OpenVPN
manage.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #ifdef ENABLE_MANAGEMENT
33 
34 #include "error.h"
35 #include "fdmisc.h"
36 #include "options.h"
37 #include "sig.h"
38 #include "event.h"
39 #include "otime.h"
40 #include "integer.h"
41 #include "misc.h"
42 #include "ssl.h"
43 #include "common.h"
44 #include "manage.h"
45 
46 #include "memdbg.h"
47 
48 #ifdef ENABLE_PKCS11
49 #include "pkcs11.h"
50 #endif
51 
52 #define MANAGEMENT_ECHO_PULL_INFO 0
53 
54 #if MANAGEMENT_ECHO_PULL_INFO
55 #define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
56 #else
57 #define MANAGEMENT_ECHO_FLAGS 0
58 #endif
59 
60 /* tag for blank username/password */
61 static const char blank_up[] = "[[BLANK]]";
62 
63 struct management *management; /* GLOBAL */
64 
65 /* static forward declarations */
66 static void man_output_standalone(struct management *man, volatile int *signal_received);
67 
68 static void man_reset_client_socket(struct management *man, const bool exiting);
69 
70 static void
71 man_help(void)
72 {
73  msg(M_CLIENT, "Management Interface for %s", title_string);
74  msg(M_CLIENT, "Commands:");
75  msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
76  msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
77  msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
78  msg(M_CLIENT, "exit|quit : Close management session.");
79  msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
80  msg(M_CLIENT, "help : Print this message.");
81  msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
82  msg(M_CLIENT, " release current hold and start tunnel.");
83  msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
84  msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
85  msg(M_CLIENT, "load-stats : Show global server load stats.");
86  msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
87  msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
88  msg(M_CLIENT, "mute [n] : Set log mute level to n, or show level if n is absent.");
89  msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
90  msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
91  msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
92  msg(M_CLIENT, " where action is reply string.");
93  msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
94  msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
95  msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
96  msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
97  msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
98 #ifdef ENABLE_PKCS11
99  msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
100  msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
101 #endif
102 #ifdef MANAGEMENT_DEF_AUTH
103  msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
104  msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
105  msg(M_CLIENT, "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
106  msg(M_CLIENT, " text R and optional client reason text CR");
107  msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
108  msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
109 #ifdef MANAGEMENT_PF
110  msg(M_CLIENT, "client-pf CID : Define packet filter for client CID (MULTILINE)");
111 #endif
112 #endif
113 #ifdef MANAGMENT_EXTERNAL_KEY
114  msg(M_CLIENT, "rsa-sig : Enter an RSA signature in response to >RSA_SIGN challenge");
115  msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
116  msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge");
117  msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END");
118 #endif
119  msg(M_CLIENT, "signal s : Send signal s to daemon,");
120  msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
121  msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
122  msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
123  msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
124  msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
125  msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
126  msg(M_CLIENT, "version : Show current version number.");
127  msg(M_CLIENT, "END");
128 }
129 
130 static const char *
131 man_state_name(const int state)
132 {
133  switch (state)
134  {
136  return "INITIAL";
137 
139  return "CONNECTING";
140 
141  case OPENVPN_STATE_WAIT:
142  return "WAIT";
143 
144  case OPENVPN_STATE_AUTH:
145  return "AUTH";
146 
148  return "GET_CONFIG";
149 
151  return "ASSIGN_IP";
152 
154  return "ADD_ROUTES";
155 
157  return "CONNECTED";
158 
160  return "RECONNECTING";
161 
163  return "EXITING";
164 
166  return "RESOLVE";
167 
169  return "TCP_CONNECT";
170 
171  default:
172  return "?";
173  }
174 }
175 
176 static void
177 man_welcome(struct management *man)
178 {
179  msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
181  if (man->persist.special_state_msg)
182  {
183  msg(M_CLIENT, "%s", man->persist.special_state_msg);
184  }
185 }
186 
187 static inline bool
188 man_password_needed(struct management *man)
189 {
190  return man->settings.up.defined && !man->connection.password_verified;
191 }
192 
193 static void
194 man_check_password(struct management *man, const char *line)
195 {
196  if (man_password_needed(man))
197  {
198  if (streq(line, man->settings.up.password))
199  {
200  man->connection.password_verified = true;
201  msg(M_CLIENT, "SUCCESS: password is correct");
202  man_welcome(man);
203  }
204  else
205  {
206  man->connection.password_verified = false;
207  msg(M_CLIENT, "ERROR: bad password");
209  {
210  msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
212  man->connection.halt = true;
213  }
214  }
215  }
216 }
217 
218 static void
219 man_update_io_state(struct management *man)
220 {
221  if (socket_defined(man->connection.sd_cli))
222  {
224  {
226  }
227  else
228  {
230  }
231  }
232 }
233 
234 static void
235 man_output_list_push_finalize(struct management *man)
236 {
237  if (management_connected(man))
238  {
239  man_update_io_state(man);
240  if (!man->persist.standalone_disabled)
241  {
242  volatile int signal_received = 0;
243  man_output_standalone(man, &signal_received);
244  }
245  }
246 }
247 
248 static void
249 man_output_list_push_str(struct management *man, const char *str)
250 {
251  if (management_connected(man) && str)
252  {
253  buffer_list_push(man->connection.out, (const unsigned char *) str);
254  }
255 }
256 
257 static void
258 man_output_list_push(struct management *man, const char *str)
259 {
260  man_output_list_push_str(man, str);
262 }
263 
264 static void
265 man_prompt(struct management *man)
266 {
267  if (man_password_needed(man))
268  {
269  man_output_list_push(man, "ENTER PASSWORD:");
270  }
271 #if 0 /* should we use prompt? */
272  else
273  {
274  man_output_list_push(man, ">");
275  }
276 #endif
277 }
278 
279 static void
280 man_delete_unix_socket(struct management *man)
281 {
282 #if UNIX_SOCK_SUPPORT
284  {
285  socket_delete_unix(&man->settings.local_unix);
286  }
287 #endif
288 }
289 
290 static void
291 man_close_socket(struct management *man, const socket_descriptor_t sd)
292 {
293 #ifndef _WIN32
294  /*
295  * Windows doesn't need this because the ne32 event is permanently
296  * enabled at struct management scope.
297  */
298  if (man->persist.callback.delete_event)
299  {
300  (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
301  }
302 #endif
304 }
305 
306 static void
307 virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
308 {
309  struct management *man = (struct management *) arg;
310  static int recursive_level = 0; /* GLOBAL */
311 
312 #define AF_DID_PUSH (1<<0)
313 #define AF_DID_RESET (1<<1)
314 
315  if (!recursive_level) /* don't allow recursion */
316  {
317  struct gc_arena gc = gc_new();
318  struct log_entry e;
319  const char *out = NULL;
320  unsigned int action_flags = 0;
321 
322  ++recursive_level;
323 
324  CLEAR(e);
325  update_time();
326  e.timestamp = now;
327  e.u.msg_flags = flags;
328  e.string = str;
329 
330  if (flags & M_FATAL)
331  {
332  man->persist.standalone_disabled = false;
333  }
334 
335  if (flags != M_CLIENT)
336  {
337  log_history_add(man->persist.log, &e);
338  }
339 
340  if (!man_password_needed(man))
341  {
342  if (flags == M_CLIENT)
343  {
344  out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
345  }
346  else if (man->connection.log_realtime)
347  {
351  | LOG_PRINT_CRLF, &gc);
352  }
353  if (out)
354  {
355  man_output_list_push_str(man, out);
356  action_flags |= AF_DID_PUSH;
357  }
358  if (flags & M_FATAL)
359  {
361  if (out)
362  {
363  man_output_list_push_str(man, out);
364  action_flags |= (AF_DID_PUSH|AF_DID_RESET);
365  }
366  }
367  }
368 
369  gc_free(&gc);
370 
371  if (action_flags & AF_DID_PUSH)
372  {
374  }
375  if (action_flags & AF_DID_RESET)
376  {
377  man_reset_client_socket(man, true);
378  }
379 
380  --recursive_level;
381  }
382 }
383 
384 /*
385  * Given a signal, return the signal with possible remapping applied,
386  * or -1 if the signal should be ignored.
387  */
388 static int
389 man_mod_signal(const struct management *man, const int signum)
390 {
391  const unsigned int flags = man->settings.mansig;
392  int s = signum;
393  if (s == SIGUSR1)
394  {
395  if (flags & MANSIG_MAP_USR1_TO_HUP)
396  {
397  s = SIGHUP;
398  }
399  if (flags & MANSIG_MAP_USR1_TO_TERM)
400  {
401  s = SIGTERM;
402  }
403  }
404  if (flags & MANSIG_IGNORE_USR1_HUP)
405  {
406  if (s == SIGHUP || s == SIGUSR1)
407  {
408  s = -1;
409  }
410  }
411  return s;
412 }
413 
414 static void
415 man_signal(struct management *man, const char *name)
416 {
417  const int sig = parse_signal(name);
418  if (sig >= 0)
419  {
420  const int sig_mod = man_mod_signal(man, sig);
421  if (sig_mod >= 0)
422  {
423  throw_signal(sig_mod);
424  msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
425  }
426  else
427  {
428  if (man->persist.special_state_msg)
429  {
430  msg(M_CLIENT, "%s", man->persist.special_state_msg);
431  }
432  else
433  {
434  msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
435  }
436  }
437  }
438  else
439  {
440  msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
441  }
442 }
443 
444 static void
445 man_status(struct management *man, const int version, struct status_output *so)
446 {
447  if (man->persist.callback.status)
448  {
449  (*man->persist.callback.status)(man->persist.callback.arg, version, so);
450  }
451  else
452  {
453  msg(M_CLIENT, "ERROR: The 'status' command is not supported by the current daemon mode");
454  }
455 }
456 
457 static void
458 man_bytecount(struct management *man, const int update_seconds)
459 {
460  if (update_seconds >= 0)
461  {
462  man->connection.bytecount_update_seconds = update_seconds;
463  }
464  else
465  {
467  }
468  msg(M_CLIENT, "SUCCESS: bytecount interval changed");
469 }
470 
471 void
472 man_bytecount_output_client(struct management *man)
473 {
474  char in[32];
475  char out[32];
476  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
477  openvpn_snprintf(in, sizeof(in), counter_format, man->persist.bytes_in);
478  openvpn_snprintf(out, sizeof(out), counter_format, man->persist.bytes_out);
479  msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
481 }
482 
483 #ifdef MANAGEMENT_DEF_AUTH
484 
485 void
486 man_bytecount_output_server(struct management *man,
487  const counter_type *bytes_in_total,
488  const counter_type *bytes_out_total,
489  struct man_def_auth_context *mdac)
490 {
491  char in[32];
492  char out[32];
493  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
494  openvpn_snprintf(in, sizeof(in), counter_format, *bytes_in_total);
495  openvpn_snprintf(out, sizeof(out), counter_format, *bytes_out_total);
496  msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
497  mdac->bytecount_last_update = now;
498 }
499 
500 #endif
501 
502 static void
503 man_kill(struct management *man, const char *victim)
504 {
505  struct gc_arena gc = gc_new();
506 
508  {
509  struct buffer buf;
510  char p1[128];
511  char p2[128];
512  int n_killed;
513 
514  buf_set_read(&buf, (uint8_t *) victim, strlen(victim) + 1);
515  buf_parse(&buf, ':', p1, sizeof(p1));
516  buf_parse(&buf, ':', p2, sizeof(p2));
517 
518  if (strlen(p1) && strlen(p2))
519  {
520  /* IP:port specified */
521  bool status;
522  const in_addr_t addr = getaddr(GETADDR_HOST_ORDER|GETADDR_MSG_VIRT_OUT, p1, 0, &status, NULL);
523  if (status)
524  {
525  const int port = atoi(p2);
526  if (port > 0 && port < 65536)
527  {
528  n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg, addr, port);
529  if (n_killed > 0)
530  {
531  msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%d killed",
532  n_killed,
533  print_in_addr_t(addr, 0, &gc),
534  port);
535  }
536  else
537  {
538  msg(M_CLIENT, "ERROR: client at address %s:%d not found",
539  print_in_addr_t(addr, 0, &gc),
540  port);
541  }
542  }
543  else
544  {
545  msg(M_CLIENT, "ERROR: port number is out of range: %s", p2);
546  }
547  }
548  else
549  {
550  msg(M_CLIENT, "ERROR: error parsing IP address: %s", p1);
551  }
552  }
553  else if (strlen(p1))
554  {
555  /* common name specified */
556  n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
557  if (n_killed > 0)
558  {
559  msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
560  }
561  else
562  {
563  msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
564  }
565  }
566  else
567  {
568  msg(M_CLIENT, "ERROR: kill parse");
569  }
570  }
571  else
572  {
573  msg(M_CLIENT, "ERROR: The 'kill' command is not supported by the current daemon mode");
574  }
575 
576  gc_free(&gc);
577 }
578 
579 /*
580  * General-purpose history command handler
581  * for the log and echo commands.
