OpenVPN
manage.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #ifdef ENABLE_MANAGEMENT
33 
34 #include "error.h"
35 #include "fdmisc.h"
36 #include "options.h"
37 #include "sig.h"
38 #include "event.h"
39 #include "otime.h"
40 #include "integer.h"
41 #include "misc.h"
42 #include "ssl.h"
43 #include "common.h"
44 #include "manage.h"
45 
46 #include "memdbg.h"
47 
48 #ifdef ENABLE_PKCS11
49 #include "pkcs11.h"
50 #endif
51 
52 #define MANAGEMENT_ECHO_PULL_INFO 0
53 
54 #if MANAGEMENT_ECHO_PULL_INFO
55 #define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
56 #else
57 #define MANAGEMENT_ECHO_FLAGS 0
58 #endif
59 
60 /* tag for blank username/password */
61 static const char blank_up[] = "[[BLANK]]";
62 
63 struct management *management; /* GLOBAL */
64 
65 /* static forward declarations */
66 static void man_output_standalone(struct management *man, volatile int *signal_received);
67 
68 static void man_reset_client_socket(struct management *man, const bool exiting);
69 
70 static void
71 man_help(void)
72 {
73  msg(M_CLIENT, "Management Interface for %s", title_string);
74  msg(M_CLIENT, "Commands:");
75  msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
76  msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
77  msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
78  msg(M_CLIENT, "exit|quit : Close management session.");
79  msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
80  msg(M_CLIENT, "help : Print this message.");
81  msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
82  msg(M_CLIENT, " release current hold and start tunnel.");
83  msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
84  msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
85  msg(M_CLIENT, "load-stats : Show global server load stats.");
86  msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
87  msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
88  msg(M_CLIENT, "mute [n] : Set log mute level to n, or show level if n is absent.");
89  msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
90  msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
91  msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
92  msg(M_CLIENT, " where action is reply string.");
93  msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
94  msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
95  msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
96  msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
97  msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
98 #ifdef ENABLE_PKCS11
99  msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
100  msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
101 #endif
102 #ifdef MANAGEMENT_DEF_AUTH
103  msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
104  msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
105  msg(M_CLIENT, "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
106  msg(M_CLIENT, " text R and optional client reason text CR");
107  msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
108  msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
109 #ifdef MANAGEMENT_PF
110  msg(M_CLIENT, "client-pf CID : Define packet filter for client CID (MULTILINE)");
111 #endif
112 #endif
113  msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
114  msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
115  msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
116  msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
117  msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge");
118  msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END");
119  msg(M_CLIENT, "signal s : Send signal s to daemon,");
120  msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
121  msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
122  msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
123  msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
124  msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
125  msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
126  msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
127  msg(M_CLIENT, "END");
128 }
129 
130 static const char *
131 man_state_name(const int state)
132 {
133  switch (state)
134  {
136  return "INITIAL";
137 
139  return "CONNECTING";
140 
141  case OPENVPN_STATE_WAIT:
142  return "WAIT";
143 
144  case OPENVPN_STATE_AUTH:
145  return "AUTH";
146 
148  return "GET_CONFIG";
149 
151  return "ASSIGN_IP";
152 
154  return "ADD_ROUTES";
155 
157  return "CONNECTED";
158 
160  return "RECONNECTING";
161 
163  return "EXITING";
164 
166  return "RESOLVE";
167 
169  return "TCP_CONNECT";
170 
171  default:
172  return "?";
173  }
174 }
175 
176 static void
177 man_welcome(struct management *man)
178 {
179  msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
181  if (man->persist.special_state_msg)
182  {
183  msg(M_CLIENT, "%s", man->persist.special_state_msg);
184  }
185 }
186 
187 static inline bool
188 man_password_needed(struct management *man)
189 {
190  return man->settings.up.defined && !man->connection.password_verified;
191 }
192 
193 static void
194 man_check_password(struct management *man, const char *line)
195 {
196  if (man_password_needed(man))
197  {
198  if (streq(line, man->settings.up.password))
199  {
200  man->connection.password_verified = true;
201  msg(M_CLIENT, "SUCCESS: password is correct");
202  man_welcome(man);
203  }
204  else
205  {
206  man->connection.password_verified = false;
207  msg(M_CLIENT, "ERROR: bad password");
209  {
210  msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
212  man->connection.halt = true;
213  }
214  }
215  }
216 }
217 
218 static void
219 man_update_io_state(struct management *man)
220 {
221  if (socket_defined(man->connection.sd_cli))
222  {
224  {
226  }
227  else
228  {
230  }
231  }
232 }
233 
234 static void
235 man_output_list_push_finalize(struct management *man)
236 {
237  if (management_connected(man))
238  {
239  man_update_io_state(man);
240  if (!man->persist.standalone_disabled)
241  {
242  volatile int signal_received = 0;
243  man_output_standalone(man, &signal_received);
244  }
245  }
246 }
247 
248 static void
249 man_output_list_push_str(struct management *man, const char *str)
250 {
251  if (management_connected(man) && str)
252  {
253  buffer_list_push(man->connection.out, str);
254  }
255 }
256 
257 static void
258 man_output_list_push(struct management *man, const char *str)
259 {
260  man_output_list_push_str(man, str);
262 }
263 
264 static void
265 man_prompt(struct management *man)
266 {
267  if (man_password_needed(man))
268  {
269  man_output_list_push(man, "ENTER PASSWORD:");
270  }
271 #if 0 /* should we use prompt? */
272  else
273  {
274  man_output_list_push(man, ">");
275  }
276 #endif
277 }
278 
279 static void
280 man_delete_unix_socket(struct management *man)
281 {
282 #if UNIX_SOCK_SUPPORT
284  {
285  socket_delete_unix(&man->settings.local_unix);
286  }
287 #endif
288 }
289 
290 static void
291 man_close_socket(struct management *man, const socket_descriptor_t sd)
292 {
293 #ifndef _WIN32
294  /*
295  * Windows doesn't need this because the ne32 event is permanently
296  * enabled at struct management scope.
