
#define SIZE(x)
Definition basic.h:29
get_debug_level
msglvl_t get_debug_level(void)
Definition error.c:131
set_mute_cutoff
bool set_mute_cutoff(const int cutoff)
Definition error.c:117
get_mute_cutoff
int get_mute_cutoff(void)
Definition error.c:137
set_debug_level
bool set_debug_level(const int level, const unsigned int flags)
Definition error.c:101
msg_flags_string
const char * msg_flags_string(const msglvl_t flags, struct gc_arena *gc)
Definition error.c:746
M_CLIENT
#define M_CLIENT
Definition error.h:108
msg_set_virtual_output
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition error.h:350
ERR_BUF_SIZE
#define ERR_BUF_SIZE
Definition error.h:34
M_FATAL
#define M_FATAL
Definition error.h:90
ignore_sys_error
static bool ignore_sys_error(const int err, bool crt_error)
Definition error.h:366
M_ERR
#define M_ERR
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:152
openvpn_errno_maybe_crt
static int openvpn_errno_maybe_crt(bool *crt_error)
Definition error.h:404
ASSERT
#define ASSERT(x)
Definition error.h:219
M_WARN
#define M_WARN
Definition error.h:92
M_ERRNO
#define M_ERRNO
Definition error.h:95
auth_retry_print
const char * auth_retry_print(void)
Definition options.c:4822
title_string
const char title_string[]
Definition options.c:72
auth_retry_set
bool auth_retry_set(const msglvl_t msglevel, const char *option)
Definition options.c:4799
streq
#define streq(x, y)
Definition options.h:721
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:987
parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, msglvl_t msglevel, struct gc_arena *gc)
Definition options_parse.c:50
MAX_PARMS
#define MAX_PARMS
Definition options.h:51
now
time_t now
Definition otime.c:33
update_time
static void update_time(void)
Definition otime.h:84
platform_getpid
unsigned int platform_getpid(void)
Definition platform.c:333
platform_user_get
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition platform.c:80
platform_group_get
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition platform.c:124
push_update_type
push_update_type
Definition push.h:47
UPT_BY_CID
@ UPT_BY_CID
Definition push.h:49
UPT_BROADCAST
@ UPT_BROADCAST
Definition push.h:48
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition sig.c:204
signal_name
const char * signal_name(const int sig, const bool upper)
Definition sig.c:91
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition sig.c:175
parse_signal
int parse_signal(const char *signame)
Definition sig.c:64
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition sig.h:109
sd_close
void sd_close(socket_descriptor_t *sd)
Definition socket.c:2980
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition socket.c:784
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition socket.c:967
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition socket.c:917
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition socket.c:564
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition socket.c:195
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition socket.h:261
openvpn_close_socket
#define openvpn_close_socket(s)
Definition socket.h:266
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition socket_util.c:409
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:38
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition socket_util.h:89
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition socket_util.h:77
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition socket_util.h:123
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition socket_util.h:127
GETADDR_FATAL
#define GETADDR_FATAL
Definition socket_util.h:118
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition socket_util.h:31
PROTO_NONE
@ PROTO_NONE
Definition socket_util.h:176
PROTO_UDP
@ PROTO_UDP
Definition socket_util.h:177
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition socket_util.h:179
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition socket_util.h:119
addr_defined
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition socket_util.h:234
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition socket_util.h:117
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition socket_util.h:34
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition socket_util.h:122
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:160
ssl_purge_auth
void ssl_purge_auth(const bool auth_user_pass_only)
Definition ssl.c:386
ssl_clean_auth_token
bool ssl_clean_auth_token(void)
Definition ssl.c:375
ssl.h
Control Channel SSL/Data channel negotiation module.
status_open
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition status.c:59
status_close
bool status_close(struct status_output *so)
Definition status.c:178
buffer_list
Definition buffer.h:1149
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::capacity
int capacity
Size in bytes of memory allocated by malloc().
Definition buffer.h:61
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition buffer.h:67
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
command_line
Definition manage.h:78
command_line::residual
struct buffer residual
Definition manage.h:80
command_line::buf
struct buffer buf
Definition manage.h:79
context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition openvpn.h:172
context_2
Level 2 context containing state that is reset on both SIGHUP and SIGUSR1 restarts.
Definition openvpn.h:224
context_2::link_read_bytes
counter_type link_read_bytes
Definition openvpn.h:266
context_2::link_write_bytes
counter_type link_write_bytes
Definition openvpn.h:269
context_2::dco_read_bytes
counter_type dco_read_bytes
Definition openvpn.h:267
context_2::mda_context
struct man_def_auth_context mda_context
Definition openvpn.h:450
context_2::dco_write_bytes
counter_type dco_write_bytes
Definition openvpn.h:270
context
Contains all state information for one tunnel.
Definition openvpn.h:471
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:514
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:472
context::c1
struct context_1 c1
Level 1 context.