582  */
583 static void
584 man_history(struct management *man,
585  const char *parm,
586  const char *type,
587  struct log_history *log,
588  bool *realtime,
589  const unsigned int lep_flags)
590 {
591  struct gc_arena gc = gc_new();
592  int n = 0;
593 
594  if (streq(parm, "on"))
595  {
596  *realtime = true;
597  msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
598  }
599  else if (streq(parm, "off"))
600  {
601  *realtime = false;
602  msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
603  }
604  else if (streq(parm, "all") || (n = atoi(parm)) > 0)
605  {
606  const int size = log_history_size(log);
607  const int start = (n ? n : size) - 1;
608  int i;
609 
610  for (i = start; i >= 0; --i)
611  {
612  const struct log_entry *e = log_history_ref(log, i);
613  if (e)
614  {
615  const char *out = log_entry_print(e, lep_flags, &gc);
617  }
618  }
619  msg(M_CLIENT, "END");
620  }
621  else
622  {
623  msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
624  }
625 
626  gc_free(&gc);
627 }
628 
629 static void
630 man_log(struct management *man, const char *parm)
631 {
632  man_history(man,
633  parm,
634  "log",
635  man->persist.log,
636  &man->connection.log_realtime,
638 }
639 
640 static void
641 man_echo(struct management *man, const char *parm)
642 {
643  man_history(man,
644  parm,
645  "echo",
646  man->persist.echo,
649 }
650 
651 static void
652 man_state(struct management *man, const char *parm)
653 {
654  man_history(man,
655  parm,
656  "state",
657  man->persist.state,
661 }
662 
663 static void
664 man_up_finalize(struct management *man)
665 {
666  switch (man->connection.up_query_mode)
667  {
668  case UP_QUERY_USER_PASS:
669  if (!strlen(man->connection.up_query.username))
670  {
671  break;
672  }
673 
674  /* fall through */
675  case UP_QUERY_PASS:
676  case UP_QUERY_NEED_OK:
677  case UP_QUERY_NEED_STR:
678  if (strlen(man->connection.up_query.password))
679  {
680  man->connection.up_query.defined = true;
681  }
682  break;
683 
684  case UP_QUERY_DISABLED:
685  man->connection.up_query.defined = false;
686  break;
687 
688  default:
689  ASSERT(0);
690  }
691 }
692 
693 static void
694 man_query_user_pass(struct management *man,
695  const char *type,
696  const char *string,
697  const bool needed,
698  const char *prompt,
699  char *dest,
700  int len)
701 {
702  if (needed)
703  {
705  if (streq(man->connection.up_query_type, type))
706  {
707  strncpynt(dest, string, len);
708  man_up_finalize(man);
709  msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified",
710  type,
711  prompt);
712  }
713  else
714  {
715  msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'",
716  prompt,
717  type,
719  }
720  }
721  else
722  {
723  msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
724  }
725 }
726 
727 static void
728 man_query_username(struct management *man, const char *type, const char *string)
729 {
730  const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS
731  ) && man->connection.up_query_type);
732  man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username, USER_PASS_LEN);
733 }
734 
735 static void
736 man_query_password(struct management *man, const char *type, const char *string)
737 {
738  const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
740  ) && man->connection.up_query_type);
741  if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
742  {
743  string = blank_up;
744  }
745  man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN);
746 }
747 
748 static void
749 man_query_need_ok(struct management *man, const char *type, const char *action)
750 {
751  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
752  man_query_user_pass(man, type, action, needed, "needok-confirmation", man->connection.up_query.password, USER_PASS_LEN);
753 }
754 
755 static void
756 man_query_need_str(struct management *man, const char *type, const char *action)
757 {
758  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
759  man_query_user_pass(man, type, action, needed, "needstr-string", man->connection.up_query.password, USER_PASS_LEN);
760 }
761 
762 static void
763 man_forget_passwords(struct management *man)
764 {
765 #ifdef ENABLE_CRYPTO
766  ssl_purge_auth(false);
767  msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
768 #endif
769 }
770 
771 static void
772 man_net(struct management *man)
773 {
774  if (man->persist.callback.show_net)
775  {
777  }
778  else
779  {
780  msg(M_CLIENT, "ERROR: The 'net' command is not supported by the current daemon mode");
781  }
782 }
783 
784 #ifdef ENABLE_PKCS11
785 
786 static void
787 man_pkcs11_id_count(struct management *man)
788 {
789  msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
790 }
791 
792 static void
793 man_pkcs11_id_get(struct management *man, const int index)
794 {
795  char *id = NULL;
796  char *base64 = NULL;
797 
798  if (pkcs11_management_id_get(index, &id, &base64))
799  {
800  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
801  }
802  else
803  {
804  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
805  }
806 
807  if (id != NULL)
808  {
809  free(id);
810  }
811  if (base64 != NULL)
812  {
813  free(base64);
814  }
815 }
816 
817 #endif /* ifdef ENABLE_PKCS11 */
818 
819 static void
820 man_hold(struct management *man, const char *cmd)
821 {
822  if (cmd)
823  {
824  if (streq(cmd, "on"))
825  {
826  man->settings.flags |= MF_HOLD;
827  msg(M_CLIENT, "SUCCESS: hold flag set to ON");
828  }
829  else if (streq(cmd, "off"))
830  {
831  man->settings.flags &= ~MF_HOLD;
832  msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
833  }
834  else if (streq(cmd, "release"))
835  {
836  man->persist.hold_release = true;
837  msg(M_CLIENT, "SUCCESS: hold release succeeded");
838  }
839  else
840  {
841  msg(M_CLIENT, "ERROR: bad hold command parameter");
842  }
843  }
844  else
845  {
846  msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
847  }
848 }
849 
850 #ifdef MANAGEMENT_IN_EXTRA
851 
852 #define IER_RESET 0
853 #define IER_NEW 1
854 
855 static void
856 in_extra_reset(struct man_connection *mc, const int mode)
857 {
858  if (mc)
859  {
860  if (mode != IER_NEW)
861  {
862  mc->in_extra_cmd = IEC_UNDEF;
863 #ifdef MANAGEMENT_DEF_AUTH
864  mc->in_extra_cid = 0;
865  mc->in_extra_kid = 0;
866 #endif
867  }
868  if (mc->in_extra)
869  {
870  buffer_list_free(mc->in_extra);
871  mc->in_extra = NULL;
872  }
873  if (mode == IER_NEW)
874  {
875  mc->in_extra = buffer_list_new(0);
876  }
877  }
878 }
879 
880 static void
881 in_extra_dispatch(struct management *man)
882 {
883  switch (man->connection.in_extra_cmd)
884  {
885 #ifdef MANAGEMENT_DEF_AUTH
886  case IEC_CLIENT_AUTH:
887  if (man->persist.callback.client_auth)
888  {
889  const bool status = (*man->persist.callback.client_auth)
890  (man->persist.callback.arg,
891  man->connection.in_extra_cid,
892  man->connection.in_extra_kid,
893  true,
894  NULL,
895  NULL,
896  man->connection.in_extra);
897  man->connection.in_extra = NULL;
898  if (status)
899  {
900  msg(M_CLIENT, "SUCCESS: client-auth command succeeded");
901  }
902  else
903  {
904  msg(M_CLIENT, "ERROR: client-auth command failed");
905  }
906  }
907  else
908  {
909  msg(M_CLIENT, "ERROR: The client-auth command is not supported by the current daemon mode");
910  }
911  break;
912 
913 #endif /* ifdef MANAGEMENT_DEF_AUTH */
914 #ifdef MANAGEMENT_PF
915  case IEC_CLIENT_PF:
916  if (man->persist.callback.client_pf)
917  {
918  const bool status = (*man->persist.callback.client_pf)
919  (man->persist.callback.arg,
920  man->connection.in_extra_cid,
921  man->connection.in_extra);
922  man->connection.in_extra = NULL;
923  if (status)
924  {
925  msg(M_CLIENT, "SUCCESS: client-pf command succeeded");
926  }
927  else
928  {
929  msg(M_CLIENT, "ERROR: client-pf command failed");
930  }
931  }
932  else
933  {
934  msg(M_CLIENT, "ERROR: The client-pf command is not supported by the current daemon mode");
935  }
936  break;
937 
938 #endif /* ifdef MANAGEMENT_PF */
939 #ifdef MANAGMENT_EXTERNAL_KEY
940  case IEC_RSA_SIGN:
941  man->connection.ext_key_state = EKS_READY;
942  buffer_list_free(man->connection.ext_key_input);
943  man->connection.ext_key_input = man->connection.in_extra;
944  man->connection.in_extra = NULL;
945  return;
946 
947  case IEC_CERTIFICATE:
948  man->connection.ext_cert_state = EKS_READY;
949  buffer_list_free(man->connection.ext_cert_input);
950  man->connection.ext_cert_input = man->connection.in_extra;
951  man->connection.in_extra = NULL;
952  return;
953 #endif
954  }
956 }
957 
958 #endif /* MANAGEMENT_IN_EXTRA */
959 
960 #ifdef MANAGEMENT_DEF_AUTH
961 
962 static bool
963 parse_cid(const char *str, unsigned long *cid)
964 {
965  if (sscanf(str, "%lu", cid) == 1)
966  {
967  return true;
968  }
969  else
970  {
971  msg(M_CLIENT, "ERROR: cannot parse CID");
972  return false;
973  }
974 }
975 
976 static bool
977 parse_kid(const char *str, unsigned int *kid)
978 {
979  if (sscanf(str, "%u", kid) == 1)
980  {
981  return true;
982  }
983  else
984  {
985  msg(M_CLIENT, "ERROR: cannot parse KID");
986  return false;
987  }
988 }
989 
990 static void
991 man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
992 {
993  struct man_connection *mc = &man->connection;
994  mc->in_extra_cid = 0;
995  mc->in_extra_kid = 0;
996  if (parse_cid(cid_str, &mc->in_extra_cid)
997  && parse_kid(kid_str, &mc->in_extra_kid))
998  {
999  mc->in_extra_cmd = IEC_CLIENT_AUTH;
1000  in_extra_reset(mc, IER_NEW);
1001  if (!extra)
1002  {
1003  in_extra_dispatch(man);
1004  }
1005  }
1006 }
1007 
1008 static void
1009 man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
1010 {
1011  unsigned long cid = 0;
1012  unsigned int kid = 0;
1013  if (parse_cid(cid_str, &cid) && parse_kid(kid_str, &kid))
1014  {
1015  if (man->persist.callback.client_auth)
1016  {
1017  const bool status = (*man->persist.callback.client_auth)
1018  (man->persist.callback.arg,
1019  cid,
1020  kid,
1021  false,
1022  reason,
1023  client_reason,
1024  NULL);
1025  if (status)
1026  {
1027  msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1028  }
1029  else
1030  {
1031  msg(M_CLIENT, "ERROR: client-deny command failed");
1032  }
1033  }
1034  else
1035  {
1036  msg(M_CLIENT, "ERROR: The client-deny command is not supported by the current daemon mode");
1037  }
1038  }
1039 }
1040 
1041 static void
1042 man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1043 {
1044  unsigned long cid = 0;
1045  if (parse_cid(cid_str, &cid))
1046  {
1047  if (man->persist.callback.kill_by_cid)
1048  {
1049  const bool status = (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1050  if (status)
1051  {
1052  msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1053  }
1054  else
1055  {
1056  msg(M_CLIENT, "ERROR: client-kill command failed");
1057  }
1058  }
1059  else
1060  {
1061  msg(M_CLIENT, "ERROR: The client-kill command is not supported by the current daemon mode");
1062  }
1063  }
1064 }
1065 
1066 static void
1067 man_client_n_clients(struct management *man)
1068 {
1069  if (man->persist.callback.n_clients)
1070  {
1071  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1072  msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1073  }
1074  else
1075  {
1076  msg(M_CLIENT, "ERROR: The nclients command is not supported by the current daemon mode");
1077  }
1078 }
1079 
1080 static void
1081 man_env_filter(struct management *man, const int level)
1082 {
1083  man->connection.env_filter_level = level;
1084  msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1085 }
1086 
1087 #ifdef MANAGEMENT_PF
1088 
1089 static void
1090 man_client_pf(struct management *man, const char *cid_str)
1091 {
1092  struct man_connection *mc = &man->connection;
1093  mc->in_extra_cid = 0;
1094  mc->in_extra_kid = 0;
1095  if (parse_cid(cid_str, &mc->in_extra_cid))
1096  {
1097  mc->in_extra_cmd = IEC_CLIENT_PF;
1098  in_extra_reset(mc, IER_NEW);
1099  }
1100 }
1101 
1102 #endif /* MANAGEMENT_PF */
1103 #endif /* MANAGEMENT_DEF_AUTH */
1104 
1105 #ifdef MANAGMENT_EXTERNAL_KEY
1106 
1107 static void
1108 man_rsa_sig(struct management *man)
1109 {
1110  struct man_connection *mc = &man->connection;
1111  if (mc->ext_key_state == EKS_SOLICIT)
1112  {
1113  mc->ext_key_state = EKS_INPUT;
1114  mc->in_extra_cmd = IEC_RSA_SIGN;
1115  in_extra_reset(mc, IER_NEW);
1116  }
1117  else
1118  {
1119  msg(M_CLIENT, "ERROR: The rsa-sig command is not currently available");
1120  }
1121 }
1122 
1123 static void
1124 man_certificate(struct management *man)
1125 {
1126  struct man_connection *mc = &man->connection;
1127  if (mc->ext_cert_state == EKS_SOLICIT)
1128  {
1129  mc->ext_cert_state = EKS_INPUT;
1130  mc->in_extra_cmd = IEC_CERTIFICATE;
1131  in_extra_reset(mc, IER_NEW);
1132  }
1133  else
1134  {
1135  msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1136  }
1137 }
1138 
1139 #endif /* ifdef MANAGMENT_EXTERNAL_KEY */
1140 
1141 static void
1142 man_load_stats(struct management *man)
1143 {
1146  int nclients = 0;
1147 
1148  if (man->persist.callback.n_clients)
1149  {
1150  nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1151  }
1152  msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1153  nclients,
1154  link_read_bytes_global,
1155  link_write_bytes_global);
1156 }
1157 
1158 #define MN_AT_LEAST (1<<0)
1159 
1160 static bool
1161 man_need(struct management *man, const char **p, const int n, unsigned int flags)
1162 {
1163  int i;
1164  ASSERT(p[0]);
1165  for (i = 1; i <= n; ++i)
1166  {
1167  if (!p[i])
1168  {
1169  msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s",
1170  p[0],
1171  (flags & MN_AT_LEAST) ? "at least " : "",
1172  n,
1173  n > 1 ? "s" : "");
1174  return false;
1175  }
1176  }
1177  return true;
1178 }
1179 
1180 static void
1181 man_proxy(struct management *man, const char **p)
1182 {
1183  if (man->persist.callback.proxy_cmd)
1184  {
1185  const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1186  if (status)
1187  {
1188  msg(M_CLIENT, "SUCCESS: proxy command succeeded");
1189  }
1190  else
1191  {
1192  msg(M_CLIENT, "ERROR: proxy command failed");
1193  }
1194  }
1195  else
1196  {
1197  msg(M_CLIENT, "ERROR: The proxy command is not supported by the current daemon mode");
1198  }
1199 }
1200 
1201 static void
1202 man_remote(struct management *man, const char **p)
1203 {
1204  if (man->persist.callback.remote_cmd)
1205  {
1206  const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1207  if (status)
1208  {
1209  msg(M_CLIENT, "SUCCESS: remote command succeeded");
1210  }
1211  else
1212  {
1213  msg(M_CLIENT, "ERROR: remote command failed");
1214  }
1215  }
1216  else
1217  {
1218  msg(M_CLIENT, "ERROR: The remote command is not supported by the current daemon mode");
1219  }
1220 }
1221 
1222 #ifdef TARGET_ANDROID
1223 static void
1224 man_network_change(struct management *man, bool samenetwork)
1225 {
1226  /* Called to signal the OpenVPN that the network configuration has changed and
1227  * the client should either float or reconnect.