297  */
298  if (man->persist.callback.delete_event)
299  {
300  (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
301  }
302 #endif
304 }
305 
306 static void
307 virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
308 {
309  struct management *man = (struct management *) arg;
310  static int recursive_level = 0; /* GLOBAL */
311 
312 #define AF_DID_PUSH (1<<0)
313 #define AF_DID_RESET (1<<1)
314 
315  if (!recursive_level) /* don't allow recursion */
316  {
317  struct gc_arena gc = gc_new();
318  struct log_entry e;
319  const char *out = NULL;
320  unsigned int action_flags = 0;
321 
322  ++recursive_level;
323 
324  CLEAR(e);
325  update_time();
326  e.timestamp = now;
327  e.u.msg_flags = flags;
328  e.string = str;
329 
330  if (flags & M_FATAL)
331  {
332  man->persist.standalone_disabled = false;
333  }
334 
335  if (flags != M_CLIENT)
336  {
337  log_history_add(man->persist.log, &e);
338  }
339 
340  if (!man_password_needed(man))
341  {
342  if (flags == M_CLIENT)
343  {
344  out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
345  }
346  else if (man->connection.log_realtime)
347  {
351  | LOG_PRINT_CRLF, &gc);
352  }
353  if (out)
354  {
355  man_output_list_push_str(man, out);
356  action_flags |= AF_DID_PUSH;
357  }
358  if (flags & M_FATAL)
359  {
361  if (out)
362  {
363  man_output_list_push_str(man, out);
364  action_flags |= (AF_DID_PUSH|AF_DID_RESET);
365  }
366  }
367  }
368 
369  gc_free(&gc);
370 
371  if (action_flags & AF_DID_PUSH)
372  {
374  }
375  if (action_flags & AF_DID_RESET)
376  {
377  man_reset_client_socket(man, true);
378  }
379 
380  --recursive_level;
381  }
382 }
383 
384 /*
385  * Given a signal, return the signal with possible remapping applied,
386  * or -1 if the signal should be ignored.
387  */
388 static int
389 man_mod_signal(const struct management *man, const int signum)
390 {
391  const unsigned int flags = man->settings.mansig;
392  int s = signum;
393  if (s == SIGUSR1)
394  {
395  if (flags & MANSIG_MAP_USR1_TO_HUP)
396  {
397  s = SIGHUP;
398  }
399  if (flags & MANSIG_MAP_USR1_TO_TERM)
400  {
401  s = SIGTERM;
402  }
403  }
404  if (flags & MANSIG_IGNORE_USR1_HUP)
405  {
406  if (s == SIGHUP || s == SIGUSR1)
407  {
408  s = -1;
409  }
410  }
411  return s;
412 }
413 
414 static void
415 man_signal(struct management *man, const char *name)
416 {
417  const int sig = parse_signal(name);
418  if (sig >= 0)
419  {
420  const int sig_mod = man_mod_signal(man, sig);
421  if (sig_mod >= 0)
422  {
423  throw_signal(sig_mod);
424  msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
425  }
426  else
427  {
428  if (man->persist.special_state_msg)
429  {
430  msg(M_CLIENT, "%s", man->persist.special_state_msg);
431  }
432  else
433  {
434  msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
435  }
436  }
437  }
438  else
439  {
440  msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
441  }
442 }
443 
444 static void
445 man_status(struct management *man, const int version, struct status_output *so)
446 {
447  if (man->persist.callback.status)
448  {
449  (*man->persist.callback.status)(man->persist.callback.arg, version, so);
450  }
451  else
452  {
453  msg(M_CLIENT, "ERROR: The 'status' command is not supported by the current daemon mode");
454  }
455 }
456 
457 static void
458 man_bytecount(struct management *man, const int update_seconds)
459 {
460  if (update_seconds >= 0)
461  {
462  man->connection.bytecount_update_seconds = update_seconds;
463  }
464  else
465  {
467  }
468  msg(M_CLIENT, "SUCCESS: bytecount interval changed");
469 }
470 
471 void
472 man_bytecount_output_client(struct management *man)
473 {
474  char in[32];
475  char out[32];
476  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
477  openvpn_snprintf(in, sizeof(in), counter_format, man->persist.bytes_in);
478  openvpn_snprintf(out, sizeof(out), counter_format, man->persist.bytes_out);
479  msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
481 }
482 
483 #ifdef MANAGEMENT_DEF_AUTH
484 
485 void
486 man_bytecount_output_server(struct management *man,
487  const counter_type *bytes_in_total,
488  const counter_type *bytes_out_total,
489  struct man_def_auth_context *mdac)
490 {
491  char in[32];
492  char out[32];
493  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
494  openvpn_snprintf(in, sizeof(in), counter_format, *bytes_in_total);
495  openvpn_snprintf(out, sizeof(out), counter_format, *bytes_out_total);
496  msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
497  mdac->bytecount_last_update = now;
498 }
499 
500 #endif
501 
502 static void
503 man_kill(struct management *man, const char *victim)
504 {
505  struct gc_arena gc = gc_new();
506 
508  {
509  struct buffer buf;
510  char p1[128];
511  char p2[128];
512  int n_killed;
513 
514  buf_set_read(&buf, (uint8_t *) victim, strlen(victim) + 1);
515  buf_parse(&buf, ':', p1, sizeof(p1));
516  buf_parse(&buf, ':', p2, sizeof(p2));
517 
518  if (strlen(p1) && strlen(p2))
519  {
520  /* IP:port specified */
521  bool status;
522  const in_addr_t addr = getaddr(GETADDR_HOST_ORDER|GETADDR_MSG_VIRT_OUT, p1, 0, &status, NULL);
523  if (status)
524  {
525  const int port = atoi(p2);
526  if (port > 0 && port < 65536)
527  {
528  n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg, addr, port);
529  if (n_killed > 0)
530  {
531  msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%d killed",
532  n_killed,
533  print_in_addr_t(addr, 0, &gc),
534  port);
535  }
536  else
537  {
538  msg(M_CLIENT, "ERROR: client at address %s:%d not found",
539  print_in_addr_t(addr, 0, &gc),
540  port);
541  }
542  }
543  else
544  {
545  msg(M_CLIENT, "ERROR: port number is out of range: %s", p2);
546  }
547  }
548  else
549  {
550  msg(M_CLIENT, "ERROR: error parsing IP address: %s", p1);
551  }
552  }
553  else if (strlen(p1))
554  {
555  /* common name specified */
556  n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
557  if (n_killed > 0)
558  {
559  msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
560  }
561  else
562  {
563  msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
564  }
565  }
566  else
567  {
568  msg(M_CLIENT, "ERROR: kill parse");
569  }
570  }
571  else
572  {
573  msg(M_CLIENT, "ERROR: The 'kill' command is not supported by the current daemon mode");
574  }
575 
576  gc_free(&gc);
577 }
578 
579 /*
580  * General-purpose history command handler
581  * for the log and echo commands.