Definition openvpn.h:513
env_item
Definition env_set.h:37
env_item::string
char * string
Definition env_set.h:38
env_item::next
struct env_item * next
Definition env_set.h:39
env_set
Definition env_set.h:43
env_set::list
struct env_item * list
Definition env_set.h:45
event_set_return
Definition event.h:122
event_set
Definition event.h:128
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash_element
Definition list.h:40
hash_element::value
void * value
Definition list.h:41
hash_iterator
Definition list.h:79
link_socket_actual
Definition socket_util.h:50
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
log_entry
Definition manage.h:107
log_entry::local_ip6
struct in6_addr local_ip6
Definition manage.h:111
log_entry::local_sock
struct openvpn_sockaddr local_sock
Definition manage.h:112
log_entry::remote_sock
struct openvpn_sockaddr remote_sock
Definition manage.h:113
log_entry::timestamp
time_t timestamp
Definition manage.h:108
log_entry::string
const char * string
Definition manage.h:109
log_entry::local_ip
in_addr_t local_ip
Definition manage.h:110
log_entry::u
union log_entry_union u
Definition manage.h:114
log_history
Definition manage.h:138
log_history::size
int size
Definition manage.h:140
log_history::capacity
int capacity
Definition manage.h:141
log_history::array
struct log_entry * array
Definition manage.h:142
log_history::base
int base
Definition manage.h:139
man_connection
Definition manage.h:276
man_connection::es
struct event_set * es
Definition manage.h:313
man_connection::in_extra_cid
unsigned long in_extra_cid
Definition manage.h:303
man_connection::up_query_type
const char * up_query_type
Definition manage.h:322
man_connection::password_verified
bool password_verified
Definition manage.h:288
man_connection::halt
bool halt
Definition manage.h:287
man_connection::env_filter_level
int env_filter_level
Definition manage.h:314
man_connection::up_query
struct user_pass up_query
Definition manage.h:324
man_connection::sd_top
socket_descriptor_t sd_top
Definition manage.h:279
man_connection::state
int state
Definition manage.h:277
man_connection::ext_cert_input
struct buffer_list * ext_cert_input
Definition manage.h:312
man_connection::in
struct command_line * in
Definition manage.h:291
man_connection::in_extra_kid
unsigned int in_extra_kid
Definition manage.h:304
man_connection::remote
struct openvpn_sockaddr remote
Definition manage.h:281
man_connection::sd_cli
socket_descriptor_t sd_cli
Definition manage.h:280
man_connection::ext_key_input
struct buffer_list * ext_key_input
Definition manage.h:310
man_connection::up_query_mode
int up_query_mode
Definition manage.h:323
man_connection::bytecount_update_seconds
int bytecount_update_seconds
Definition manage.h:319
man_connection::in_extra_cmd
int in_extra_cmd
Definition manage.h:301
man_connection::in_extra
struct buffer_list * in_extra
Definition manage.h:302
man_connection::echo_realtime
bool echo_realtime
Definition manage.h:318
man_connection::state_realtime
bool state_realtime
Definition manage.h:316
man_connection::bytecount_update_interval
struct event_timeout bytecount_update_interval
Definition manage.h:320
man_connection::ext_cert_state
int ext_cert_state
Definition manage.h:311
man_connection::out
struct buffer_list * out
Definition manage.h:292
man_connection::password_tries
int password_tries
Definition manage.h:289
man_connection::client_version
int client_version
Definition manage.h:330
man_connection::log_realtime
bool log_realtime
Definition manage.h:317
man_connection::ne32
struct net_event_win32 ne32
Definition manage.h:284
man_connection::ext_key_state
int ext_key_state
Definition manage.h:309
man_def_auth_context
Definition manage.h:63
man_def_auth_context::cid
unsigned long cid
Definition manage.h:64
man_def_auth_context::flags
unsigned int flags
Definition manage.h:69
man_persist
Definition manage.h:218
man_persist::bytes_in
counter_type bytes_in
Definition manage.h:234
man_persist::state
struct log_history * state
Definition manage.h:228
man_persist::callback
struct management_callback callback
Definition manage.h:225
man_persist::log
struct log_history * log
Definition manage.h:221
man_persist::vout
struct virtual_output vout
Definition manage.h:222
man_persist::standalone_disabled
bool standalone_disabled
Definition manage.h:224
man_persist::defined
bool defined
Definition manage.h:219
man_persist::hold_release
bool hold_release
Definition manage.h:230
man_persist::echo
struct log_history * echo
Definition manage.h:227
man_persist::special_state_msg
const char * special_state_msg
Definition manage.h:232
man_persist::bytes_out
counter_type bytes_out
Definition manage.h:235
man_settings
Definition manage.h:239
man_settings::management_over_tunnel
bool management_over_tunnel
Definition manage.h:248
man_settings::local
struct addrinfo * local
Definition manage.h:242
man_settings::flags
unsigned int flags
Definition manage.h:241
man_settings::echo_buffer_size
int echo_buffer_size
Definition manage.h:251
man_settings::mansig
unsigned int mansig
Definition manage.h:258
man_settings::state_buffer_size
int state_buffer_size
Definition manage.h:252
man_settings::defined
bool defined
Definition manage.h:240
man_settings::log_history_cache
int log_history_cache
Definition manage.h:250
man_settings::up