1228  *
1229  * The code is currently only used by ics-openvpn
1230  */
1231  if (man->persist.callback.network_change)
1232  {
1233  int fd = (*man->persist.callback.network_change)
1234  (man->persist.callback.arg, samenetwork);
1235  man->connection.fdtosend = fd;
1236  msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1237  if (fd == -2)
1238  {
1239  man_signal(man, "SIGUSR1");
1240  }
1241  }
1242 }
1243 #endif
1244 
1245 static void
1246 man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
1247 {
1248  struct gc_arena gc = gc_new();
1249 
1250  ASSERT(p[0]);
1251  if (streq(p[0], "exit") || streq(p[0], "quit"))
1252  {
1253  man->connection.halt = true;
1254  goto done;
1255  }
1256  else if (streq(p[0], "help"))
1257  {
1258  man_help();
1259  }
1260  else if (streq(p[0], "version"))
1261  {
1262  msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1263  msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1264  msg(M_CLIENT, "END");
1265  }
1266  else if (streq(p[0], "pid"))
1267  {
1268  msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1269  }
1270 #ifdef MANAGEMENT_DEF_AUTH
1271  else if (streq(p[0], "nclients"))
1272  {
1273  man_client_n_clients(man);
1274  }
1275  else if (streq(p[0], "env-filter"))
1276  {
1277  int level = 0;
1278  if (p[1])
1279  {
1280  level = atoi(p[1]);
1281  }
1282  man_env_filter(man, level);
1283  }
1284 #endif
1285  else if (streq(p[0], "signal"))
1286  {
1287  if (man_need(man, p, 1, 0))
1288  {
1289  man_signal(man, p[1]);
1290  }
1291  }
1292 #ifdef TARGET_ANDROID
1293  else if (streq(p[0], "network-change"))
1294  {
1295  bool samenetwork = false;
1296  if (p[1] && streq(p[1], "samenetwork"))
1297  {
1298  samenetwork = true;
1299  }
1300 
1301  man_network_change(man, samenetwork);
1302  }
1303 #endif
1304  else if (streq(p[0], "load-stats"))
1305  {
1306  man_load_stats(man);
1307  }
1308  else if (streq(p[0], "status"))
1309  {
1310  int version = 0;
1311  if (p[1])
1312  {
1313  version = atoi(p[1]);
1314  }
1315  man_status(man, version, so);
1316  }
1317  else if (streq(p[0], "kill"))
1318  {
1319  if (man_need(man, p, 1, 0))
1320  {
1321  man_kill(man, p[1]);
1322  }
1323  }
1324  else if (streq(p[0], "verb"))
1325  {
1326  if (p[1])
1327  {
1328  const int level = atoi(p[1]);
1329  if (set_debug_level(level, 0))
1330  {
1331  msg(M_CLIENT, "SUCCESS: verb level changed");
1332  }
1333  else
1334  {
1335  msg(M_CLIENT, "ERROR: verb level is out of range");
1336  }
1337  }
1338  else
1339  {
1340  msg(M_CLIENT, "SUCCESS: verb=%d", get_debug_level());
1341  }
1342  }
1343  else if (streq(p[0], "mute"))
1344  {
1345  if (p[1])
1346  {
1347  const int level = atoi(p[1]);
1348  if (set_mute_cutoff(level))
1349  {
1350  msg(M_CLIENT, "SUCCESS: mute level changed");
1351  }
1352  else
1353  {
1354  msg(M_CLIENT, "ERROR: mute level is out of range");
1355  }
1356  }
1357  else
1358  {
1359  msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1360  }
1361  }
1362  else if (streq(p[0], "auth-retry"))
1363  {
1364 #if P2MP
1365  if (p[1])
1366  {
1367  if (auth_retry_set(M_CLIENT, p[1]))
1368  {
1369  msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1370  }
1371  else
1372  {
1373  msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1374  }
1375  }
1376  else
1377  {
1378  msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1379  }
1380 #else /* if P2MP */
1381  msg(M_CLIENT, "ERROR: auth-retry feature is unavailable");
1382 #endif
1383  }
1384  else if (streq(p[0], "state"))
1385  {
1386  if (!p[1])
1387  {
1388  man_state(man, "1");
1389  }
1390  else
1391  {
1392  if (p[1])
1393  {
1394  man_state(man, p[1]);
1395  }
1396  if (p[2])
1397  {
1398  man_state(man, p[2]);
1399  }
1400  }
1401  }
1402  else if (streq(p[0], "log"))
1403  {
1404  if (man_need(man, p, 1, MN_AT_LEAST))
1405  {
1406  if (p[1])
1407  {
1408  man_log(man, p[1]);
1409  }
1410  if (p[2])
1411  {
1412  man_log(man, p[2]);
1413  }
1414  }
1415  }
1416  else if (streq(p[0], "echo"))
1417  {
1418  if (man_need(man, p, 1, MN_AT_LEAST))
1419  {
1420  if (p[1])
1421  {
1422  man_echo(man, p[1]);
1423  }
1424  if (p[2])
1425  {
1426  man_echo(man, p[2]);
1427  }
1428  }
1429  }
1430  else if (streq(p[0], "username"))
1431  {
1432  if (man_need(man, p, 2, 0))
1433  {
1434  man_query_username(man, p[1], p[2]);
1435  }
1436  }
1437  else if (streq(p[0], "password"))
1438  {
1439  if (man_need(man, p, 2, 0))
1440  {
1441  man_query_password(man, p[1], p[2]);
1442  }
1443  }
1444  else if (streq(p[0], "forget-passwords"))
1445  {
1446  man_forget_passwords(man);
1447  }
1448  else if (streq(p[0], "needok"))
1449  {
1450  if (man_need(man, p, 2, 0))
1451  {
1452  man_query_need_ok(man, p[1], p[2]);
1453  }
1454  }
1455  else if (streq(p[0], "needstr"))
1456  {
1457  if (man_need(man, p, 2, 0))
1458  {
1459  man_query_need_str(man, p[1], p[2]);
1460  }
1461  }
1462  else if (streq(p[0], "net"))
1463  {
1464  man_net(man);
1465  }
1466  else if (streq(p[0], "hold"))
1467  {
1468  man_hold(man, p[1]);
1469  }
1470  else if (streq(p[0], "bytecount"))
1471  {
1472  if (man_need(man, p, 1, 0))
1473  {
1474  man_bytecount(man, atoi(p[1]));
1475  }
1476  }
1477 #ifdef MANAGEMENT_DEF_AUTH
1478  else if (streq(p[0], "client-kill"))
1479  {
1480  if (man_need(man, p, 1, MN_AT_LEAST))
1481  {
1482  man_client_kill(man, p[1], p[2]);
1483  }
1484  }
1485  else if (streq(p[0], "client-deny"))
1486  {
1487  if (man_need(man, p, 3, MN_AT_LEAST))
1488  {
1489  man_client_deny(man, p[1], p[2], p[3], p[4]);
1490  }
1491  }
1492  else if (streq(p[0], "client-auth-nt"))
1493  {
1494  if (man_need(man, p, 2, 0))
1495  {
1496  man_client_auth(man, p[1], p[2], false);
1497  }
1498  }
1499  else if (streq(p[0], "client-auth"))
1500  {
1501  if (man_need(man, p, 2, 0))
1502  {
1503  man_client_auth(man, p[1], p[2], true);
1504  }
1505  }
1506 #ifdef MANAGEMENT_PF
1507  else if (streq(p[0], "client-pf"))
1508  {
1509  if (man_need(man, p, 1, 0))
1510  {
1511  man_client_pf(man, p[1]);
1512  }
1513  }
1514 #endif
1515 #endif /* ifdef MANAGEMENT_DEF_AUTH */
1516 #ifdef MANAGMENT_EXTERNAL_KEY
1517  else if (streq(p[0], "rsa-sig"))
1518  {
1519  man_rsa_sig(man);
1520  }
1521  else if (streq(p[0], "certificate"))
1522  {
1523  man_certificate(man);
1524  }
1525 #endif
1526 #ifdef ENABLE_PKCS11
1527  else if (streq(p[0], "pkcs11-id-count"))
1528  {
1529  man_pkcs11_id_count(man);
1530  }
1531  else if (streq(p[0], "pkcs11-id-get"))
1532  {
1533  if (man_need(man, p, 1, 0))
1534  {
1535  man_pkcs11_id_get(man, atoi(p[1]));
1536  }
1537  }
1538 #endif
1539  else if (streq(p[0], "proxy"))
1540  {
1541  if (man_need(man, p, 1, MN_AT_LEAST))
1542  {
1543  man_proxy(man, p);
1544  }
1545  }
1546  else if (streq(p[0], "remote"))
1547  {
1548  if (man_need(man, p, 1, MN_AT_LEAST))
1549  {
1550  man_remote(man, p);
1551  }
1552  }
1553 #if 1
1554  else if (streq(p[0], "test"))
1555  {
1556  if (man_need(man, p, 1, 0))
1557  {
1558  int i;
1559  const int n = atoi(p[1]);
1560  for (i = 0; i < n; ++i)
1561  {
1562  msg(M_CLIENT, "[%d] The purpose of this command is to generate large amounts of output.", i);
1563  }
1564  }
1565  }
1566 #endif
1567  else
1568  {
1569  msg(M_CLIENT, "ERROR: unknown command, enter 'help' for more options");
1570  }
1571 
1572 done:
1573  gc_free(&gc);
1574 }
1575 
1576 #ifdef _WIN32
1577 
1578 static void
1579 man_start_ne32(struct management *man)
1580 {
1581  switch (man->connection.state)
1582  {
1583  case MS_LISTEN:
1584  net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1585  break;
1586 
1587  case MS_CC_WAIT_READ:
1588  case MS_CC_WAIT_WRITE:
1589  net_event_win32_start(&man->connection.ne32, FD_READ|FD_WRITE|FD_CLOSE, man->connection.sd_cli);
1590  break;
1591 
1592  default:
1593  ASSERT(0);
1594  }
1595 }
1596 
1597 static void
1598 man_stop_ne32(struct management *man)
1599 {
1601 }
1602 
1603 #endif /* ifdef _WIN32 */
1604 
1605 static void
1606 man_record_peer_info(struct management *man)
1607 {
1608  struct gc_arena gc = gc_new();
1609  if (man->settings.write_peer_info_file)
1610  {
1611  bool success = false;
1612 #ifdef HAVE_GETSOCKNAME
1613  if (socket_defined(man->connection.sd_cli))
1614  {
1615  struct sockaddr_in addr;
1616  socklen_t addrlen = sizeof(addr);
1617  int status;
1618 
1619  CLEAR(addr);
1620  status = getsockname(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen);
1621  if (!status && addrlen == sizeof(addr))
1622  {
1623  const in_addr_t a = ntohl(addr.sin_addr.s_addr);
1624  const int p = ntohs(addr.sin_port);
1625  FILE *fp = platform_fopen(man->settings.write_peer_info_file, "w");
1626  if (fp)
1627  {
1628  fprintf(fp, "%s\n%d\n", print_in_addr_t(a, 0, &gc), p);
1629  if (!fclose(fp))
1630  {
1631  success = true;
1632  }
1633  }
1634  }
1635  }
1636 #endif /* ifdef HAVE_GETSOCKNAME */
1637  if (!success)
1638  {
1639  msg(D_MANAGEMENT, "MANAGEMENT: failed to write peer info to file %s",
1641  throw_signal_soft(SIGTERM, "management-connect-failed");
1642  }
1643  }
1644  gc_free(&gc);
1645 }
1646 
1647 static void
1648 man_connection_settings_reset(struct management *man)
1649 {
1650  man->connection.state_realtime = false;
1651  man->connection.log_realtime = false;
1652  man->connection.echo_realtime = false;
1654  man->connection.password_verified = false;
1655  man->connection.password_tries = 0;
1656  man->connection.halt = false;
1658 }
1659 
1660 static void
1661 man_new_connection_post(struct management *man, const char *description)
1662 {
1663  struct gc_arena gc = gc_new();
1664 
1666 
1668 
1669 #ifdef _WIN32
1670  man_start_ne32(man);
1671 #endif
1672 
1673 #if UNIX_SOCK_SUPPORT
1674  if (man->settings.flags & MF_UNIX_SOCK)
1675  {
1676  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1677  description,
1678  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1679  }
1680  else
1681 #endif
1682  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1683  description,
1684  print_sockaddr(man->settings.local->ai_addr, &gc));
1685 
1687 
1688  if (!man_password_needed(man))
1689  {
1690  man_welcome(man);
1691  }
1692  man_prompt(man);
1693  man_update_io_state(man);
1694 
1695  gc_free(&gc);
1696 }
1697 
1698 #if UNIX_SOCK_SUPPORT
1699 static bool
1700 man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1701 {
1702  if (socket_defined(sd) && (man->settings.client_uid != -1 || man->settings.client_gid != -1))
1703  {
1704  static const char err_prefix[] = "MANAGEMENT: unix domain socket client connection rejected --";
1705  int uid, gid;
1706  if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1707  {
1708  if (man->settings.client_uid != -1 && man->settings.client_uid != uid)
1709  {
1710  msg(D_MANAGEMENT, "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1711  err_prefix, uid, man->settings.client_uid);
1712  return false;
1713  }
1714  if (man->settings.client_gid != -1 && man->settings.client_gid != gid)
1715  {
1716  msg(D_MANAGEMENT, "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1717  err_prefix, gid, man->settings.client_gid);
1718  return false;
1719  }
1720  }
1721  else
1722  {
1723  msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1724  return false;
1725  }
1726  }
1727  return true;
1728 }
1729 #endif /* if UNIX_SOCK_SUPPORT */
1730 
1731 static void
1732 man_accept(struct management *man)
1733 {
1734  struct link_socket_actual act;
1735  CLEAR(act);
1736 
1737  /*
1738  * Accept the TCP or Unix domain socket client.