582  */
583 static void
584 man_history(struct management *man,
585  const char *parm,
586  const char *type,
587  struct log_history *log,
588  bool *realtime,
589  const unsigned int lep_flags)
590 {
591  struct gc_arena gc = gc_new();
592  int n = 0;
593 
594  if (streq(parm, "on"))
595  {
596  *realtime = true;
597  msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
598  }
599  else if (streq(parm, "off"))
600  {
601  *realtime = false;
602  msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
603  }
604  else if (streq(parm, "all") || (n = atoi(parm)) > 0)
605  {
606  const int size = log_history_size(log);
607  const int start = (n ? n : size) - 1;
608  int i;
609 
610  for (i = start; i >= 0; --i)
611  {
612  const struct log_entry *e = log_history_ref(log, i);
613  if (e)
614  {
615  const char *out = log_entry_print(e, lep_flags, &gc);
617  }
618  }
619  msg(M_CLIENT, "END");
620  }
621  else
622  {
623  msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
624  }
625 
626  gc_free(&gc);
627 }
628 
629 static void
630 man_log(struct management *man, const char *parm)
631 {
632  man_history(man,
633  parm,
634  "log",
635  man->persist.log,
636  &man->connection.log_realtime,
638 }
639 
640 static void
641 man_echo(struct management *man, const char *parm)
642 {
643  man_history(man,
644  parm,
645  "echo",
646  man->persist.echo,
649 }
650 
651 static void
652 man_state(struct management *man, const char *parm)
653 {
654  man_history(man,
655  parm,
656  "state",
657  man->persist.state,
661 }
662 
663 static void
664 man_up_finalize(struct management *man)
665 {
666  switch (man->connection.up_query_mode)
667  {
668  case UP_QUERY_USER_PASS:
669  if (!strlen(man->connection.up_query.username))
670  {
671  break;
672  }
673 
674  /* fall through */
675  case UP_QUERY_PASS:
676  case UP_QUERY_NEED_OK:
677  case UP_QUERY_NEED_STR:
678  if (strlen(man->connection.up_query.password))
679  {
680  man->connection.up_query.defined = true;
681  }
682  break;
683 
684  case UP_QUERY_DISABLED:
685  man->connection.up_query.defined = false;
686  break;
687 
688  default:
689  ASSERT(0);
690  }
691 }
692 
693 static void
694 man_query_user_pass(struct management *man,
695  const char *type,
696  const char *string,
697  const bool needed,
698  const char *prompt,
699  char *dest,
700  int len)
701 {
702  if (needed)
703  {
705  if (streq(man->connection.up_query_type, type))
706  {
707  strncpynt(dest, string, len);
708  man_up_finalize(man);
709  msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified",
710  type,
711  prompt);
712  }
713  else
714  {
715  msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'",
716  prompt,
717  type,
719  }
720  }
721  else
722  {
723  msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
724  }
725 }
726 
727 static void
728 man_query_username(struct management *man, const char *type, const char *string)
729 {
730  const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS
731  ) && man->connection.up_query_type);
732  man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username, USER_PASS_LEN);
733 }
734 
735 static void
736 man_query_password(struct management *man, const char *type, const char *string)
737 {
738  const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
740  ) && man->connection.up_query_type);
741  if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
742  {
743  string = blank_up;
744  }
745  man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN);
746 }
747 
748 static void
749 man_query_need_ok(struct management *man, const char *type, const char *action)
750 {
751  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
752  man_query_user_pass(man, type, action, needed, "needok-confirmation", man->connection.up_query.password, USER_PASS_LEN);
753 }
754 
755 static void
756 man_query_need_str(struct management *man, const char *type, const char *action)
757 {
758  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
759  man_query_user_pass(man, type, action, needed, "needstr-string", man->connection.up_query.password, USER_PASS_LEN);
760 }
761 
762 static void
763 man_forget_passwords(struct management *man)
764 {
765  ssl_purge_auth(false);
766  msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
767 }
768 
769 static void
770 man_net(struct management *man)
771 {
772  if (man->persist.callback.show_net)
773  {
775  }
776  else
777  {
778  msg(M_CLIENT, "ERROR: The 'net' command is not supported by the current daemon mode");
779  }
780 }
781 
782 #ifdef ENABLE_PKCS11
783 
784 static void
785 man_pkcs11_id_count(struct management *man)
786 {
787  msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
788 }
789 
790 static void
791 man_pkcs11_id_get(struct management *man, const int index)