struct user_pass up
Definition manage.h:249
management_callback
Definition manage.h:172
management_callback::get_peer_info
char *(* get_peer_info)(void *arg, const unsigned long cid)
Definition manage.h:191
management_callback::client_auth
bool(* client_auth)(void *arg, const unsigned long cid, const unsigned int mda_key_id, const bool auth, const char *reason, const char *client_reason, struct buffer_list *cc_config)
Definition manage.h:186
management_callback::kill_by_addr
int(* kill_by_addr)(void *arg, const in_addr_t addr, const uint16_t port, const uint8_t proto)
Definition manage.h:181
management_callback::delete_event
void(* delete_event)(void *arg, event_t event)
Definition manage.h:182
management_callback::arg
void * arg
Definition manage.h:173
management_callback::push_update_broadcast
bool(* push_update_broadcast)(void *arg, const char *options)
Definition manage.h:199
management_callback::push_update_by_cid
bool(* push_update_by_cid)(void *arg, unsigned long cid, const char *options)
Definition manage.h:200
management_callback::n_clients
int(* n_clients)(void *arg)
Definition manage.h:183
management_callback::status
void(* status)(void *arg, const int version, struct status_output *so)
Definition manage.h:178
management_callback::remote_entry_get
bool(* remote_entry_get)(void *arg, unsigned int index, char **remote)
Definition manage.h:198
management_callback::remote_entry_count
unsigned int(* remote_entry_count)(void *arg)
Definition manage.h:197
management_callback::send_cc_message
bool(* send_cc_message)(void *arg, const char *message, const char *parameter)
Definition manage.h:184
management_callback::proxy_cmd
bool(* proxy_cmd)(void *arg, const char **p)
Definition manage.h:192
management_callback::show_net
void(* show_net)(void *arg, const msglvl_t msglevel)
Definition manage.h:179
management_callback::flags
unsigned int flags
Definition manage.h:176
management_callback::remote_cmd
bool(* remote_cmd)(void *arg, const char **p)
Definition manage.h:193
management_callback::kill_by_cn
int(* kill_by_cn)(void *arg, const char *common_name)
Definition manage.h:180
management_callback::kill_by_cid
bool(* kill_by_cid)(void *arg, const unsigned long cid, const char *kill_msg)
Definition manage.h:185
management::persist
struct man_persist persist
Definition manage.h:335
management::connection
struct man_connection connection
Definition manage.h:337
management::settings
struct man_settings settings
Definition manage.h:336
mroute_addr
Definition mroute.h:82
multi_context
Main OpenVPN server state structure.
Definition multi.h:162
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:169
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition multi.h:201
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition multi.h:102
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:142
openvpn_sockaddr
Definition socket_util.h:38
rw_handle
Definition win32.h:80
status_output
Definition status.h:49
tuntap::dco
dco_context_t dco
Definition tun.h:247
user_pass
Definition misc.h:55
user_pass::defined
bool defined
Definition misc.h:56
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:71
user_pass::nocache
bool nocache
Definition misc.h:60
user_pass::username
char username[USER_PASS_LEN]
Definition misc.h:70
virtual_output::flags_default
unsigned int flags_default
Definition status.h:34
virtual_output::arg
void * arg
Definition status.h:33
virtual_output::func
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition status.h:35
SIGHUP
#define SIGHUP
Definition syshead.h:55
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition syshead.h:443
SIGINT
#define SIGINT
Definition syshead.h:56
SIGTERM
#define SIGTERM
Definition syshead.h:59
socket_descriptor_t
SOCKET socket_descriptor_t
Definition syshead.h:445
sleep
#define sleep(x)
Definition syshead.h:42
SIGUSR1
#define SIGUSR1
Definition syshead.h:57
in_addr_t
uint32_t in_addr_t
Definition syshead.h:52
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition syshead.h:453
es
struct env_set * es
Definition test_pkcs11.c:138
gc
struct gc_arena gc
Definition test_ssl.c:133
log_entry_union::msg_flags
unsigned int msg_flags
Definition manage.h:101
log_entry_union::state
int state
Definition manage.h:102
log_entry_union::intval
int intval
Definition manage.h:103
net_event_win32_init
void net_event_win32_init(struct net_event_win32 *ne)
Definition win32.c:323
net_event_win32_close
void net_event_win32_close(struct net_event_win32 *ne)
Definition win32.c:374
net_event_win32_reset_write
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition win32.c:339
net_event_win32_start
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition win32.c:330
win32_sleep
void win32_sleep(const int n)
Definition win32.c:1502
net_event_win32_reset
void net_event_win32_reset(struct net_event_win32 *ne)
Definition win32.c:357
net_event_win32_stop
void net_event_win32_stop(struct net_event_win32 *ne)
Definition win32.c:363
net_event_win32_get_event_mask
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition win32.h:141
net_event_win32_clear_selected_events
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition win32.h:147
net_event_win32_get_event
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition win32.h:135
Generated by doxygen 1.9.8