1739  */
1740 #if UNIX_SOCK_SUPPORT
1741  if (man->settings.flags & MF_UNIX_SOCK)
1742  {
1743  struct sockaddr_un remote;
1744  man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1745  if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1746  {
1747  sd_close(&man->connection.sd_cli);
1748  }
1749  }
1750  else
1751 #endif
1752  man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1753 
1754  if (socket_defined(man->connection.sd_cli))
1755  {
1756  man->connection.remote = act.dest;
1757 
1758  if (socket_defined(man->connection.sd_top))
1759  {
1760 #ifdef _WIN32
1761  man_stop_ne32(man);
1762 #endif
1763  }
1764 
1765  man_new_connection_post(man, "Client connected from");
1766  }
1767 }
1768 
1769 static void
1770 man_listen(struct management *man)
1771 {
1772  struct gc_arena gc = gc_new();
1773 
1774  /*
1775  * Initialize state
1776  */
1777  man->connection.state = MS_LISTEN;
1779 
1780  /*
1781  * Initialize listening socket
1782  */
1783  if (man->connection.sd_top == SOCKET_UNDEFINED)
1784  {
1785 #if UNIX_SOCK_SUPPORT
1786  if (man->settings.flags & MF_UNIX_SOCK)
1787  {
1789  man->connection.sd_top = create_socket_unix();
1790  socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1791  }
1792  else
1793 #endif
1794  {
1797  man->settings.local->ai_family, "MANAGEMENT", false);
1798  }
1799 
1800  /*
1801  * Listen for connection
1802  */
1803  if (listen(man->connection.sd_top, 1))
1804  {
1805  msg(M_ERR, "MANAGEMENT: listen() failed");
1806  }
1807 
1808  /*
1809  * Set misc socket properties
1810  */
1812 
1813 #if UNIX_SOCK_SUPPORT
1814  if (man->settings.flags & MF_UNIX_SOCK)
1815  {
1816  msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1817  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1818  }
1819  else
1820 #endif
1821  msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1822  print_sockaddr(man->settings.local->ai_addr, &gc));
1823  }
1824 
1825 #ifdef _WIN32
1826  man_start_ne32(man);
1827 #endif
1828 
1829  gc_free(&gc);
1830 }
1831 
1832 static void
1833 man_connect(struct management *man)
1834 {
1835  struct gc_arena gc = gc_new();
1836  int status;
1837  int signal_received = 0;
1838 
1839  /*
1840  * Initialize state
1841  */
1842  man->connection.state = MS_INITIAL;
1844 
1845 #if UNIX_SOCK_SUPPORT
1846  if (man->settings.flags & MF_UNIX_SOCK)
1847  {
1848  man->connection.sd_cli = create_socket_unix();
1849  status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
1850  if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1851  {
1852 #ifdef EPERM
1853  status = EPERM;
1854 #else
1855  status = 1;
1856 #endif
1857  sd_close(&man->connection.sd_cli);
1858  }
1859  }
1860  else
1861 #endif
1862  {
1864  status = openvpn_connect(man->connection.sd_cli,
1865  man->settings.local->ai_addr,
1866  5,
1867  &signal_received);
1868  }
1869 
1870  if (signal_received)
1871  {
1872  throw_signal(signal_received);
1873  goto done;
1874  }
1875 
1876  if (status)
1877  {
1878 #if UNIX_SOCK_SUPPORT
1879  if (man->settings.flags & MF_UNIX_SOCK)
1880  {
1882  "MANAGEMENT: connect to unix socket %s failed",
1883  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1884  }
1885  else
1886 #endif
1888  "MANAGEMENT: connect to %s failed",
1889  print_sockaddr(man->settings.local->ai_addr, &gc));
1890  throw_signal_soft(SIGTERM, "management-connect-failed");
1891  goto done;
1892  }
1893 
1894  man_record_peer_info(man);
1895  man_new_connection_post(man, "Connected to management server at");
1896 
1897 done:
1898  gc_free(&gc);
1899 }
1900 
1901 static void
1902 man_reset_client_socket(struct management *man, const bool exiting)
1903 {
1904  if (socket_defined(man->connection.sd_cli))
1905  {
1906 #ifdef _WIN32
1907  man_stop_ne32(man);
1908 #endif
1909  man_close_socket(man, man->connection.sd_cli);
1911  man->connection.state = MS_INITIAL;
1914 #ifdef MANAGEMENT_IN_EXTRA
1916 #endif
1917  msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
1918  }
1919  if (!exiting)
1920  {
1921 #ifdef ENABLE_CRYPTO
1922  if (man->settings.flags & MF_FORGET_DISCONNECT)
1923  {
1924  ssl_purge_auth(false);
1925  }
1926 #endif
1927  if (man->settings.flags & MF_SIGNAL)
1928  {
1929  int mysig = man_mod_signal(man, SIGUSR1);
1930  if (mysig >= 0)
1931  {
1932  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
1933  throw_signal_soft(mysig, "management-disconnect");
1934  }
1935  }
1936 
1937  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1938  {
1939  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
1940  throw_signal_soft(SIGTERM, "management-exit");
1941  }
1942  else
1943  {
1944  man_listen(man);
1945  }
1946  }
1947 }
1948 
1949 static void
1950 man_process_command(struct management *man, const char *line)
1951 {
1952  struct gc_arena gc = gc_new();
1953  struct status_output *so;
1954  int nparms;
1955  char *parms[MAX_PARMS+1];
1956 
1957  CLEAR(parms);
1958  so = status_open(NULL, 0, -1, &man->persist.vout, 0);
1959 #ifdef MANAGEMENT_IN_EXTRA
1961 #endif
1962 
1963  if (man_password_needed(man))
1964  {
1965  man_check_password(man, line);
1966  }
1967  else
1968  {
1969  nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
1970  if (parms[0] && streq(parms[0], "password"))
1971  {
1972  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
1973  }
1974  else if (!streq(line, "load-stats"))
1975  {
1976  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
1977  }
1978 
1979 #if 0
1980  /* DEBUGGING -- print args */
1981  {
1982  int i;
1983  for (i = 0; i < nparms; ++i)
1984  {
1985  msg(M_INFO, "[%d] '%s'", i, parms[i]);
1986  }
1987  }
1988 #endif
1989 
1990  if (nparms > 0)
1991  {
1992  man_dispatch_command(man, so, (const char **)parms, nparms);
1993  }
1994  }
1995 
1996  CLEAR(parms);
1997  status_close(so);
1998  gc_free(&gc);
1999 }
2000 
2001 static bool
2002 man_io_error(struct management *man, const char *prefix)
2003 {
2004  const int err = openvpn_errno();
2005 
2006  if (!ignore_sys_error(err))
2007  {
2008  struct gc_arena gc = gc_new();
2009  msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix,
2010  strerror(err));
2011  gc_free(&gc);
2012  return true;
2013  }
2014  else
2015  {
2016  return false;
2017  }
2018 }
2019 
2020 #ifdef TARGET_ANDROID
2021 static ssize_t
2022 man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2023 {
2024  struct msghdr msg;
2025  struct iovec iov[1];
2026 
2027  union {
2028  struct cmsghdr cm;
2029  char control[CMSG_SPACE(sizeof(int))];
2030  } control_un;
2031  struct cmsghdr *cmptr;
2032 
2033  msg.msg_control = control_un.control;
2034  msg.msg_controllen = sizeof(control_un.control);
2035 
2036  cmptr = CMSG_FIRSTHDR(&msg);
2037  cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2038  cmptr->cmsg_level = SOL_SOCKET;
2039  cmptr->cmsg_type = SCM_RIGHTS;
2040  *((int *) CMSG_DATA(cmptr)) = sendfd;
2041 
2042  msg.msg_name = NULL;
2043  msg.msg_namelen = 0;
2044 
2045  iov[0].iov_base = ptr;
2046  iov[0].iov_len = nbytes;
2047  msg.msg_iov = iov;
2048  msg.msg_iovlen = 1;
2049 
2050  return (sendmsg(fd, &msg, flags));
2051 }
2052 
2053 static ssize_t
2054 man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2055 {
2056  struct msghdr msghdr;
2057  struct iovec iov[1];
2058  ssize_t n;
2059 
2060  union {
2061  struct cmsghdr cm;
2062  char control[CMSG_SPACE(sizeof(int))];
2063  } control_un;
2064  struct cmsghdr *cmptr;
2065 
2066  msghdr.msg_control = control_un.control;
2067  msghdr.msg_controllen = sizeof(control_un.control);
2068 
2069  msghdr.msg_name = NULL;
2070  msghdr.msg_namelen = 0;
2071 
2072  iov[0].iov_base = ptr;
2073  iov[0].iov_len = nbytes;
2074  msghdr.msg_iov = iov;
2075  msghdr.msg_iovlen = 1;
2076 
2077  if ( (n = recvmsg(fd, &msghdr, flags)) <= 0)
2078  {
2079  return (n);
2080  }
2081 
2082  if ( (cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL
2083  && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2084  {
2085  if (cmptr->cmsg_level != SOL_SOCKET)
2086  {
2087  msg(M_ERR, "control level != SOL_SOCKET");
2088  }
2089  if (cmptr->cmsg_type != SCM_RIGHTS)
2090  {
2091  msg(M_ERR, "control type != SCM_RIGHTS");
2092  }
2093  *recvfd = *((int *) CMSG_DATA(cmptr));
2094  }
2095  else
2096  {
2097  *recvfd = -1; /* descriptor was not passed */
2098 
2099  }
2100  return (n);
2101 }
2102 
2103 /*
2104  * The android control method will instruct the GUI part of openvpn to do
2105  * the route/ifconfig/open tun command. See doc/android.txt for details.
2106  */
2107 bool
2108 management_android_control(struct management *man, const char *command, const char *msg)
2109 {
2110  struct user_pass up;
2111  CLEAR(up);
2112  strncpy(up.username, msg, sizeof(up.username)-1);
2113 
2114  management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK,(void *) 0);
2115  return strcmp("ok", up.password)==0;
2116 }
2117 
2118 /*
2119  * In Android 4.4 it is not possible to open a new tun device and then close the
2120  * old tun device without breaking the whole VPNService stack until the device
2121  * is rebooted. This management method ask the UI what method should be taken to
2122  * ensure the optimal solution for the situation
2123  */
2124 int
2125 managment_android_persisttun_action(struct management *man)
2126 {
2127  struct user_pass up;
2128  CLEAR(up);
2129  strcpy(up.username,"tunmethod");
2130  management_query_user_pass(management, &up, "PERSIST_TUN_ACTION",
2131  GET_USER_PASS_NEED_OK,(void *) 0);
2132  if (!strcmp("NOACTION", up.password))
2133  {
2134  return ANDROID_KEEP_OLD_TUN;
2135  }
2136  else if (!strcmp("OPEN_AFTER_CLOSE", up.password))
2137  {
2138  return ANDROID_OPEN_AFTER_CLOSE;
2139  }
2140  else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2141  {
2142  return ANDROID_OPEN_BEFORE_CLOSE;
2143  }
2144  else
2145  {
2146  msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query", up.password);
2147  }
2148 
2149  ASSERT(0);
2150  return ANDROID_OPEN_AFTER_CLOSE;
2151 }
2152 
2153 
2154 #endif /* ifdef TARGET_ANDROID */
2155 
2156 static int
2157 man_read(struct management *man)
2158 {
2159  /*
2160  * read command line from socket
2161  */
2162  unsigned char buf[256];
2163  int len = 0;
2164 
2165 #ifdef TARGET_ANDROID
2166  int fd;
2167  len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2168  if (fd >= 0)
2169  {
2170  man->connection.lastfdreceived = fd;
2171  }
2172 #else /* ifdef TARGET_ANDROID */
2173  len = recv(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL);
2174 #endif
2175 
2176  if (len == 0)
2177  {
2178  man_reset_client_socket(man, false);
2179  }
2180  else if (len > 0)
2181  {
2182  bool processed_command = false;
2183 
2184  ASSERT(len <= (int) sizeof(buf));
2185  command_line_add(man->connection.in, buf, len);
2186 
2187  /*
2188  * Reset output object
2189  */
2191 
2192  /*
2193  * process command line if complete
2194  */
2195  {
2196  const unsigned char *line;
2197  while ((line = command_line_get(man->connection.in)))
2198  {
2199 #ifdef MANAGEMENT_IN_EXTRA
2200  if (man->connection.in_extra)
2201  {
2202  if (!strcmp((char *)line, "END"))
2203  {
2204  in_extra_dispatch(man);
2205  }
2206  else
2207  {
2208  buffer_list_push(man->connection.in_extra, line);
2209  }
2210  }
2211  else
2212 #endif
2213  man_process_command(man, (char *) line);
2214  if (man->connection.halt)
2215  {
2216  break;
2217  }
2219  processed_command = true;
2220  }
2221  }
2222 
2223  /*
2224  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2225  */
2226  if (man->connection.halt)
2227  {
2228  man_reset_client_socket(man, false);
2229  len = 0;
2230  }
2231  else
2232  {
2233  if (processed_command)
2234  {
2235  man_prompt(man);
2236  }
2237  man_update_io_state(man);
2238  }
2239  }
2240  else /* len < 0 */
2241  {
2242  if (man_io_error(man, "recv"))
2243  {
2244  man_reset_client_socket(man, false);
2245  }
2246  }
2247  return len;
2248 }
2249 
2250 static int
2251 man_write(struct management *man)
2252 {
2253  const int size_hint = 1024;
2254  int sent = 0;
2255  const struct buffer *buf;
2256 
2257  buffer_list_aggregate(man->connection.out, size_hint);
2258  buf = buffer_list_peek(man->connection.out);
2259  if (buf && BLEN(buf))
2260  {
2261  const int len = min_int(size_hint, BLEN(buf));
2262 #ifdef TARGET_ANDROID
2263  if (man->connection.fdtosend > 0)
2264  {
2265  sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,man->connection.fdtosend);
2266  man->connection.fdtosend = -1;
2267  }
2268  else
2269 #endif
2270  sent = send(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL);
2271  if (sent >= 0)
2272  {
2273  buffer_list_advance(man->connection.out, sent);
2274  }
2275  else if (sent < 0)
2276  {
2277  if (man_io_error(man, "send"))
2278  {
2279  man_reset_client_socket(man, false);
2280  }
2281  }
2282  }
2283 
2284  /*
2285  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2286  */
2287  man_update_io_state(man);
2288 
2289  return sent;
2290 }
2291 
2292 static void
2294 {
2295  CLEAR(*mc);
2296 
2297  /* set initial state */
2298  mc->state = MS_INITIAL;
2299 
2300  /* clear socket descriptors */
2301  mc->sd_top = SOCKET_UNDEFINED;
2302  mc->sd_cli = SOCKET_UNDEFINED;
2303 }
2304 
2305 static void
2306 man_persist_init(struct management *man,
2307  const int log_history_cache,
2308  const int echo_buffer_size,
2309  const int state_buffer_size)
2310 {
2311  struct man_persist *mp = &man->persist;
2312  if (!mp->defined)
2313  {
2314  CLEAR(*mp);
2315 
2316  /* initialize log history store */
2317  mp->log = log_history_init(log_history_cache);
2318 
2319  /*
2320  * Initialize virtual output object, so that functions
2321  * which write to a virtual_output object can be redirected
2322  * here to the management object.
2323  */
2325  mp->vout.arg = man;
2326  mp->vout.flags_default = M_CLIENT;
2328 
2329  /*
2330  * Initialize --echo list
2331  */
2332  man->persist.echo = log_history_init(echo_buffer_size);
2333 
2334  /*
2335  * Initialize --state list
2336  */
2337  man->persist.state = log_history_init(state_buffer_size);
2338 
2339  mp->defined = true;
2340  }
2341 }
2342 
2343 static void
2345 {
2346  if (mp->log)
2347  {
2348  msg_set_virtual_output(NULL);
2349  log_history_close(mp->log);
2350  }
2351 
2352  if (mp->echo)
2353  {
2354  log_history_close(mp->echo);
2355  }
2356 
2357  if (mp->state)
2358  {
2359  log_history_close(mp->state);
2360  }
2361 
2362  CLEAR(*mp);
2363 }
2364 
2365 static void
2367  const char *addr,
2368  const char *port,
2369  const char *pass_file,
2370  const char *client_user,
2371  const char *client_group,
2372  const int log_history_cache,
2373  const int echo_buffer_size,
2374  const int state_buffer_size,
2375  const char *write_peer_info_file,
2376  const int remap_sigusr1,
2377  const unsigned int flags)
2378 {
2379  if (!ms->defined)
2380  {
2381  CLEAR(*ms);
2382 
2383  ms->flags = flags;
2384  ms->client_uid = -1;
2385  ms->client_gid = -1;
2386 
2387  /*
2388  * Get username/password
2389  */
2390  if (pass_file)
2391  {
2392  get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2393  }
2394 
2395  /*
2396  * lookup client UID/GID if specified
2397  */
2398  if (client_user)
2399  {
2400  struct platform_state_user s;
2401  platform_user_get(client_user, &s);
2403  msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->client_uid);
2404  ASSERT(ms->client_uid >= 0);
2405  }
2406  if (client_group)
2407  {
2408  struct platform_state_group s;
2409  platform_group_get(client_group, &s);
2411  msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->client_gid);
2412  ASSERT(ms->client_gid >= 0);
2413  }
2414 
2415  ms->write_peer_info_file = string_alloc(write_peer_info_file, NULL);
2416 
2417 #if UNIX_SOCK_SUPPORT
2418  if (ms->flags & MF_UNIX_SOCK)
2419  {
2420  sockaddr_unix_init(&ms->local_unix, addr);
2421  }
2422  else
2423 #endif
2424  {
2425 
2426  /*
2427  * Run management over tunnel, or
2428  * separate channel?
2429  */
2430  if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2431  {
2432  ms->management_over_tunnel = true;
2433  }
2434  else
2435  {
2436  int status;
2438 
2439  if (!(flags & MF_CONNECT_AS_CLIENT))
2440  {
2441  resolve_flags |= GETADDR_PASSIVE;
2442  }
2443 
2444  status = openvpn_getaddrinfo(resolve_flags, addr, port, 0,
2445  NULL, AF_UNSPEC, &ms->local);
2446  ASSERT(status==0);
2447  }
2448  }
2449 
2450  /*
2451  * Log history and echo buffer may need to be resized
2452  */
2453  ms->log_history_cache = log_history_cache;
2454  ms->echo_buffer_size = echo_buffer_size;
2455  ms->state_buffer_size = state_buffer_size;
2456 
2457  /*
2458  * Set remap sigusr1 flags
2459  */
2460  if (remap_sigusr1 == SIGHUP)
2461  {
2463  }
2464  else if (remap_sigusr1 == SIGTERM)
2465  {
2467  }
2468 
2469  ms->defined = true;
2470  }
2471 }
2472 
2473 static void
2475 {
2476  if (ms->local)
2477  {
2478  freeaddrinfo(ms->local);
2479  }
2480  free(ms->write_peer_info_file);
2481  CLEAR(*ms);
2482 }
2483 
2484 
2485 static void
2486 man_connection_init(struct management *man)
2487 {
2488  if (man->connection.state == MS_INITIAL)
2489  {
2490 #ifdef _WIN32
2491  /*
2492  * This object is a sort of TCP/IP helper
2493  * for Windows.