792 {
793  char *id = NULL;
794  char *base64 = NULL;
795 
796  if (pkcs11_management_id_get(index, &id, &base64))
797  {
798  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
799  }
800  else
801  {
802  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
803  }
804 
805  if (id != NULL)
806  {
807  free(id);
808  }
809  if (base64 != NULL)
810  {
811  free(base64);
812  }
813 }
814 
815 #endif /* ifdef ENABLE_PKCS11 */
816 
817 static void
818 man_hold(struct management *man, const char *cmd)
819 {
820  if (cmd)
821  {
822  if (streq(cmd, "on"))
823  {
824  man->settings.flags |= MF_HOLD;
825  msg(M_CLIENT, "SUCCESS: hold flag set to ON");
826  }
827  else if (streq(cmd, "off"))
828  {
829  man->settings.flags &= ~MF_HOLD;
830  msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
831  }
832  else if (streq(cmd, "release"))
833  {
834  man->persist.hold_release = true;
835  msg(M_CLIENT, "SUCCESS: hold release succeeded");
836  }
837  else
838  {
839  msg(M_CLIENT, "ERROR: bad hold command parameter");
840  }
841  }
842  else
843  {
844  msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
845  }
846 }
847 
848 #define IER_RESET 0
849 #define IER_NEW 1
850 
851 static void
852 in_extra_reset(struct man_connection *mc, const int mode)
853 {
854  if (mc)
855  {
856  if (mode != IER_NEW)
857  {
858  mc->in_extra_cmd = IEC_UNDEF;
859 #ifdef MANAGEMENT_DEF_AUTH
860  mc->in_extra_cid = 0;
861  mc->in_extra_kid = 0;
862 #endif
863  }
864  if (mc->in_extra)
865  {
867  mc->in_extra = NULL;
868  }
869  if (mode == IER_NEW)
870  {
871  mc->in_extra = buffer_list_new(0);
872  }
873  }
874 }
875 
876 static void
877 in_extra_dispatch(struct management *man)
878 {
879  switch (man->connection.in_extra_cmd)
880  {
881 #ifdef MANAGEMENT_DEF_AUTH
882  case IEC_CLIENT_AUTH:
883  if (man->persist.callback.client_auth)
884  {
885  const bool status = (*man->persist.callback.client_auth)
886  (man->persist.callback.arg,
887  man->connection.in_extra_cid,
888  man->connection.in_extra_kid,
889  true,
890  NULL,
891  NULL,
892  man->connection.in_extra);
893  man->connection.in_extra = NULL;
894  if (status)
895  {
896  msg(M_CLIENT, "SUCCESS: client-auth command succeeded");
897  }
898  else
899  {
900  msg(M_CLIENT, "ERROR: client-auth command failed");
901  }
902  }
903  else
904  {
905  msg(M_CLIENT, "ERROR: The client-auth command is not supported by the current daemon mode");
906  }
907  break;
908 
909 #endif /* ifdef MANAGEMENT_DEF_AUTH */
910 #ifdef MANAGEMENT_PF
911  case IEC_CLIENT_PF:
912  if (man->persist.callback.client_pf)
913  {
914  const bool status = (*man->persist.callback.client_pf)
915  (man->persist.callback.arg,
916  man->connection.in_extra_cid,
917  man->connection.in_extra);
918  man->connection.in_extra = NULL;
919  if (status)
920  {
921  msg(M_CLIENT, "SUCCESS: client-pf command succeeded");
922  }
923  else
924  {
925  msg(M_CLIENT, "ERROR: client-pf command failed");
926  }
927  }
928  else
929  {
930  msg(M_CLIENT, "ERROR: The client-pf command is not supported by the current daemon mode");
931  }
932  break;
933 
934 #endif /* ifdef MANAGEMENT_PF */
935  case IEC_PK_SIGN:
939  man->connection.in_extra = NULL;
940  return;
941 
942  case IEC_CERTIFICATE:
946  man->connection.in_extra = NULL;
947  return;
948  }
950 }
951 
952 #ifdef MANAGEMENT_DEF_AUTH
953 
954 static bool
955 parse_cid(const char *str, unsigned long *cid)
956 {
957  if (sscanf(str, "%lu", cid) == 1)
958  {
959  return true;
960  }
961  else
962  {
963  msg(M_CLIENT, "ERROR: cannot parse CID");
964  return false;
965  }
966 }
967 
968 static bool
969 parse_kid(const char *str, unsigned int *kid)
970 {
971  if (sscanf(str, "%u", kid) == 1)
972  {
973  return true;
974  }
975  else
976  {
977  msg(M_CLIENT, "ERROR: cannot parse KID");
978  return false;
979  }
980 }
981 
982 static void
983 man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
984 {
985  struct man_connection *mc = &man->connection;
986  mc->in_extra_cid = 0;
987  mc->in_extra_kid = 0;
988  if (parse_cid(cid_str, &mc->in_extra_cid)
989  && parse_kid(kid_str, &mc->in_extra_kid))
990  {
992  in_extra_reset(mc, IER_NEW);
993  if (!extra)
994  {
995  in_extra_dispatch(man);
996  }
997  }
998 }
999 
1000 static void
1001 man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
1002 {
1003  unsigned long cid = 0;
1004  unsigned int kid = 0;
1005  if (parse_cid(cid_str, &cid) && parse_kid(kid_str, &kid))
1006  {
1007  if (man->persist.callback.client_auth)
1008  {
1009  const bool status = (*man->persist.callback.client_auth)
1010  (man->persist.callback.arg,
1011  cid,
1012  kid,
1013  false,
1014  reason,
1015  client_reason,
1016  NULL);
1017  if (status)
1018  {
1019  msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1020  }
