48const char *iproute_path = IPROUTE_PATH;
57#if defined(HAVE_DUP) && defined(HAVE_DUP2)
59 if ((fd = open(
"/dev/null", O_RDWR, 0)) != -1)
75#ifdef ENABLE_MANAGEMENT
81 const char *sc = NULL;
101 "ERROR: could not read %s username/password/ok/string from management interface",
128 char *work = (
char *)
gc_malloc(len + 1,
false,
gc);
151 for (
cp = work; *
cp !=
'\0'; ++
cp)
199 bool from_authfile = (auth_file && !
streq(auth_file,
"stdin"));
200 bool username_from_stdin =
false;
201 bool password_from_stdin =
false;
202 bool response_from_stdin =
true;
207 msg(
M_WARN,
"Note: previous '%s' credentials failed", prefix);
210#ifdef ENABLE_MANAGEMENT
217 response_from_stdin =
false;
236 msg(
M_FATAL,
"ERROR: could not read %s ok-confirmation from stdin", prefix);
273 msg(
M_ERR,
"Error opening '%s' auth file: %s", prefix, auth_file);
281 msg(
M_FATAL,
"Error reading username from %s authfile: %s", prefix,
294 msg(
M_FATAL,
"Error reading password from %s authfile: %s", prefix, auth_file);
305#if defined(ENABLE_MANAGEMENT)
310 "No password found in %s authfile '%s'. Querying the management interface",
328 msg(
M_FATAL,
"ERROR: username from %s authfile '%s' is empty", prefix,
343#ifdef ENABLE_MANAGEMENT
359 msg(
M_FATAL,
"ERROR: could not read challenge response from stdin");
366 msg(
M_FATAL,
"ERROR: received malformed challenge request from server");
393 msg(
M_FATAL,
"ERROR: Failed retrieving username or password");
400 msg(
M_FATAL,
"ERROR: %s username is empty", prefix);
404#ifdef ENABLE_MANAGEMENT
419 msg(
M_FATAL,
"ERROR: could not retrieve static challenge response");
426 msg(
M_FATAL,
"ERROR: could not base64-encode password/static_response");
440 "ERROR: could not concatenate password/static_response: string too long");
467 const bool nocache = up->
nocache;
469 if (nocache ||
force)
484 "WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this");
497 tk->token_defined =
true;
521 tk->defined =
len > 0;
524 msg(
D_PUSH,
"Error decoding auth-token-username");
565 ret[base + n] =
NULL;
567 return (
const char **)ret;
598 return (
const char **)ret;
617 return (
const char **)ret;
724 if (
c ==
'=' && state == 1)
766 msg(
M_WARN,
"validation failed on peer_info line received from client");
const char * skip_leading_whitespace(const char *str)
bool buf_printf(struct buffer *buf, const char *format,...)
void string_clear(char *str)
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace)
Modifies a string in place by replacing certain classes of characters of it with a specified characte...
const char * string_mod_const(const char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace, struct gc_arena *gc)
Returns a copy of a string with certain classes of characters of it replaced with a specified charact...
int string_array_len(const char **array)
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
char * string_alloc(const char *str, struct gc_arena *gc)
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
#define CC_CRLF
carriage return or newline
static void buf_set_write(struct buffer *buf, uint8_t *data, int size)
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
static void strncpynt(char *dest, const char *src, size_t maxlen)
static void gc_free(struct gc_arena *a)
#define CC_PRINT
printable (>= 32, != 127)
static struct gc_arena gc_new(void)
void query_user_clear(void)
Wipes all data put into all of the query_user structs.
void query_user_add(char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo)
Adds an item to ask the user for.
static bool query_user_exec(void)
Wrapper function enabling query_user_exec() if no alternative methods have been enabled.
static bool query_user_SINGLE(char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo)
A plain "make Gert happy" wrapper.
Data Channel Cryptography Module.
void env_set_add(struct env_set *es, const char *str)
void management_auth_failure(struct management *man, const char *type, const char *reason)
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
static bool management_query_user_pass_enabled(const struct management *man)
static const char ** make_inline_array(const char *str, struct gc_arena *gc)
void unprotect_user_pass(struct user_pass *up)
Decrypt username and password buffers in user_pass.
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Retrieves the user credentials from various sources depending on the flags.
const char ** make_arg_array(const char *first, const char *parms, struct gc_arena *gc)
void purge_user_pass(struct user_pass *up, const bool force)
bool validate_peer_info_line(char *line)
void set_auth_token_user(struct user_pass *tk, const char *username)
Sets the auth-token username by base64 decoding the passed username.
void set_std_files_to_null(bool stdin_only)
void output_peer_info_env(struct env_set *es, const char *peer_info)
struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc)
Prepend a directory to a path.
static struct auth_challenge_info * parse_auth_challenge(const char *auth_challenge, struct gc_arena *gc)
Parses an authentication challenge string and returns an auth_challenge_info structure.
void protect_user_pass(struct user_pass *up)
Encrypt username and password buffers in user_pass.
const char ** make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc)
static const char ** make_arg_copy(char **p, struct gc_arena *gc)
const char * safe_print(const char *str, struct gc_arena *gc)
const char * sanitize_control_message(const char *src, struct gc_arena *gc)
static bool auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int flags, const char *auth_challenge)
void set_auth_token(struct user_pass *tk, const char *token)
Sets the auth-token to token.
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
indicates password and response should be concatenated
#define GET_USER_PASS_MANAGEMENT
#define GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
SCRV1 protocol – echo response.
#define GET_USER_PASS_INLINE_CREDS
indicates that auth_file is actually inline creds
#define GET_USER_PASS_STATIC_CHALLENGE
SCRV1 protocol – static challenge.
#define GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NOFATAL
#define GET_USER_PASS_PREVIOUS_CREDS_FAILED
#define GET_USER_PASS_DYNAMIC_CHALLENGE
CRV1 protocol – dynamic challenge.
static bool check_debug_level(unsigned int level)
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
int openvpn_base64_decode(const char *str, void *data, int size)
int openvpn_base64_encode(const void *data, int size, char **str)
static char * auth_challenge
Wrapper structure for dynamically allocated memory.
int len
Length in bytes of the actual content within the allocated memory.
Garbage collection arena used to keep track of dynamically allocated memory.
char password[USER_PASS_LEN]
char username[USER_PASS_LEN]
#define PATH_SEPARATOR_STR
bool unprotect_buffer_win32(char *buf, size_t len)
Decrypt a previously encrypted region of memory using CryptUnProtectMemory() with access restricted t...
bool protect_buffer_win32(char *buf, size_t len)
Encrypt a region of memory using CryptProtectMemory() with access restricted to the current process.