2494  */
2496 #endif
2497 
2498  /*
2499  * Allocate helper objects for command line input and
2500  * command output from/to the socket.
2501  */
2502  man->connection.in = command_line_new(1024);
2503  man->connection.out = buffer_list_new(0);
2504 
2505  /*
2506  * Initialize event set for standalone usage, when we are
2507  * running outside of the primary event loop.
2508  */
2509  {
2510  int maxevents = 1;
2511  man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2512  }
2513 
2514  /*
2515  * Listen/connect socket
2516  */
2517  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2518  {
2519  man_connect(man);
2520  }
2521  else
2522  {
2523  man_listen(man);
2524  }
2525  }
2526 }
2527 
2528 static void
2529 man_connection_close(struct management *man)
2530 {
2531  struct man_connection *mc = &man->connection;
2532 
2533  if (mc->es)
2534  {
2535  event_free(mc->es);
2536  }
2537 #ifdef _WIN32
2539 #endif
2540  if (socket_defined(mc->sd_top))
2541  {
2542  man_close_socket(man, mc->sd_top);
2544  }
2545  if (socket_defined(mc->sd_cli))
2546  {
2547  man_close_socket(man, mc->sd_cli);
2548  }
2549  if (mc->in)
2550  {
2551  command_line_free(mc->in);
2552  }
2553  if (mc->out)
2554  {
2555  buffer_list_free(mc->out);
2556  }
2557 #ifdef MANAGEMENT_IN_EXTRA
2559 #endif
2560 #ifdef MANAGMENT_EXTERNAL_KEY
2561  buffer_list_free(mc->ext_key_input);
2562 #endif
2564 }
2565 
2566 struct management *
2568 {
2569  struct management *man;
2570  ALLOC_OBJ_CLEAR(man, struct management);
2571 
2572  man_persist_init(man,
2576 
2578 
2579  return man;
2580 }
2581 
2582 bool
2583 management_open(struct management *man,
2584  const char *addr,
2585  const char *port,
2586  const char *pass_file,
2587  const char *client_user,
2588  const char *client_group,
2589  const int log_history_cache,
2590  const int echo_buffer_size,
2591  const int state_buffer_size,
2592  const char *write_peer_info_file,
2593  const int remap_sigusr1,
2594  const unsigned int flags)
2595 {
2596  bool ret = false;
2597 
2598  /*
2599  * Save the settings only if they have not
2600  * been saved before.
2601  */
2603  addr,
2604  port,
2605  pass_file,
2606  client_user,
2607  client_group,
2608  log_history_cache,
2609  echo_buffer_size,
2610  state_buffer_size,
2611  write_peer_info_file,
2612  remap_sigusr1,
2613  flags);
2614 
2615  /*
2616  * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2617  * but may be changed here. Ditto for echo and state buffers.
2618  */
2622 
2623  /*
2624  * If connection object is uninitialized and we are not doing
2625  * over-the-tunnel management, then open (listening) connection.
2626  */
2627  if (man->connection.state == MS_INITIAL)
2628  {
2629  if (!man->settings.management_over_tunnel)
2630  {
2631  man_connection_init(man);
2632  ret = true;
2633  }
2634  }
2635 
2636  return ret;
2637 }
2638 
2639 void
2640 management_close(struct management *man)
2641 {
2642  man_output_list_push_finalize(man); /* flush output queue */
2643  man_connection_close(man);
2645  man_persist_close(&man->persist);
2646  free(man);
2647 }
2648 
2649 void
2650 management_set_callback(struct management *man,
2651  const struct management_callback *cb)
2652 {
2653  man->persist.standalone_disabled = true;
2654  man->persist.callback = *cb;
2655 }
2656 
2657 void
2658 management_clear_callback(struct management *man)
2659 {
2660  man->persist.standalone_disabled = false;
2661  man->persist.hold_release = false;
2662  CLEAR(man->persist.callback);
2663  man_output_list_push_finalize(man); /* flush output queue */
2664 }
2665 
2666 void
2667 management_set_state(struct management *man,
2668  const int state,
2669  const char *detail,
2670  const in_addr_t *tun_local_ip,
2671  const struct in6_addr *tun_local_ip6,
2672  const struct openvpn_sockaddr *local,
2673  const struct openvpn_sockaddr *remote)
2674 {
2675  if (man->persist.state && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2676  {
2677  struct gc_arena gc = gc_new();
2678  struct log_entry e;
2679  const char *out = NULL;
2680 
2681  update_time();
2682  CLEAR(e);
2683  e.timestamp = now;
2684  e.u.state = state;
2685  e.string = detail;
2686  if (tun_local_ip)
2687  {
2688  e.local_ip = *tun_local_ip;
2689  }
2690  if (tun_local_ip6)
2691  {
2692  e.local_ip6 = *tun_local_ip6;
2693  }
2694  if (local)
2695  {
2696  e.local_sock = *local;
2697  }
2698  if (remote)
2699  {
2700  e.remote_sock = *remote;
2701  }
2702 
2703  log_history_add(man->persist.state, &e);
2704 
2705  if (man->connection.state_realtime)
2706  {
2709  | LOG_PRINT_STATE
2712  | LOG_PRINT_CRLF
2713  | LOG_ECHO_TO_LOG, &gc);
2714  }
2715 
2716  if (out)
2717  {
2718  man_output_list_push(man, out);
2719  }
2720 
2721  gc_free(&gc);
2722  }
2723 }
2724 
2725 static bool
2726 env_filter_match(const char *env_str, const int env_filter_level)
2727 {
2728  static const char *env_names[] = {
2729  "username=",
2730  "password=",
2731  "X509_0_CN=",
2732  "tls_serial_",
2733  "untrusted_ip=",
2734  "ifconfig_local=",
2735  "ifconfig_netmask=",
2736  "daemon_start_time=",
2737  "daemon_pid=",
2738  "dev=",
2739  "ifconfig_pool_remote_ip=",
2740  "ifconfig_pool_netmask=",
2741  "time_duration=",
2742  "bytes_sent=",
2743  "bytes_received="
2744  };
2745 
2746  if (env_filter_level == 0)
2747  {
2748  return true;
2749  }
2750  else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2751  {
2752  return true;
2753  }
2754  else if (env_filter_level <= 2)
2755  {
2756  size_t i;
2757  for (i = 0; i < SIZE(env_names); ++i)
2758  {
2759  const char *en = env_names[i];
2760  const size_t len = strlen(en);
2761  if (!strncmp(env_str, en, len))
2762  {
2763  return true;
2764  }
2765  }
2766  return false;
2767  }
2768  return false;
2769 }
2770 
2771 static void
2772 man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
2773 {
2774  if (es)
2775  {
2776  struct env_item *e;
2777  for (e = es->list; e != NULL; e = e->next)
2778  {
2779  if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2780  {
2781  msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2782  }
2783  }
2784  }
2785  if (tail)
2786  {
2787  msg(M_CLIENT, ">%s:ENV,END", prefix);
2788  }
2789 }
2790 
2791 static void
2792 man_output_extra_env(struct management *man, const char *prefix)
2793 {
2794  struct gc_arena gc = gc_new();
2795  struct env_set *es = env_set_create(&gc);
2796  if (man->persist.callback.n_clients)
2797  {
2798  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2799  setenv_int(es, "n_clients", nclients);
2800  }
2801  man_output_env(es, false, man->connection.env_filter_level, prefix);
2802  gc_free(&gc);
2803 }
2804 
2805 void
2806 management_up_down(struct management *man, const char *updown, const struct env_set *es)
2807 {
2808  if (man->settings.flags & MF_UP_DOWN)
2809  {
2810  msg(M_CLIENT, ">UPDOWN:%s", updown);
2811  man_output_env(es, true, 0, "UPDOWN");
2812  }
2813 }
2814 
2815 void
2816 management_notify(struct management *man, const char *severity, const char *type, const char *text)
2817 {
2818  msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2819 }
2820 
2821 void
2822 management_notify_generic(struct management *man, const char *str)
2823 {
2824  msg(M_CLIENT, "%s", str);
2825 }
2826 
2827 #ifdef MANAGEMENT_DEF_AUTH
2828 
2829 static void
2830 man_output_peer_info_env(struct management *man, struct man_def_auth_context *mdac)
2831 {
2832  char line[256];
2833  if (man->persist.callback.get_peer_info)
2834  {
2835  const char *peer_info = (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2836  if (peer_info)
2837  {
2838  struct buffer buf;
2839  buf_set_read(&buf, (const uint8_t *) peer_info, strlen(peer_info));
2840  while (buf_parse(&buf, '\n', line, sizeof(line)))
2841  {
2842  chomp(line);
2843  if (validate_peer_info_line(line))
2844  {
2845  msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2846  }
2847  else
2848  {
2849  msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2850  }
2851  }
2852  }
2853  }
2854 }
2855 
2856 void
2857 management_notify_client_needing_auth(struct management *management,
2858  const unsigned int mda_key_id,
2859  struct man_def_auth_context *mdac,
2860  const struct env_set *es)
2861 {
2862  if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2863  {
2864  const char *mode = "CONNECT";
2865  if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2866  {
2867  mode = "REAUTH";
2868  }
2869  msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2870  man_output_extra_env(management, "CLIENT");
2871  if (management->connection.env_filter_level>0)
2872  {
2873  man_output_peer_info_env(management, mdac);
2874  }
2875  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2876  mdac->flags |= DAF_INITIAL_AUTH;
2877  }
2878 }
2879 
2880 void
2881 management_connection_established(struct management *management,
2882  struct man_def_auth_context *mdac,
2883  const struct env_set *es)
2884 {
2885  mdac->flags |= DAF_CONNECTION_ESTABLISHED;
2886  msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
2887  man_output_extra_env(management, "CLIENT");
2888  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2889 }
2890 
2891 void
2892 management_notify_client_close(struct management *management,
2893  struct man_def_auth_context *mdac,
2894  const struct env_set *es)
2895 {
2896  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
2897  {
2898  msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
2899  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2900  mdac->flags |= DAF_CONNECTION_CLOSED;
2901  }
2902 }
2903 
2904 void
2905 management_learn_addr(struct management *management,
2906  struct man_def_auth_context *mdac,
2907  const struct mroute_addr *addr,
2908  const bool primary)
2909 {
2910  struct gc_arena gc = gc_new();
2911  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
2912  {
2913  msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d",
2914  mdac->cid,
2915  mroute_addr_print_ex(addr, MAPF_SUBNET, &gc),
2916  BOOL_CAST(primary));
2917  }
2918  gc_free(&gc);
2919 }
2920 
2921 #endif /* MANAGEMENT_DEF_AUTH */
2922 
2923 void
2924 management_echo(struct management *man, const char *string, const bool pull)
2925 {
2926  if (man->persist.echo)
2927  {
2928  struct gc_arena gc = gc_new();
2929  struct log_entry e;
2930  const char *out = NULL;
2931 
2932  update_time();
2933  CLEAR(e);
2934  e.timestamp = now;
2935  e.string = string;
2936  e.u.intval = BOOL_CAST(pull);
2937 
2938  log_history_add(man->persist.echo, &e);
2939 
2940  if (man->connection.echo_realtime)
2941  {
2943  }
2944 
2945  if (out)
2946  {
2947  man_output_list_push(man, out);
2948  }
2949 
2950  gc_free(&gc);
2951  }
2952 }
2953 
2954 void
2955 management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
2956 {
2957  /*
2958  * If we are running management over the tunnel,
2959  * this is the place to initialize the connection.