1021  else
1022  {
1023  msg(M_CLIENT, "ERROR: client-deny command failed");
1024  }
1025  }
1026  else
1027  {
1028  msg(M_CLIENT, "ERROR: The client-deny command is not supported by the current daemon mode");
1029  }
1030  }
1031 }
1032 
1033 static void
1034 man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1035 {
1036  unsigned long cid = 0;
1037  if (parse_cid(cid_str, &cid))
1038  {
1039  if (man->persist.callback.kill_by_cid)
1040  {
1041  const bool status = (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1042  if (status)
1043  {
1044  msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1045  }
1046  else
1047  {
1048  msg(M_CLIENT, "ERROR: client-kill command failed");
1049  }
1050  }
1051  else
1052  {
1053  msg(M_CLIENT, "ERROR: The client-kill command is not supported by the current daemon mode");
1054  }
1055  }
1056 }
1057 
1058 static void
1059 man_client_n_clients(struct management *man)
1060 {
1061  if (man->persist.callback.n_clients)
1062  {
1063  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1064  msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1065  }
1066  else
1067  {
1068  msg(M_CLIENT, "ERROR: The nclients command is not supported by the current daemon mode");
1069  }
1070 }
1071 
1072 static void
1073 man_env_filter(struct management *man, const int level)
1074 {
1075  man->connection.env_filter_level = level;
1076  msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1077 }
1078 
1079 #ifdef MANAGEMENT_PF
1080 
1081 static void
1082 man_client_pf(struct management *man, const char *cid_str)
1083 {
1084  struct man_connection *mc = &man->connection;
1085  mc->in_extra_cid = 0;
1086  mc->in_extra_kid = 0;
1087  if (parse_cid(cid_str, &mc->in_extra_cid))
1088  {
1090  in_extra_reset(mc, IER_NEW);
1091  }
1092 }
1093 
1094 #endif /* MANAGEMENT_PF */
1095 #endif /* MANAGEMENT_DEF_AUTH */
1096 
1097 static void
1098 man_pk_sig(struct management *man, const char *cmd_name)
1099 {
1100  struct man_connection *mc = &man->connection;
1101  if (mc->ext_key_state == EKS_SOLICIT)
1102  {
1103  mc->ext_key_state = EKS_INPUT;
1104  mc->in_extra_cmd = IEC_PK_SIGN;
1105  in_extra_reset(mc, IER_NEW);
1106  }
1107  else
1108  {
1109  msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1110  }
1111 }
1112 
1113 static void
1114 man_certificate(struct management *man)
1115 {
1116  struct man_connection *mc = &man->connection;
1117  if (mc->ext_cert_state == EKS_SOLICIT)
1118  {
1119  mc->ext_cert_state = EKS_INPUT;
1121  in_extra_reset(mc, IER_NEW);
1122  }
1123  else
1124  {
1125  msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1126  }
1127 }
1128 
1129 static void
1130 man_load_stats(struct management *man)
1131 {
1134  int nclients = 0;
1135 
1136  if (man->persist.callback.n_clients)
1137  {
1138  nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1139  }
1140  msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1141  nclients,
1142  link_read_bytes_global,
1143  link_write_bytes_global);
1144 }
1145 
1146 #define MN_AT_LEAST (1<<0)
1147 
1148 static bool
1149 man_need(struct management *man, const char **p, const int n, unsigned int flags)
1150 {
1151  int i;
1152  ASSERT(p[0]);
1153  for (i = 1; i <= n; ++i)
1154  {
1155  if (!p[i])
1156  {
1157  msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s",
1158  p[0],
1159  (flags & MN_AT_LEAST) ? "at least " : "",
1160  n,
1161  n > 1 ? "s" : "");
1162  return false;
1163  }
1164  }
1165  return true;
1166 }
1167 
1168 static void
1169 man_proxy(struct management *man, const char **p)
1170 {
1171  if (man->persist.callback.proxy_cmd)
1172  {
1173  const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1174  if (status)
1175  {
1176  msg(M_CLIENT, "SUCCESS: proxy command succeeded");
1177  }
1178  else
1179  {
1180  msg(M_CLIENT, "ERROR: proxy command failed");
1181  }
1182  }
1183  else
1184  {
1185  msg(M_CLIENT, "ERROR: The proxy command is not supported by the current daemon mode");
1186  }
1187 }
1188 
1189 static void
1190 man_remote(struct management *man, const char **p)
1191 {
1192  if (man->persist.callback.remote_cmd)
1193  {
1194  const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1195  if (status)
1196  {
1197  msg(M_CLIENT, "SUCCESS: remote command succeeded");
1198  }
1199  else
1200  {
1201  msg(M_CLIENT, "ERROR: remote command failed");
1202  }
1203  }
1204  else
1205  {
1206  msg(M_CLIENT, "ERROR: The remote command is not supported by the current daemon mode");
1207  }
1208 }
1209 
1210 #ifdef TARGET_ANDROID
1211 static void
1212 man_network_change(struct management *man, bool samenetwork)
1213 {
1214  /* Called to signal the OpenVPN that the network configuration has changed and
1215  * the client should either float or reconnect.
