OpenVPN
misc.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifndef MISC_H
24#define MISC_H
25
26#include "argv.h"
27#include "basic.h"
28#include "common.h"
29#include "env_set.h"
30#include "integer.h"
31#include "buffer.h"
32#include "platform.h"
33
34/* forward declarations */
35struct plugin_list;
36
37
38/* Set standard file descriptors to /dev/null */
39void set_std_files_to_null(bool stdin_only);
40
41/* Make arrays of strings */
42
43const char **make_arg_array(const char *first, const char *parms, struct gc_arena *gc);
44
45const char **make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc);
46
47/*
48 * Get and store a username/password
49 */
50
52{
53 bool defined;
54 /* For auth-token username and token can be set individually, so we
55 * use this second bool to track if the token (password) is defined */
57 bool nocache;
58 bool protected;
59
60/* max length of username/password */
61#ifdef ENABLE_PKCS11
62#define USER_PASS_LEN 4096
63#else
64#define USER_PASS_LEN 128
65#endif
66 /* Note that username and password are expected to be null-terminated */
69};
70
71#ifdef ENABLE_MANAGEMENT
72/*
73 * Challenge response info on client as pushed by server.
74 */
76{
77#define CR_ECHO (1 << 0) /* echo response when typed by user */
78#define CR_RESPONSE (1 << 1) /* response needed */
79 unsigned int flags;
80
81 const char *user;
82 const char *state_id;
83 const char *challenge_text;
84};
85
86/*
87 * Challenge response info on client as pushed by server.
88 */
90{
91#define SC_ECHO (1 << 0) /* echo response when typed by user */
92#define SC_CONCAT (1 << 1) /* concatenate password and response and do not base64 encode */
93 unsigned int flags;
94
95 const char *challenge_text;
96};
97
98#else /* ifdef ENABLE_MANAGEMENT */
100{
101};
103{
104};
105#endif /* ifdef ENABLE_MANAGEMENT */
106
107/*
108 * Flags for get_user_pass and management_query_user_pass
109 */
110#define GET_USER_PASS_MANAGEMENT (1 << 0)
111/* GET_USER_PASS_SENSITIVE (1<<1) not used anymore */
112#define GET_USER_PASS_PASSWORD_ONLY (1 << 2)
113#define GET_USER_PASS_NEED_OK (1 << 3)
114#define GET_USER_PASS_NOFATAL (1 << 4)
115#define GET_USER_PASS_NEED_STR (1 << 5)
116#define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1 << 6)
117
118#define GET_USER_PASS_DYNAMIC_CHALLENGE (1 << 7)
119#define GET_USER_PASS_STATIC_CHALLENGE (1 << 8)
120#define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1 << 9)
123#define GET_USER_PASS_INLINE_CREDS (1 << 10)
125#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT (1 << 11)
126
137bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix,
138 const unsigned int flags, const char *auth_challenge);
139
149static inline bool
150get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix,
151 const unsigned int flags)
152{
153 return get_user_pass_cr(up, auth_file, prefix, flags, NULL);
154}
155
156void purge_user_pass(struct user_pass *up, const bool force);
157
167void set_auth_token(struct user_pass *tk, const char *token);
168
178void set_auth_token_user(struct user_pass *tk, const char *username);
179
180/*
181 * Process string received by untrusted peer before
182 * printing to console or log file.
183 * Assumes that string has been null terminated.
184 */
185const char *safe_print(const char *str, struct gc_arena *gc);
186
187const char *sanitize_control_message(const char *str, struct gc_arena *gc);
188
189/*
190 * /sbin/ip path, may be overridden
191 */
192#ifdef ENABLE_IPROUTE
193extern const char *iproute_path;
194#endif
195
196/* helper to parse peer_info received from multi client, validate
197 * (this is untrusted data) and put into environment */
198bool validate_peer_info_line(char *line);
199
200void output_peer_info_env(struct env_set *es, const char *peer_info);
201
205struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc);
206
210void protect_user_pass(struct user_pass *up);
211
215void unprotect_user_pass(struct user_pass *up);
216
217
218#define _STRINGIFY(S) #S
219/* *INDENT-OFF* - uncrustify need to ignore this macro */
220#define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx)
221/* *INDENT-ON* */
222#define MAC_PRINT_ARG(_mac) _mac[0], _mac[1], _mac[2], _mac[3], _mac[4], _mac[5]
223#define MAC_SCAN_ARG(_mac) &_mac[0], &_mac[1], &_mac[2], &_mac[3], &_mac[4], &_mac[5]
224
225#endif /* ifndef MISC_H */
#define USER_PASS_LEN
Definition misc.h:64
void unprotect_user_pass(struct user_pass *up)
Decrypt username and password buffers in user_pass.
Definition misc.c:803
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.c:192
const char ** make_arg_array(const char *first, const char *parms, struct gc_arena *gc)
Definition misc.c:544
void purge_user_pass(struct user_pass *up, const bool force)
Definition misc.c:465
bool validate_peer_info_line(char *line)
Definition misc.c:713
void set_auth_token_user(struct user_pass *tk, const char *username)
Sets the auth-token username by base64 decoding the passed username.
Definition misc.c:511
void set_std_files_to_null(bool stdin_only)
Definition misc.c:55
void output_peer_info_env(struct env_set *es, const char *peer_info)
Definition misc.c:750
struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc)
Prepend a directory to a path.
Definition misc.c:772
const char * sanitize_control_message(const char *str, struct gc_arena *gc)
Definition misc.c:651
void protect_user_pass(struct user_pass *up)
Encrypt username and password buffers in user_pass.
Definition misc.c:783
const char ** make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc)
Definition misc.c:621
const char * safe_print(const char *str, struct gc_arena *gc)
Definition misc.c:538
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
void set_auth_token(struct user_pass *tk, const char *token)
Sets the auth-token to token.
Definition misc.c:491
static char * auth_challenge
Definition ssl.c:284
const char * user
Definition misc.h:81
const char * state_id
Definition misc.h:82
const char * challenge_text
Definition misc.h:83
unsigned int flags
Definition misc.h:79
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
unsigned int flags
Definition misc.h:93
const char * challenge_text
Definition misc.h:95
bool token_defined
Definition misc.h:56
bool defined
Definition misc.h:53
char password[USER_PASS_LEN]
Definition misc.h:68
bool nocache
Definition misc.h:57
char username[USER_PASS_LEN]
Definition misc.h:67
struct env_set * es
struct gc_arena gc
Definition test_ssl.c:154