2960  */
2962  && man->connection.state == MS_INITIAL)
2963  {
2964  /* listen on our local TUN/TAP IP address */
2965  struct in_addr ia;
2966  int ret;
2967 
2968  ia.s_addr = htonl(tun_local_ip);
2969  ret = openvpn_getaddrinfo(GETADDR_PASSIVE, inet_ntoa(ia), NULL, 0, NULL,
2970  AF_INET, &man->settings.local);
2971  ASSERT(ret==0);
2972  man_connection_init(man);
2973  }
2974 
2975 }
2976 
2977 void
2978 management_pre_tunnel_close(struct management *man)
2979 {
2981  {
2982  man_connection_close(man);
2983  }
2984 }
2985 
2986 void
2987 management_auth_failure(struct management *man, const char *type, const char *reason)
2988 {
2989  if (reason)
2990  {
2991  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
2992  }
2993  else
2994  {
2995  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
2996  }
2997 }
2998 
2999 void
3000 management_auth_token(struct management *man, const char *token)
3001 {
3002  msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3003 }
3004 
3005 static inline bool
3006 man_persist_state(unsigned int *persistent, const int n)
3007 {
3008  if (persistent)
3009  {
3010  if (*persistent == (unsigned int)n)
3011  {
3012  return false;
3013  }
3014  *persistent = n;
3015  }
3016  return true;
3017 }
3018 
3019 #ifdef _WIN32
3020 
3021 void
3022 management_socket_set(struct management *man,
3023  struct event_set *es,
3024  void *arg,
3025  unsigned int *persistent)
3026 {
3027  if (man->connection.state != MS_INITIAL)
3028  {
3031 
3032  switch (man->connection.state)
3033  {
3034  case MS_LISTEN:
3035  if (man_persist_state(persistent, 1))
3036  {
3037  event_ctl(es, ev, EVENT_READ, arg);
3038  }
3039  break;
3040 
3041  case MS_CC_WAIT_READ:
3042  if (man_persist_state(persistent, 2))
3043  {
3044  event_ctl(es, ev, EVENT_READ, arg);
3045  }
3046  break;
3047 
3048  case MS_CC_WAIT_WRITE:
3049  if (man_persist_state(persistent, 3))
3050  {
3051  event_ctl(es, ev, EVENT_READ|EVENT_WRITE, arg);
3052  }
3053  break;
3054 
3055  default:
3056  ASSERT(0);
3057  }
3058  }
3059 }
3060 
3061 void
3062 management_io(struct management *man)
3063 {
3064  if (man->connection.state != MS_INITIAL)
3065  {
3066  long net_events;
3068  net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3069 
3070  if (net_events & FD_CLOSE)
3071  {
3072  man_reset_client_socket(man, false);
3073  }
3074  else
3075  {
3076  if (man->connection.state == MS_LISTEN)
3077  {
3078  if (net_events & FD_ACCEPT)
3079  {
3080  man_accept(man);
3082  }
3083  }
3084  else if (man->connection.state == MS_CC_WAIT_READ || man->connection.state == MS_CC_WAIT_WRITE)
3085  {
3086  if (net_events & FD_READ)
3087  {
3088  while (man_read(man) > 0)
3089  {
3090  }
3092  }
3093 
3094  if (net_events & FD_WRITE)
3095  {
3096  int status;
3097  status = man_write(man);
3098  if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3099  {
3101  }
3102  }
3103  }
3104  }
3105  }
3106 }
3107 
3108 #else /* ifdef _WIN32 */
3109 
3110 void
3111 management_socket_set(struct management *man,
3112  struct event_set *es,
3113  void *arg,
3114  unsigned int *persistent)
3115 {
3116  switch (man->connection.state)
3117  {
3118  case MS_LISTEN:
3119  if (man_persist_state(persistent, 1))
3120  {
3121  event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3122  }
3123  break;
3124 
3125  case MS_CC_WAIT_READ:
3126  if (man_persist_state(persistent, 2))
3127  {
3128  event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3129  }
3130  break;
3131 
3132  case MS_CC_WAIT_WRITE:
3133  if (man_persist_state(persistent, 3))
3134  {
3135  event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3136  }
3137  break;
3138 
3139  case MS_INITIAL:
3140  break;
3141 
3142  default:
3143  ASSERT(0);
3144  }
3145 }
3146 
3147 void
3148 management_io(struct management *man)
3149 {
3150  switch (man->connection.state)
3151  {
3152  case MS_LISTEN:
3153  man_accept(man);
3154  break;
3155 
3156  case MS_CC_WAIT_READ:
3157  man_read(man);
3158  break;
3159 
3160  case MS_CC_WAIT_WRITE:
3161  man_write(man);
3162  break;
3163 
3164  case MS_INITIAL:
3165  break;
3166 
3167  default:
3168  ASSERT(0);
3169  }
3170 }
3171 
3172 #endif /* ifdef _WIN32 */
3173 
3174 static inline bool
3175 man_standalone_ok(const struct management *man)
3176 {
3177  return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3178 }
3179 
3180 static bool
3181 man_check_for_signals(volatile int *signal_received)
3182 {
3183  if (signal_received)
3184  {
3185  get_signal(signal_received);
3186  if (*signal_received)
3187  {
3188  return true;
3189  }
3190  }
3191  return false;
3192 }
3193 
3194 /*
3195  * Wait for socket I/O when outside primary event loop
3196  */
3197 static int
3198 man_block(struct management *man, volatile int *signal_received, const time_t expire)
3199 {
3200  struct timeval tv;
3201  struct event_set_return esr;
3202  int status = -1;
3203 
3204  if (man_standalone_ok(man))
3205  {
3206  while (true)
3207  {
3208  event_reset(man->connection.es);
3209  management_socket_set(man, man->connection.es, NULL, NULL);
3210  tv.tv_usec = 0;
3211  tv.tv_sec = 1;
3212  if (man_check_for_signals(signal_received))
3213  {
3214  status = -1;
3215  break;
3216  }
3217  status = event_wait(man->connection.es, &tv, &esr, 1);
3218  update_time();
3219  if (man_check_for_signals(signal_received))
3220  {
3221  status = -1;
3222  break;
3223  }
3224 
3225  if (status > 0)
3226  {
3227  break;
3228  }
3229  else if (expire && now >= expire)
3230  {
3231  /* set SIGINT signal if expiration time exceeded */
3232  status = 0;
3233  if (signal_received)
3234  {
3235  *signal_received = SIGINT;
3236  }
3237  break;
3238  }
3239  }
3240  }
3241  return status;
3242 }
3243 
3244 /*
3245  * Perform management socket output outside primary event loop
3246  */
3247 static void
3248 man_output_standalone(struct management *man, volatile int *signal_received)
3249 {
3250  if (man_standalone_ok(man))
3251  {
3252  while (man->connection.state == MS_CC_WAIT_WRITE)
3253  {
3254  management_io(man);
3255  if (man->connection.state == MS_CC_WAIT_WRITE)
3256  {
3257  man_block(man, signal_received, 0);
3258  }
3259  if (signal_received && *signal_received)
3260  {
3261  break;
3262  }
3263  }
3264  }
3265 }
3266 
3267 /*
3268  * Process management event loop outside primary event loop
3269  */
3270 static int
3271 man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
3272 {
3273  int status = -1;
3274  if (man_standalone_ok(man))
3275  {
3276  status = man_block(man, signal_received, expire);
3277  if (status > 0)
3278  {
3279  management_io(man);
3280  }
3281  }
3282  return status;
3283 }
3284 
3285 #define MWCC_PASSWORD_WAIT (1<<0)
3286 #define MWCC_HOLD_WAIT (1<<1)
3287 #define MWCC_OTHER_WAIT (1<<2)
3288 
3289 /*
3290  * Block until client connects
3291  */
3292 static void
3293 man_wait_for_client_connection(struct management *man,
3294  volatile int *signal_received,
3295  const time_t expire,
3296  unsigned int flags)
3297 {
3298  ASSERT(man_standalone_ok(man));
3299  if (man->connection.state == MS_LISTEN)
3300  {
3301  if (flags & MWCC_PASSWORD_WAIT)
3302  {
3303  msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3304  }
3305  if (flags & MWCC_HOLD_WAIT)
3306  {
3307  msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3308  }
3309  if (flags & MWCC_OTHER_WAIT)
3310  {
3311  msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3312  }
3313  do
3314  {
3315  man_standalone_event_loop(man, signal_received, expire);
3316  if (signal_received && *signal_received)
3317  {
3318  break;
3319  }
3320  } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3321  }
3322 }
3323 
3324 /*
3325  * Process the management event loop for sec seconds
3326  */
3327 void
3328 management_event_loop_n_seconds(struct management *man, int sec)
3329 {
3330  if (man_standalone_ok(man))
3331  {
3332  volatile int signal_received = 0;
3333  const bool standalone_disabled_save = man->persist.standalone_disabled;
3334  time_t expire = 0;
3335 
3336  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3337 
3338  /* set expire time */
3339  update_time();
3340  if (sec)
3341  {
3342  expire = now + sec;
3343  }
3344 
3345  /* if no client connection, wait for one */
3346  man_wait_for_client_connection(man, &signal_received, expire, 0);
3347  if (signal_received)
3348  {
3349  return;
3350  }
3351 
3352  /* run command processing event loop */
3353  do
3354  {
3355  man_standalone_event_loop(man, &signal_received, expire);
3356  if (!signal_received)
3357  {
3358  man_check_for_signals(&signal_received);
3359  }
3360  if (signal_received)
3361  {
3362  return;
3363  }
3364  update_time();
3365  } while (expire && expire > now);
3366 
3367  /* revert state */
3368  man->persist.standalone_disabled = standalone_disabled_save;
3369  }
3370  else
3371  {
3372  sleep(sec);
3373  }
3374 }
3375 
3376 /*
3377  * Get a username/password from management channel in standalone mode.
3378  */
3379 bool
3380 management_query_user_pass(struct management *man,
3381  struct user_pass *up,
3382  const char *type,
3383  const unsigned int flags,
3384  const char *static_challenge)
3385 {
3386  struct gc_arena gc = gc_new();
3387  bool ret = false;
3388 
3389  if (man_standalone_ok(man))
3390  {
3391  volatile int signal_received = 0;
3392  const bool standalone_disabled_save = man->persist.standalone_disabled;
3393  struct buffer alert_msg = alloc_buf_gc(128, &gc);
3394  const char *alert_type = NULL;
3395  const char *prefix = NULL;
3396  unsigned int up_query_mode = 0;
3397 #ifdef ENABLE_CLIENT_CR
3398  const char *sc = NULL;
3399 #endif
3400  ret = true;
3401  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3402  man->persist.special_state_msg = NULL;
3403 
3404  CLEAR(man->connection.up_query);
3405 
3406  if (flags & GET_USER_PASS_NEED_OK)
3407  {
3408  up_query_mode = UP_QUERY_NEED_OK;
3409  prefix = "NEED-OK";
3410  alert_type = "confirmation";
3411  }
3412  else if (flags & GET_USER_PASS_NEED_STR)
3413  {
3414  up_query_mode = UP_QUERY_NEED_STR;
3415  prefix = "NEED-STR";
3416  alert_type = "string";
3417  }
3418  else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3419  {
3420  up_query_mode = UP_QUERY_PASS;
3421  prefix = "PASSWORD";
3422  alert_type = "password";
3423  }
3424  else
3425  {
3426  up_query_mode = UP_QUERY_USER_PASS;
3427  prefix = "PASSWORD";
3428  alert_type = "username/password";
3429 #ifdef ENABLE_CLIENT_CR
3430  if (static_challenge)
3431  {
3432  sc = static_challenge;
3433  }
3434 #endif
3435  }
3436  buf_printf(&alert_msg, ">%s:Need '%s' %s",
3437  prefix,
3438  type,
3439  alert_type);
3440 
3441  if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3442  {
3443  buf_printf(&alert_msg, " MSG:%s", up->username);
3444  }
3445 
3446 #ifdef ENABLE_CLIENT_CR
3447  if (sc)
3448  {
3449  buf_printf(&alert_msg, " SC:%d,%s",
3451  sc);
3452  }
3453 #endif
3454 
3455  man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3456  if (signal_received)
3457  {
3458  ret = false;
3459  }
3460 
3461  if (ret)
3462  {
3463  man->persist.special_state_msg = BSTR(&alert_msg);
3464  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3465 
3466  /* tell command line parser which info we need */
3467  man->connection.up_query_mode = up_query_mode;
3468  man->connection.up_query_type = type;
3469 
3470  /* run command processing event loop until we get our username/password/response */
3471  do
3472  {
3473  man_standalone_event_loop(man, &signal_received, 0);
3474  if (!signal_received)
3475  {
3476  man_check_for_signals(&signal_received);
3477  }
3478  if (signal_received)
3479  {
3480  ret = false;
3481  break;
3482  }
3483  } while (!man->connection.up_query.defined);
3484  }
3485 
3486  /* revert state */
3488  man->connection.up_query_type = NULL;
3489  man->persist.standalone_disabled = standalone_disabled_save;
3490  man->persist.special_state_msg = NULL;
3491 
3492  /* pass through blank passwords */
3493  if (!strcmp(man->connection.up_query.password, blank_up))
3494  {
3496  }
3497 
3498  /*
3499  * Transfer u/p to return object, zero any record
3500  * we hold in the management object.
3501  */
3502  if (ret)
3503  {
3504  /* preserve caller's settings */
3505  man->connection.up_query.nocache = up->nocache;
3507  *up = man->connection.up_query;
3508  }
3509  secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3510  }
3511 
3512  gc_free(&gc);
3513  return ret;
3514 }
3515 
3516 #ifdef MANAGMENT_EXTERNAL_KEY
3517 
3518 static int
3519 management_query_multiline(struct management *man,
3520  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3521 {
3522  struct gc_arena gc = gc_new();
3523  int ret = 0;
3524  volatile int signal_received = 0;
3525  struct buffer alert_msg = clear_buf();
3526  const bool standalone_disabled_save = man->persist.standalone_disabled;
3527  struct man_connection *mc = &man->connection;
3528 
3529  if (man_standalone_ok(man))
3530  {
3531  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3532  man->persist.special_state_msg = NULL;
3533 
3534  *state = EKS_SOLICIT;
3535 
3536  if (b64_data)
3537  {
3538  alert_msg = alloc_buf_gc(strlen(b64_data)+strlen(prompt)+3, &gc);
3539  buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3540  }
3541  else
3542  {
3543  alert_msg = alloc_buf_gc(strlen(prompt)+3, &gc);
3544  buf_printf(&alert_msg, ">%s", prompt);
3545  }
3546 
3547  man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3548 
3549  if (signal_received)
3550  {
3551  goto done;
3552  }
3553 
3554  man->persist.special_state_msg = BSTR(&alert_msg);
3555  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3556 
3557  /* run command processing event loop until we get our signature */
3558  do
3559  {
3560  man_standalone_event_loop(man, &signal_received, 0);
3561  if (!signal_received)
3562  {
3563  man_check_for_signals(&signal_received);
3564  }
3565  if (signal_received)
3566  {
3567  goto done;
3568  }
3569  } while (*state != EKS_READY);
3570 
3571  ret = 1;
3572  }
3573 
3574 done:
3575  if (*state == EKS_READY && ret)
3576  {
3577  msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3578  }
3579  else if (*state == EKS_INPUT || *state == EKS_READY)
3580  {
3581  msg(M_CLIENT, "ERROR: %s command failed", cmd);
3582  }
3583 
3584  /* revert state */
3585  man->persist.standalone_disabled = standalone_disabled_save;
3586  man->persist.special_state_msg = NULL;
3588  *state = EKS_UNDEF;
3589 
3590  gc_free(&gc);
3591  return ret;
3592 }
3593 
3594 static char *
3595 /* returns allocated base64 signature */
3597  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3598 {
3599  int ok;
3600  char *result = NULL;
3601  struct buffer *buf;
3602 
3603  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3604  if (ok && buffer_list_defined(*input))
3605  {
3606  buffer_list_aggregate_separator(*input, 10000, "\n");
3607  buf = buffer_list_peek(*input);
3608  if (buf && BLEN(buf) > 0)
3609  {
3610  result = (char *) malloc(BLEN(buf)+1);
3611  check_malloc_return(result);
3612  memcpy(result, buf->data, BLEN(buf));
3613  result[BLEN(buf)] = '\0';
3614  }
3615  }
3616 
3617  buffer_list_free(*input);
3618  *input = NULL;
3619 
3620  return result;
3621 }
3622 
3623 static char *
3624 /* returns allocated base64 signature */
3625 management_query_multiline_flatten(struct management *man,
3626  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3627 {
3628  int ok;
3629  char *result = NULL;
3630  struct buffer *buf;
3631 
3632  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3633  if (ok && buffer_list_defined(*input))
3634  {
3635  buffer_list_aggregate(*input, 2048);
3636  buf = buffer_list_peek(*input);
3637  if (buf && BLEN(buf) > 0)
3638  {
3639  result = (char *) malloc(BLEN(buf)+1);
3640  check_malloc_return(result);
3641  memcpy(result, buf->data, BLEN(buf));
3642  result[BLEN(buf)] = '\0';
3643  }
3644  }
3645 
3646  buffer_list_free(*input);
3647  *input = NULL;
3648 
3649  return result;
3650 }
3651 
3652 char *
3653 /* returns allocated base64 signature */
3654 management_query_rsa_sig(struct management *man,
3655  const char *b64_data)
3656 {
3657  return management_query_multiline_flatten(man, b64_data, "RSA_SIGN", "rsa-sign",
3658  &man->connection.ext_key_state, &man->connection.ext_key_input);
3659 }
3660 
3661 
3662 char *
3663 management_query_cert(struct management *man, const char *cert_name)
3664 {
3665  const char prompt_1[] = "NEED-CERTIFICATE:";
3666  struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3667  buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3668  buf_write(&buf_prompt, cert_name, strlen(cert_name)+1); /* +1 for \0 */
3669 
3670  char *result;
3671  result = management_query_multiline_flatten_newline(management,
3672  NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3673  &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3674  free_buf(&buf_prompt);
3675  return result;
3676 }
3677 
3678 #endif /* ifdef MANAGMENT_EXTERNAL_KEY */
3679 
3680 /*
3681  * Return true if management_hold() would block
3682  */
3683 bool
3684 management_would_hold(struct management *man)
3685 {
3686  return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3687 }
3688 
3689 /*
3690  * Return true if (from the management interface's perspective) OpenVPN should
3691  * daemonize.
3692  */
3693 bool
3694 management_should_daemonize(struct management *man)
3695 {
3696  return management_would_hold(man) || (man->settings.flags & MF_QUERY_PASSWORDS);
3697 }
3698 
3699 /*
3700  * If the hold flag is enabled, hibernate until a management client releases the hold.
3701  * Return true if the caller should not sleep for an additional time interval.