1216  *
1217  * The code is currently only used by ics-openvpn
1218  */
1219  if (man->persist.callback.network_change)
1220  {
1221  int fd = (*man->persist.callback.network_change)
1222  (man->persist.callback.arg, samenetwork);
1223  man->connection.fdtosend = fd;
1224  msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1225  if (fd == -2)
1226  {
1227  man_signal(man, "SIGUSR1");
1228  }
1229  }
1230 }
1231 #endif
1232 
1233 static void
1234 set_client_version(struct management *man, const char *version)
1235 {
1236  if (version)
1237  {
1238  man->connection.client_version = atoi(version);
1239  }
1240 }
1241 
1242 static void
1243 man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
1244 {
1245  struct gc_arena gc = gc_new();
1246 
1247  ASSERT(p[0]);
1248  if (streq(p[0], "exit") || streq(p[0], "quit"))
1249  {
1250  man->connection.halt = true;
1251  goto done;
1252  }
1253  else if (streq(p[0], "help"))
1254  {
1255  man_help();
1256  }
1257  else if (streq(p[0], "version") && p[1])
1258  {
1259  set_client_version(man, p[1]);
1260  }
1261  else if (streq(p[0], "version"))
1262  {
1263  msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1264  msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1265  msg(M_CLIENT, "END");
1266  }
1267  else if (streq(p[0], "pid"))
1268  {
1269  msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1270  }
1271 #ifdef MANAGEMENT_DEF_AUTH
1272  else if (streq(p[0], "nclients"))
1273  {
1274  man_client_n_clients(man);
1275  }
1276  else if (streq(p[0], "env-filter"))
1277  {
1278  int level = 0;
1279  if (p[1])
1280  {
1281  level = atoi(p[1]);
1282  }
1283  man_env_filter(man, level);
1284  }
1285 #endif
1286  else if (streq(p[0], "signal"))
1287  {
1288  if (man_need(man, p, 1, 0))
1289  {
1290  man_signal(man, p[1]);
1291  }
1292  }
1293 #ifdef TARGET_ANDROID
1294  else if (streq(p[0], "network-change"))
1295  {
1296  bool samenetwork = false;
1297  if (p[1] && streq(p[1], "samenetwork"))
1298  {
1299  samenetwork = true;
1300  }
1301 
1302  man_network_change(man, samenetwork);
1303  }
1304 #endif
1305  else if (streq(p[0], "load-stats"))
1306  {
1307  man_load_stats(man);
1308  }
1309  else if (streq(p[0], "status"))
1310  {
1311  int version = 0;
1312  if (p[1])
1313  {
1314  version = atoi(p[1]);
1315  }
1316  man_status(man, version, so);
1317  }
1318  else if (streq(p[0], "kill"))
1319  {
1320  if (man_need(man, p, 1, 0))
1321  {
1322  man_kill(man, p[1]);
1323  }
1324  }
1325  else if (streq(p[0], "verb"))
1326  {
1327  if (p[1])
1328  {
1329  const int level = atoi(p[1]);
1330  if (set_debug_level(level, 0))
1331  {
1332  msg(M_CLIENT, "SUCCESS: verb level changed");
1333  }
1334  else
1335  {
1336  msg(M_CLIENT, "ERROR: verb level is out of range");
1337  }
1338  }
1339  else
1340  {
1341  msg(M_CLIENT, "SUCCESS: verb=%d", get_debug_level());
1342  }
1343  }
1344  else if (streq(p[0], "mute"))
1345  {
1346  if (p[1])
1347  {
1348  const int level = atoi(p[1]);
1349  if (set_mute_cutoff(level))
1350  {
1351  msg(M_CLIENT, "SUCCESS: mute level changed");
1352  }
1353  else
1354  {
1355  msg(M_CLIENT, "ERROR: mute level is out of range");
1356  }
1357  }
1358  else
1359  {
1360  msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1361  }
1362  }
1363  else if (streq(p[0], "auth-retry"))
1364  {
1365 #if P2MP
1366  if (p[1])
1367  {
1368  if (auth_retry_set(M_CLIENT, p[1]))
1369  {
1370  msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1371  }
1372  else
1373  {
1374  msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1375  }
1376  }
1377  else
1378  {
1379  msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1380  }
1381 #else /* if P2MP */
1382  msg(M_CLIENT, "ERROR: auth-retry feature is unavailable");
1383 #endif
1384  }
1385  else if (streq(p[0], "state"))
1386  {
1387  if (!p[1])
1388  {
1389  man_state(man, "1");
1390  }
1391  else
1392  {
1393  if (p[1])
1394  {
1395  man_state(man, p[1]);
1396  }
1397  if (p[2])
1398  {
1399  man_state(man, p[2]);
1400  }
1401  }
1402  }
1403  else if (streq(p[0], "log"))
1404  {
1405  if (man_need(man, p, 1, MN_AT_LEAST))
1406  {
1407  if (p[1])
1408  {
1409  man_log(man, p[1]);
1410  }
1411  if (p[2])
1412  {
1413  man_log(man, p[2]);
1414  }
1415  }
1416  }
1417  else if (streq(p[0], "echo"))
1418  {
1419  if (man_need(man, p, 1, MN_AT_LEAST))
1420  {
1421  if (p[1])
1422  {
1423  man_echo(man, p[1]);
1424  }
1425  if (p[2])
1426  {
1427  man_echo(man, p[2]);
1428  }
1429  }
1430  }
1431  else if (streq(p[0], "username"))
1432  {
1433  if (man_need(man, p, 2, 0))
1434  {
1435  man_query_username(man, p[1], p[2]);
1436  }
1437  }
1438  else if (streq(p[0], "password"))
1439  {
1440  if (man_need(man, p, 2, 0))
1441  {
1442  man_query_password(man, p[1], p[2]);
1443  }
1444  }
1445  else if (streq(p[0], "forget-passwords"))
1446  {
1447  man_forget_passwords(man);
1448  }
1449  else if (streq(p[0], "needok"))
1450  {
1451  if (man_need(man, p, 2, 0))
1452  {
1453  man_query_need_ok(man, p[1], p[2]);
1454  }
1455  }
1456  else if (streq(p[0], "needstr"))
1457  {
1458  if (man_need(man, p, 2, 0))
1459  {
1460  man_query_need_str(man, p[1], p[2]);
1461  }
1462  }
1463  else if (streq(p[0], "net"))
1464  {
1465  man_net(man);
1466  }
1467  else if (streq(p[0], "hold"))
1468  {
1469  man_hold(man, p[1]);
1470  }
1471  else if (streq(p[0], "bytecount"))
1472  {
1473  if (man_need(man, p, 1, 0))
1474  {
1475  man_bytecount(man, atoi(p[1]));
1476  }
1477  }
1478 #ifdef MANAGEMENT_DEF_AUTH
1479  else if (streq(p[0], "client-kill"))
1480  {
1481  if (man_need(man, p, 1, MN_AT_LEAST))
1482  {
1483  man_client_kill(man, p[1], p[2]);
1484  }
1485  }
1486  else if (streq(p[0], "client-deny"))
1487  {
1488  if (man_need(man, p, 3, MN_AT_LEAST))
1489  {
1490  man_client_deny(man, p[1], p[2], p[3], p[4]);
1491  }
1492  }
1493  else if (streq(p[0], "client-auth-nt"))
1494  {