3702  */
3703 bool
3704 management_hold(struct management *man, int holdtime)
3705 {
3706  if (management_would_hold(man))
3707  {
3708  volatile int signal_received = 0;
3709  const bool standalone_disabled_save = man->persist.standalone_disabled;
3710  struct gc_arena gc = gc_new();
3711 
3712  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3713  man->persist.special_state_msg = NULL;
3715 
3716  man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3717 
3718  if (!signal_received)
3719  {
3720  struct buffer out = alloc_buf_gc(128, &gc);
3721  buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3722  man->persist.special_state_msg = BSTR(&out);
3723  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3724 
3725  /* run command processing event loop until we get our username/password */
3726  do
3727  {
3728  man_standalone_event_loop(man, &signal_received, 0);
3729  if (!signal_received)
3730  {
3731  man_check_for_signals(&signal_received);
3732  }
3733  if (signal_received)
3734  {
3735  break;
3736  }
3737  } while (!man->persist.hold_release);
3738  }
3739 
3740  /* revert state */
3741  man->persist.standalone_disabled = standalone_disabled_save;
3742  man->persist.special_state_msg = NULL;
3744 
3745  gc_free(&gc);
3746  return true;
3747  }
3748  return false;
3749 }
3750 
3751 /*
3752  * struct command_line
3753  */
3754 
3755 struct command_line *
3757 {
3758  struct command_line *cl;
3759  ALLOC_OBJ_CLEAR(cl, struct command_line);
3760  cl->buf = alloc_buf(buf_len);
3761  cl->residual = alloc_buf(buf_len);
3762  return cl;
3763 }
3764 
3765 void
3767 {
3768  buf_clear(&cl->buf);
3769  buf_clear(&cl->residual);
3770 }
3771 
3772 void
3774 {
3775  command_line_reset(cl);
3776  free_buf(&cl->buf);
3777  free_buf(&cl->residual);
3778  free(cl);
3779 }
3780 
3781 void
3782 command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
3783 {
3784  int i;
3785  for (i = 0; i < len; ++i)
3786  {
3787  if (buf[i] && char_class(buf[i], (CC_PRINT|CC_NEWLINE)))
3788  {
3789  if (!buf_write_u8(&cl->buf, buf[i]))
3790  {
3791  buf_clear(&cl->buf);
3792  }
3793  }
3794  }
3795 }
3796 
3797 const unsigned char *
3799 {
3800  int i;
3801  const unsigned char *ret = NULL;
3802 
3803  i = buf_substring_len(&cl->buf, '\n');
3804  if (i >= 0)
3805  {
3806  buf_copy_excess(&cl->residual, &cl->buf, i);
3807  buf_chomp(&cl->buf);
3808  ret = (const unsigned char *) BSTR(&cl->buf);
3809  }
3810  return ret;
3811 }
3812 
3813 void
3815 {
3816  buf_clear(&cl->buf);
3817  buf_copy(&cl->buf, &cl->residual);
3818  buf_clear(&cl->residual);
3819 }
3820 
3821 /*
3822  * struct log_entry
3823  */
3824 
3825 const char *
3826 log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3827 {
3828  struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3829  if (flags & LOG_FATAL_NOTIFY)
3830  {
3831  buf_printf(&out, ">FATAL:");
3832  }
3833  if (flags & LOG_PRINT_LOG_PREFIX)
3834  {
3835  buf_printf(&out, ">LOG:");
3836  }
3837  if (flags & LOG_PRINT_ECHO_PREFIX)
3838  {
3839  buf_printf(&out, ">ECHO:");
3840  }
3841  if (flags & LOG_PRINT_STATE_PREFIX)
3842  {
3843  buf_printf(&out, ">STATE:");
3844  }
3845  if (flags & LOG_PRINT_INT_DATE)
3846  {
3847  buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3848  }
3849  if (flags & LOG_PRINT_MSG_FLAGS)
3850  {
3851  buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3852  }
3853  if (flags & LOG_PRINT_STATE)
3854  {
3855  buf_printf(&out, "%s,", man_state_name(e->u.state));
3856  }
3857  if (flags & LOG_PRINT_INTVAL)
3858  {
3859  buf_printf(&out, "%d,", e->u.intval);
3860  }
3861  if (e->string)
3862  {
3863  buf_printf(&out, "%s", e->string);
3864  }
3865  if (flags & LOG_PRINT_LOCAL_IP)
3866  {
3867  buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
3868  }
3869  if (flags & LOG_PRINT_REMOTE_IP)
3870  {
3871  buf_printf(&out, ",%s", (!addr_defined(&e->remote_sock) ? "," :
3873  buf_printf(&out, ",%s", (!addr_defined(&e->local_sock) ? "," :
3875  }
3876  if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
3877  {
3878  buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
3879  }
3880  if (flags & LOG_ECHO_TO_LOG)
3881  {
3882  msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
3883  }
3884  if (flags & LOG_PRINT_CRLF)
3885  {
3886  buf_printf(&out, "\r\n");
3887  }
3888  return BSTR(&out);
3889 }
3890 
3891 static void
3893 {
3894  if (e->string)
3895  {
3896  free((char *)e->string);
3897  }
3898  CLEAR(*e);
3899 }
3900 
3901 /*
3902  * struct log_history
3903  */
3904 
3905 static inline int
3906 log_index(const struct log_history *h, int i)
3907 {
3908  return modulo_add(h->base, i, h->capacity);
3909 }
3910 
3911 static void
3913 {
3914  CLEAR(*h);
3915  h->capacity = capacity;
3916  ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
3917 }
3918 
3919 struct log_history *
3921 {
3922  struct log_history *h;
3923  ASSERT(capacity > 0);
3924  ALLOC_OBJ(h, struct log_history);
3925  log_history_obj_init(h, capacity);
3926  return h;
3927 }
3928 
3929 static void
3931 {
3932  int i;
3933  for (i = 0; i < h->size; ++i)
3934  {
3936  }
3937  free(h->array);
3938 }
3939 
3940 void
3942 {
3944  free(h);
3945 }
3946 
3947 void
3948 log_history_add(struct log_history *h, const struct log_entry *le)
3949 {
3950  struct log_entry *e;
3951  ASSERT(h->size >= 0 && h->size <= h->capacity);
3952  if (h->size == h->capacity)
3953  {
3954  e = &h->array[h->base];
3956  h->base = log_index(h, 1);
3957  }
3958  else
3959  {
3960  e = &h->array[log_index(h, h->size)];
3961  ++h->size;
3962  }
3963 
3964  *e = *le;
3965  e->string = string_alloc(le->string, NULL);
3966 }
3967 
3968 void
3969 log_history_resize(struct log_history *h, const int capacity)
3970 {
3971  if (capacity != h->capacity)
3972  {
3973  struct log_history newlog;
3974  int i;
3975 
3976  ASSERT(capacity > 0);
3977  log_history_obj_init(&newlog, capacity);
3978 
3979  for (i = 0; i < h->size; ++i)
3980  {
3981  log_history_add(&newlog, &h->array[log_index(h, i)]);
3982  }
3983 
3985  *h = newlog;
3986  }
3987 }
3988 
3989 const struct log_entry *
3990 log_history_ref(const struct log_history *h, const int index)
3991 {
3992  if (index >= 0 && index < h->size)
3993  {
3994  return &h->array[log_index(h, (h->size - 1) - index)];
3995  }
3996  else
3997  {
3998  return NULL;
3999  }
4000 }
4001 
4002 void
4003 management_sleep(const int n)
4004 {
4005  if (management)
4006  {
4007  management_event_loop_n_seconds(management, n);
4008  }
4009  else
4010  {
4011  sleep(n);
4012  }
4013 }
4014 
4015 #else /* ifdef ENABLE_MANAGEMENT */
4016 
4017 void
4018 management_sleep(const int n)
4019 {
4020  sleep(n);
4021 }
4022 
4023 #endif /* ENABLE_MANAGEMENT */
char * management_query_cert(struct management *man, const char *cert_name)
Definition: manage.c:3663
unsigned int platform_getpid(void)
Definition: platform.c:176
static bool buf_write_u8(struct buffer *dest, int data)
Definition: buffer.h:687
#define UP_QUERY_DISABLED
Definition: manage.h:248
static const char * man_state_name(const int state)
Definition: manage.c:131
void management_close(struct management *man)
Definition: manage.c:2640
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:505
void command_line_reset(struct command_line *cl)
Definition: manage.c:3766
union log_entry_union u
Definition: manage.h:97
static void man_status(struct management *man, const int version, struct status_output *so)
Definition: manage.c:445
union openvpn_sockaddr::@6 addr
void(* delete_event)(void *arg, event_t event)
Definition: manage.h:165
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition: manage.h:38
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:343
#define MSG_NOSIGNAL
Definition: socket.h:256
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition: platform.c:106
const char * string
Definition: manage.h:92
int client_uid
Definition: manage.h:237
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition: manage.c:694
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:319
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
#define ALLOC_OBJ(dptr, type)
Definition: buffer.h:1012
bool buffer_list_defined(const struct buffer_list *ol)
Definition: buffer.c:1159
static void man_echo(struct management *man, const char *parm)
Definition: manage.c:641
unsigned int flags_default
Definition: status.h:34
static void man_forget_passwords(struct management *man)
Definition: manage.c:763
void free_buf(struct buffer *buf)
Definition: buffer.c:191
static void man_output_extra_env(struct management *man, const char *prefix)
Definition: manage.c:2792
#define D_MANAGEMENT_DEBUG
Definition: errlevel.h:134
static int buf_len(const struct buffer *buf)
Definition: buffer.h:235
bool management_over_tunnel
Definition: manage.h:231
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:626
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition: manage.c:3826
int password_tries
Definition: manage.h:273
struct log_history * state
Definition: manage.h:214
#define UP_QUERY_USER_PASS
Definition: manage.h:249
#define USER_PASS_LEN
Definition: misc.h:183
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition: manage.c:3293
bool validate_peer_info_line(char *line)
Definition: misc.c:1555
#define streq(x, y)
Definition: options.h:613
static void in_extra_dispatch(struct management *man)
Definition: manage.c:881
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:396
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Definition: socket.c:84
int state
Definition: manage.h:85
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2855
#define M_INFO
Definition: errlevel.h:55
static int log_history_size(const struct log_history *h)
Definition: manage.h:139
#define SIZE(x)
Definition: basic.h:30
static void man_process_command(struct management *man, const char *line)
Definition: manage.c:1950
static bool man_password_needed(struct management *man)
Definition: manage.c:188
struct openvpn_sockaddr remote_sock
Definition: manage.h:96
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition: win32.h:125
struct man_persist persist
Definition: manage.h:325
static void man_output_list_push(struct management *man, const char *str)
Definition: manage.c:258
unsigned int msg_flags
Definition: manage.h:84
static bool man_persist_state(unsigned int *persistent, const int n)
Definition: manage.c:3006
void throw_signal_soft(const int signum, const char *signal_text)
Definition: sig.c:111
struct user_pass up_query
Definition: manage.h:312
bool char_class(const unsigned char c, const unsigned int flags)
Definition: buffer.c:855
static void gc_free(struct gc_arena *a)
Definition: buffer.h:990
const char * msg_flags_string(const unsigned int flags, struct gc_arena *gc)
Definition: error.c:787
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition: platform.c:67
const char * up_query_type
Definition: manage.h:310
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:2987
#define EVENT_METHOD_FAST
Definition: event.h:42
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition: manage.c:2816
#define CC_PRINT
Definition: buffer.h:882
#define UP_QUERY_PASS
Definition: manage.h:250
struct man_connection connection
Definition: manage.h:327
struct buffer_list * buffer_list_new(const int max_size)
Definition: buffer.c:1139
#define ASSERT(x)
Definition: error.h:221
static void man_proxy(struct management *man, const char **p)
Definition: manage.c:1181
struct management_callback callback
Definition: manage.h:211
#define SIGUSR1
Definition: config-msvc.h:116
static void man_record_peer_info(struct management *man)
Definition: manage.c:1606
int size
Definition: manage.h:123
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition: manage.c:3990
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
void buffer_list_free(struct buffer_list *ol)
Definition: buffer.c:1149
struct command_line * command_line_new(const int buf_len)
Definition: manage.c:3756
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Definition: buffer.c:1278
#define MF_UNIX_SOCK
Definition: manage.h:349
static void man_log(struct management *man, const char *parm)
Definition: manage.c:630
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const char *write_peer_info_file, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2366
#define M_FATAL
Definition: error.h:94
static void man_bytecount(struct management *man, const int update_seconds)
Definition: manage.c:458
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:223
static void man_listen(struct management *man)
Definition: manage.c:1770
#define CLEAR(x)
Definition: basic.h:33
static int modulo_add(int x, int y, int mod)
Definition: integer.h:106
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition: mroute.c:407
void man_bytecount_output_client(struct management *man)
Definition: manage.c:472
bool defined
Definition: misc.h:174
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:506
static void man_help(void)
Definition: manage.c:71
#define in_addr_t
Definition: config-msvc.h:104
struct buffer buf
Definition: manage.h:63
#define MAX_PARMS
Definition: options.h:53
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4219
struct addrinfo * local
Definition: manage.h:227
void command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
Definition: manage.c:3782
#define UP_QUERY_NEED_OK
Definition: manage.h:251
void command_line_free(struct command_line *cl)
Definition: manage.c:3773
#define SIGTERM
Definition: config-msvc.h:118
counter_type bytes_in
Definition: manage.h:220
static void get_signal(volatile int *sig)
Definition: sig.h:92
#define SIGHUP
Definition: config-msvc.h:114
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition: event.h:125
static void man_net(struct management *man)
Definition: manage.c:772
int echo_buffer_size
Definition: manage.h:234
bool management_hold(struct management *man, int holdtime)
Definition: manage.c:3704
struct in6_addr local_ip6
Definition: manage.h:94
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition: manage.c:307
void management_echo(struct management *man, const char *string, const bool pull)
Definition: manage.c:2924
#define OPENVPN_STATE_AUTH
Definition: manage.h:503
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3596
#define openvpn_errno()
Definition: error.h:74
void(* status)(void *arg, const int version, struct status_output *so)
Definition: manage.h:161
in_addr_t local_ip
Definition: manage.h:93
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition: manage.c:2772
char username[USER_PASS_LEN]
Definition: misc.h:185
counter_type link_read_bytes_global
Definition: forward.c:50
#define LOG_PRINT_CRLF
Definition: manage.h:109
void buffer_list_push(struct buffer_list *ol, const unsigned char *str)
Definition: buffer.c:1180
#define PS_SHOW_PORT
Definition: socket.h:346
static const char blank_up[]
Definition: manage.c:61
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition: manage.c:3380
#define MF_SERVER
Definition: manage.h:337
static void man_hold(struct management *man, const char *cmd)
Definition: manage.c:820
Definition: misc.h:44
int capacity
Size in bytes of memory allocated by malloc().