1495  if (man_need(man, p, 2, 0))
1496  {
1497  man_client_auth(man, p[1], p[2], false);
1498  }
1499  }
1500  else if (streq(p[0], "client-auth"))
1501  {
1502  if (man_need(man, p, 2, 0))
1503  {
1504  man_client_auth(man, p[1], p[2], true);
1505  }
1506  }
1507 #ifdef MANAGEMENT_PF
1508  else if (streq(p[0], "client-pf"))
1509  {
1510  if (man_need(man, p, 1, 0))
1511  {
1512  man_client_pf(man, p[1]);
1513  }
1514  }
1515 #endif
1516 #endif /* ifdef MANAGEMENT_DEF_AUTH */
1517  else if (streq(p[0], "rsa-sig"))
1518  {
1519  man_pk_sig(man, "rsa-sig");
1520  }
1521  else if (streq(p[0], "pk-sig"))
1522  {
1523  man_pk_sig(man, "pk-sig");
1524  }
1525  else if (streq(p[0], "certificate"))
1526  {
1527  man_certificate(man);
1528  }
1529 #ifdef ENABLE_PKCS11
1530  else if (streq(p[0], "pkcs11-id-count"))
1531  {
1532  man_pkcs11_id_count(man);
1533  }
1534  else if (streq(p[0], "pkcs11-id-get"))
1535  {
1536  if (man_need(man, p, 1, 0))
1537  {
1538  man_pkcs11_id_get(man, atoi(p[1]));
1539  }
1540  }
1541 #endif
1542  else if (streq(p[0], "proxy"))
1543  {
1544  if (man_need(man, p, 1, MN_AT_LEAST))
1545  {
1546  man_proxy(man, p);
1547  }
1548  }
1549  else if (streq(p[0], "remote"))
1550  {
1551  if (man_need(man, p, 1, MN_AT_LEAST))
1552  {
1553  man_remote(man, p);
1554  }
1555  }
1556 #if 1
1557  else if (streq(p[0], "test"))
1558  {
1559  if (man_need(man, p, 1, 0))
1560  {
1561  int i;
1562  const int n = atoi(p[1]);
1563  for (i = 0; i < n; ++i)
1564  {
1565  msg(M_CLIENT, "[%d] The purpose of this command is to generate large amounts of output.", i);
1566  }
1567  }
1568  }
1569 #endif
1570  else
1571  {
1572  msg(M_CLIENT, "ERROR: unknown command, enter 'help' for more options");
1573  }
1574 
1575 done:
1576  gc_free(&gc);
1577 }
1578 
1579 #ifdef _WIN32
1580 
1581 static void
1582 man_start_ne32(struct management *man)
1583 {
1584  switch (man->connection.state)
1585  {
1586  case MS_LISTEN:
1587  net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1588  break;
1589 
1590  case MS_CC_WAIT_READ:
1591  case MS_CC_WAIT_WRITE:
1592  net_event_win32_start(&man->connection.ne32, FD_READ|FD_WRITE|FD_CLOSE, man->connection.sd_cli);
1593  break;
1594 
1595  default:
1596  ASSERT(0);
1597  }
1598 }
1599 
1600 static void
1601 man_stop_ne32(struct management *man)
1602 {
1604 }
1605 
1606 #endif /* ifdef _WIN32 */
1607 
1608 static void
1609 man_record_peer_info(struct management *man)
1610 {
1611  struct gc_arena gc = gc_new();
1612  if (man->settings.write_peer_info_file)
1613  {
1614  bool success = false;
1615 #ifdef HAVE_GETSOCKNAME
1616  if (socket_defined(man->connection.sd_cli))
1617  {
1618  struct sockaddr_in addr;
1619  socklen_t addrlen = sizeof(addr);
1620  int status;
1621 
1622  CLEAR(addr);
1623  status = getsockname(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen);
1624  if (!status && addrlen == sizeof(addr))
1625  {
1626  const in_addr_t a = ntohl(addr.sin_addr.s_addr);
1627  const int p = ntohs(addr.sin_port);
1628  FILE *fp = platform_fopen(man->settings.write_peer_info_file, "w");
1629  if (fp)
1630  {
1631  fprintf(fp, "%s\n%d\n", print_in_addr_t(a, 0, &gc), p);
1632  if (!fclose(fp))
1633  {
1634  success = true;
1635  }
1636  }
1637  }
1638  }
1639 #endif /* ifdef HAVE_GETSOCKNAME */
1640  if (!success)
1641  {
1642  msg(D_MANAGEMENT, "MANAGEMENT: failed to write peer info to file %s",
1644  throw_signal_soft(SIGTERM, "management-connect-failed");
1645  }
1646  }
1647  gc_free(&gc);
1648 }
1649 
1650 static void
1651 man_connection_settings_reset(struct management *man)
1652 {
1653  man->connection.state_realtime = false;
1654  man->connection.log_realtime = false;
1655  man->connection.echo_realtime = false;
1657  man->connection.password_verified = false;
1658  man->connection.password_tries = 0;
1659  man->connection.halt = false;
1661 }
1662 
1663 static void
1664 man_new_connection_post(struct management *man, const char *description)
1665 {
1666  struct gc_arena gc = gc_new();
1667 
1669 
1671 
1672 #ifdef _WIN32
1673  man_start_ne32(man);
1674 #endif
1675 
1676 #if UNIX_SOCK_SUPPORT
1677  if (man->settings.flags & MF_UNIX_SOCK)
1678  {
1679  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1680  description,
1681  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1682  }
1683  else
1684 #endif
1685  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1686  description,
1687  print_sockaddr(man->settings.local->ai_addr, &gc));
1688 
1690 
1691  if (!man_password_needed(man))
1692  {
1693  man_welcome(man);
1694  }
1695  man_prompt(man);
1696  man_update_io_state(man);
1697 
1698  gc_free(&gc);
1699 }
1700 
1701 #if UNIX_SOCK_SUPPORT
1702 static bool
1703 man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1704 {
1705  if (socket_defined(sd) && (man->settings.client_uid != -1 || man->settings.client_gid != -1))
1706  {
1707  static const char err_prefix[] = "MANAGEMENT: unix domain socket client connection rejected --";
1708  int uid, gid;
1709  if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1710  {
1711  if (man->settings.client_uid != -1 && man->settings.client_uid != uid)
1712  {
1713  msg(D_MANAGEMENT, "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1714  err_prefix, uid, man->settings.client_uid);
1715  return false;
1716  }
1717  if (man->settings.client_gid != -1 && man->settings.client_gid != gid)
1718  {
1719  msg(D_MANAGEMENT, "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1720  err_prefix, gid, man->settings.client_gid);
1721  return false;
1722  }
1723  }
1724  else
1725  {
1726  msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1727  return false;
1728  }
1729  }
1730  return true;
1731 }
1732 #endif /* if UNIX_SOCK_SUPPORT */
1733 
1734 static void
1735 man_accept(struct management *man)
1736 {
1737  struct link_socket_actual act;
1738  CLEAR(act);
1739 
1740  /*
1741  * Accept the TCP or Unix domain socket client.