Definition: buffer.h:62
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition: event.c:1180
static void man_certificate(struct management *man)
Definition: manage.c:1124
#define LOG_PRINT_LOG_PREFIX
Definition: manage.h:100
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition: status.c:63
#define LOG_PRINT_LOCAL_IP
Definition: manage.h:107
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:663
#define openvpn_close_socket(s)
Definition: socket.h:261
bool status_close(struct status_output *so)
Definition: status.c:203
time_t bytecount_last_update
Definition: manage.h:308
#define LOG_PRINT_ECHO_PREFIX
Definition: manage.h:101
const char * signal_name(const int sig, const bool upper)
Definition: sig.c:77
static void man_check_password(struct management *man, const char *line)
Definition: manage.c:194
FILE * platform_fopen(const char *path, const char *mode)
Definition: platform.c:300
bool nocache
Definition: misc.h:175
#define BPTR(buf)
Definition: buffer.h:124
static int platform_state_user_uid(const struct platform_state_user *s)
Definition: platform.h:88
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:349
void * arg
Definition: status.h:33
void net_event_win32_stop(struct net_event_win32 *ne)
Definition: win32.c:359
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const char *write_peer_info_file, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2583
#define LOG_PRINT_INTVAL
Definition: manage.h:112
#define OPENVPN_STATE_WAIT
Definition: manage.h:502
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition: socket.h:619
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
Definition: misc.h:233
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:277
char * write_peer_info_file
Definition: manage.h:236
int get_debug_level(void)
Definition: error.c:138
#define MF_HOLD
Definition: manage.h:339
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:393
static void man_connection_settings_reset(struct management *man)
Definition: manage.c:1648
int up_query_mode
Definition: manage.h:311
struct env_item * list
Definition: misc.h:51
#define MN_AT_LEAST
Definition: manage.c:1158
#define counter_format
Definition: common.h:39
time_t timestamp
Definition: manage.h:91
bool(* proxy_cmd)(void *arg, const char **p)
Definition: manage.h:183
static struct gc_arena gc_new(void)
Definition: buffer.h:982
struct user_pass up
Definition: manage.h:232
static bool ignore_sys_error(const int err)
Definition: error.h:366
time_t now
Definition: otime.c:36
bool standalone_disabled
Definition: manage.h:210
void log_history_close(struct log_history *h)
Definition: manage.c:3941
static void man_rsa_sig(struct management *man)
Definition: manage.c:1108
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:376
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition: error.h:350
void chomp(char *str)
Definition: buffer.c:591
void management_notify_generic(struct management *man, const char *str)
Definition: manage.c:2822
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1017
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition: manage.c:3022
struct event_set * es
Definition: manage.h:301
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2835
#define OPENVPN_STATE_ADD_ROUTES
Definition: manage.h:496
static int man_read(struct management *man)
Definition: manage.c:2157
#define LOG_PRINT_STATE_PREFIX
Definition: manage.h:102
void buffer_list_advance(struct buffer_list *ol, int n)
Definition: buffer.c:1301
#define sleep(x)
Definition: syshead.h:42
#define MANAGEMENT_VERSION
Definition: manage.h:34
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:749
void management_event_loop_n_seconds(struct management *man, int sec)
Definition: manage.c:3328
struct management * management_init(void)
Definition: manage.c:2567
void management_auth_token(struct management *man, const char *token)
Definition: manage.c:3000
static void man_query_password(struct management *man, const char *type, const char *string)
Definition: manage.c:736
static void man_kill(struct management *man, const char *victim)
Definition: manage.c:503
#define M_ERR
Definition: error.h:110
#define GET_USER_PASS_PASSWORD_ONLY
Definition: misc.h:225
#define GET_USER_PASS_NEED_OK
Definition: misc.h:226
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition: manage.c:584
int capacity
Definition: manage.h:124
#define OPENVPN_STATE_CONNECTING
Definition: manage.h:494
bool set_mute_cutoff(const int cutoff)
Definition: error.c:124
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:494
void ssl_purge_auth(const bool auth_user_pass_only)
Definition: ssl.c:479
#define MANSIG_MAP_USR1_TO_TERM
Definition: manage.h:243
static void man_accept(struct management *man)
Definition: manage.c:1732
int(* kill_by_cn)(void *arg, const char *common_name)
Definition: manage.h:163
struct command_line * in
Definition: manage.h:275
static void man_delete_unix_socket(struct management *man)
Definition: manage.c:280
static void man_connect(struct management *man)
Definition: manage.c:1833
static SERVICE_STATUS status
Definition: automatic.c:47
static bool man_check_for_signals(volatile int *signal_received)
Definition: manage.c:3181
#define MWCC_PASSWORD_WAIT
Definition: manage.c:3285
struct env_set * env_set_create(struct gc_arena *gc)
Definition: misc.c:437
#define AF_DID_PUSH
static void event_reset(struct event_set *es)
Definition: event.h:107
void net_event_win32_reset(struct net_event_win32 *ne)
Definition: win32.c:353
struct net_event_win32 ne32
Definition: manage.h:268
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3198
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1254
int state_buffer_size
Definition: manage.h:235
void buf_clear(struct buffer *buf)
Definition: buffer.c:162
void net_event_win32_init(struct net_event_win32 *ne)
Definition: win32.c:319
void buffer_list_reset(struct buffer_list *ol)
Definition: buffer.c:1165
unsigned int counter_type
Definition: common.h:38
struct openvpn_sockaddr remote
Definition: manage.h:265
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3831
#define OPENVPN_STATE_ASSIGN_IP
Definition: manage.h:495
static void man_signal(struct management *man, const char *name)
Definition: manage.c:415
static void man_update_io_state(struct management *man)
Definition: manage.c:219
void net_event_win32_close(struct net_event_win32 *ne)
Definition: win32.c:370
struct env_item * next
Definition: misc.h:46
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:708
char * string
Definition: misc.h:45
socket_descriptor_t sd_cli
Definition: manage.h:264
#define LOG_PRINT_STATE
Definition: manage.h:106
counter_type link_write_bytes_global
Definition: forward.c:51
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3625
#define GETADDR_HOST_ORDER
Definition: socket.h:522
void command_line_next(struct command_line *cl)
Definition: manage.c:3814
const char * auth_retry_print(void)
Definition: options.c:4042
int buf_substring_len(const struct buffer *buf, int delim)
Definition: buffer.c:781
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition: manage.c:3248
#define ERR_BUF_SIZE
Definition: error.h:39
bool state_realtime
Definition: manage.h:304
struct management * management
Definition: manage.c:63
static bool management_connected(const struct management *man)
Definition: manage.h:449
#define IER_NEW
Definition: manage.c:853
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition: win32.h:137
static void event_free(struct event_set *es)
Definition: event.h:98
static int platform_state_group_gid(const struct platform_state_group *s)
Definition: platform.h:100
#define GET_USER_PASS_NEED_STR
Definition: misc.h:228
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
bool hold_release
Definition: manage.h:216
bool wait_for_push
Definition: misc.h:177
#define SOCKET_UNDEFINED
Definition: syshead.h:486
#define IER_RESET
Definition: manage.c:852
unsigned int mansig
Definition: manage.h:244
void buf_chomp(struct buffer *buf)
Definition: buffer.c:531
static void man_connection_init(struct management *man)
Definition: manage.c:2486
struct log_history * log_history_init(const int capacity)
Definition: manage.c:3920
static void man_welcome(struct management *man)
Definition: manage.c:177
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition: manage.c:749
int get_mute_cutoff(void)
Definition: error.c:144
static void man_stop_ne32(struct management *man)
Definition: manage.c:1598
#define EVENT_READ
Definition: event.h:36
bool defined
Definition: manage.h:205
void(* show_net)(void *arg, const int msglevel)
Definition: manage.h:162
const unsigned char * command_line_get(struct command_line *cl)
Definition: manage.c:3798
counter_type bytes_out
Definition: manage.h:221
bool management_should_daemonize(struct management *man)
Definition: manage.c:3694
#define BLEN(buf)
Definition: buffer.h:127
void log_history_resize(struct log_history *h, const int capacity)
Definition: manage.c:3969
struct openvpn_sockaddr local_sock
Definition: manage.h:95
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3271
static void man_up_finalize(struct management *man)
Definition: manage.c:664
#define LOG_FATAL_NOTIFY
Definition: manage.h:110
int(* n_clients)(void *arg)
Definition: manage.h:166
#define MF_FORGET_DISCONNECT
Definition: manage.h:341
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Definition: misc.h:244
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition: status.h:35
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1308
struct virtual_output vout
Definition: manage.h:208
static int log_index(const struct log_history *h, int i)
Definition: manage.c:3906
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition: manage.c:2650
unsigned __int8 uint8_t
Definition: config-msvc.h:123
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition: win32.c:326
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1033
int base
Definition: manage.h:122
struct log_history * log
Definition: manage.h:207
static void man_persist_close(struct man_persist *mp)
Definition: manage.c:2344
#define OPENVPN_STATE_RECONNECTING
Definition: manage.h:498
#define MS_LISTEN
Definition: manage.h:256
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition: manage.c:756
int parse_signal(const char *signame)
Definition: sig.c:63
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2674
#define SIGINT
Definition: config-msvc.h:115
#define MF_QUERY_PASSWORDS
Definition: manage.h:338
const char * special_state_msg
Definition: manage.h:218
int log_history_cache
Definition: manage.h:233
int(* kill_by_addr)(void *arg, const in_addr_t addr, const int port)
Definition: manage.h:164
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:879
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max, const char *sep)
Definition: buffer.c:1234
static int man_mod_signal(const struct management *man, const int signum)
Definition: manage.c:389
static void check_malloc_return(const void *p)
Definition: buffer.h:1060
#define MANSIG_MAP_USR1_TO_HUP
Definition: manage.h:242
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition: buffer.c:803
static void log_entry_free_contents(struct log_entry *e)
Definition: manage.c:3892
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition: manage.c:2306
#define GETADDR_FATAL
Definition: socket.h:521
static void man_remote(struct management *man, const char **p)
Definition: manage.c:1202
int env_filter_level
Definition: manage.h:302
void management_clear_callback(struct management *man)
Definition: manage.c:2658
static void man_state(struct management *man, const char *parm)
Definition: manage.c:652
#define MF_UP_DOWN
Definition: manage.h:353
struct buffer clear_buf(void)
Definition: buffer.c:183
static void log_history_free_contents(struct log_history *h)
Definition: manage.c:3930
SOCKET socket_descriptor_t
Definition: syshead.h:487
#define OPENVPN_STATE_GET_CONFIG
Definition: manage.h:504
#define msg
Definition: error.h:173
struct log_entry * array
Definition: manage.h:125
#define OPENVPN_STATE_INITIAL
Definition: manage.h:493
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition: manage.c:2806
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void set_nonblock(int fd)
Definition: fdmisc.c:71
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition: manage.c:3948
bool echo_realtime
Definition: manage.h:306
unsigned int flags
Definition: manage.h:226
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition: manage.h:36
socket_descriptor_t sd_top
Definition: manage.h:263
struct buffer residual
Definition: manage.h:64
static void man_new_connection_post(struct management *man, const char *description)
Definition: manage.c:1661
int intval
Definition: manage.h:86
static void log_history_obj_init(struct log_history *h, int capacity)
Definition: manage.c:3912
void management_io(struct management *man)
Definition: manage.c:3062
#define LOG_PRINT_REMOTE_IP
Definition: manage.h:114
Definition: manage.h:89
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2667
static bool man_io_error(struct management *man, const char *prefix)
Definition: manage.c:2002
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition: manage.c:291
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition: manage.c:856
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
#define OPENVPN_STATE_EXITING
Definition: manage.h:499
#define MANSIG_IGNORE_USR1_HUP
Definition: manage.h:241
#define LOG_PRINT_MSG_FLAGS
Definition: manage.h:105
#define LOG_PRINT_INT_DATE
Definition: manage.h:104
#define MWCC_HOLD_WAIT
Definition: manage.c:3286
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:526
Definition: misc.h:49
#define AF_DID_RESET
static int min_int(int x, int y)
Definition: integer.h:47
void management_pre_tunnel_close(struct management *man)
Definition: manage.c:2978
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1073
void setenv_int(struct env_set *es, const char *name, int value)
Definition: misc.c:548
void throw_signal(const int signum)
Definition: sig.c:104
bool set_debug_level(const int level, const unsigned int flags)
Definition: error.c:106
#define EVENT_WRITE
Definition: event.h:37
static uint8_t * buf_bptr(const struct buffer *buf)
Definition: buffer.h:222
struct buffer_list * out
Definition: manage.h:276
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static void man_query_username(struct management *man, const char *type, const char *string)
Definition: manage.c:728
#define M_CLIENT
Definition: error.h:112
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition: manage.c:2726
#define MWCC_OTHER_WAIT
Definition: manage.c:3287
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3519
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing...
Definition: manage.c:4003
#define GETADDR_PASSIVE
Definition: socket.h:530
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Definition: manage.c:1161
bool defined
Definition: manage.h:225
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition: win32.c:335
#define MS_INITIAL
Definition: manage.h:255
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition: manage.c:1902
bool(* remote_cmd)(void *arg, const char **p)
Definition: manage.h:184
#define BSTR(buf)
Definition: buffer.h:129
#define MAPF_SUBNET
Definition: mroute.h:155
static void man_settings_close(struct man_settings *ms)
Definition: manage.c:2474
#define LOG_ECHO_TO_LOG
Definition: manage.h:116
#define OPENVPN_STATE_CONNECTED
Definition: manage.h:497
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition: win32.h:131
static void man_output_list_push_finalize(struct management *man)
Definition: manage.c:235
#define M_ERRNO
Definition: error.h:99
char password[USER_PASS_LEN]
Definition: misc.h:186
static bool man_standalone_ok(const struct management *man)
Definition: manage.c:3175
#define MS_CC_WAIT_WRITE
Definition: manage.h:258
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition: manage.h:35
bool log_realtime
Definition: manage.h:305
static void man_start_ne32(struct management *man)
Definition: manage.c:1579
bool password_verified
Definition: manage.h:272
static void update_time(void)
Definition: otime.h:93
static void man_connection_close(struct management *man)
Definition: manage.c:2529
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition: manage.c:2955
char * dest
Definition: compat-lz4.h:431
int bytecount_update_seconds
Definition: manage.h:307
#define MANAGEMENT_ECHO_FLAGS
Definition: manage.c:57
char * management_query_rsa_sig(struct management *man, const char *b64_data)
Definition: manage.c:3654
#define BOOL_CAST(x)
Definition: basic.h:27
struct sockaddr sa
Definition: socket.h:68
static int man_write(struct management *man)
Definition: manage.c:2251
#define MF_SIGNAL
Definition: manage.h:340
struct buffer * buffer_list_peek(struct buffer_list *ol)
Definition: buffer.c:1221
#define GETADDR_RESOLVE
Definition: socket.h:520
#define ssize_t
Definition: config-msvc.h:105
int client_gid
Definition: manage.h:238
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:330
static void man_load_stats(struct management *man)
Definition: manage.c:1142
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition: manage.c:1246
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4019
const char title_string[]
Definition: options.c:64
static void man_prompt(struct management *man)
Definition: manage.c:265
#define CC_NEWLINE
Definition: buffer.h:888
#define M_WARN
Definition: error.h:96
static void man_connection_clear(struct man_connection *mc)
Definition: manage.c:2293
#define D_MANAGEMENT
Definition: errlevel.h:88
static void man_output_list_push_str(struct management *man, const char *str)
Definition: manage.c:249
struct man_settings settings
Definition: manage.h:326
bool management_would_hold(struct management *man)
Definition: manage.c:3684
#define MS_CC_WAIT_READ
Definition: manage.h:257
#define D_LINK_ERRORS
Definition: errlevel.h:57
struct log_history * echo
Definition: manage.h:213
#define MF_CONNECT_AS_CLIENT
Definition: manage.h:342
#define OPENVPN_STATE_CLIENT_BASE
Definition: manage.h:508
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition: manage.h:37
#define UP_QUERY_NEED_STR
Definition: manage.h:252