1742  */
1743 #if UNIX_SOCK_SUPPORT
1744  if (man->settings.flags & MF_UNIX_SOCK)
1745  {
1746  struct sockaddr_un remote;
1747  man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1748  if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1749  {
1750  sd_close(&man->connection.sd_cli);
1751  }
1752  }
1753  else
1754 #endif
1755  man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1756 
1757  if (socket_defined(man->connection.sd_cli))
1758  {
1759  man->connection.remote = act.dest;
1760 
1761  if (socket_defined(man->connection.sd_top))
1762  {
1763 #ifdef _WIN32
1764  man_stop_ne32(man);
1765 #endif
1766  }
1767 
1768  man_new_connection_post(man, "Client connected from");
1769  }
1770 }
1771 
1772 static void
1773 man_listen(struct management *man)
1774 {
1775  struct gc_arena gc = gc_new();
1776 
1777  /*
1778  * Initialize state
1779  */
1780  man->connection.state = MS_LISTEN;
1782 
1783  /*
1784  * Initialize listening socket
1785  */
1786  if (man->connection.sd_top == SOCKET_UNDEFINED)
1787  {
1788 #if UNIX_SOCK_SUPPORT
1789  if (man->settings.flags & MF_UNIX_SOCK)
1790  {
1792  man->connection.sd_top = create_socket_unix();
1793  socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1794  }
1795  else
1796 #endif
1797  {
1800  man->settings.local->ai_family, "MANAGEMENT", false);
1801  }
1802 
1803  /*
1804  * Listen for connection
1805  */
1806  if (listen(man->connection.sd_top, 1))
1807  {
1808  msg(M_ERR, "MANAGEMENT: listen() failed");
1809  }
1810 
1811  /*
1812  * Set misc socket properties
1813  */
1815 
1816 #if UNIX_SOCK_SUPPORT
1817  if (man->settings.flags & MF_UNIX_SOCK)
1818  {
1819  msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1820  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1821  }
1822  else
1823 #endif
1824  msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1825  print_sockaddr(man->settings.local->ai_addr, &gc));
1826  }
1827 
1828 #ifdef _WIN32
1829  man_start_ne32(man);
1830 #endif
1831 
1832  gc_free(&gc);
1833 }
1834 
1835 static void
1836 man_connect(struct management *man)
1837 {
1838  struct gc_arena gc = gc_new();
1839  int status;
1840  int signal_received = 0;
1841 
1842  /*
1843  * Initialize state
1844  */
1845  man->connection.state = MS_INITIAL;
1847 
1848 #if UNIX_SOCK_SUPPORT
1849  if (man->settings.flags & MF_UNIX_SOCK)
1850  {
1851  man->connection.sd_cli = create_socket_unix();
1852  status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
1853  if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1854  {
1855 #ifdef EPERM
1856  status = EPERM;
1857 #else
1858  status = 1;
1859 #endif
1860  sd_close(&man->connection.sd_cli);
1861  }
1862  }
1863  else
1864 #endif
1865  {
1867  status = openvpn_connect(man->connection.sd_cli,
1868  man->settings.local->ai_addr,
1869  5,
1870  &signal_received);
1871  }
1872 
1873  if (signal_received)
1874  {
1875  throw_signal(signal_received);
1876  goto done;
1877  }
1878 
1879  if (status)
1880  {
1881 #if UNIX_SOCK_SUPPORT
1882  if (man->settings.flags & MF_UNIX_SOCK)
1883  {
1885  "MANAGEMENT: connect to unix socket %s failed",
1886  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1887  }
1888  else
1889 #endif
1891  "MANAGEMENT: connect to %s failed",
1892  print_sockaddr(man->settings.local->ai_addr, &gc));
1893  throw_signal_soft(SIGTERM, "management-connect-failed");
1894  goto done;
1895  }
1896 
1897  man_record_peer_info(man);
1898  man_new_connection_post(man, "Connected to management server at");
1899 
1900 done:
1901  gc_free(&gc);
1902 }
1903 
1904 static void
1905 man_reset_client_socket(struct management *man, const bool exiting)
1906 {
1907  if (socket_defined(man->connection.sd_cli))
1908  {
1909 #ifdef _WIN32
1910  man_stop_ne32(man);
1911 #endif
1912  man_close_socket(man, man->connection.sd_cli);
1914  man->connection.state = MS_INITIAL;
1918  msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
1919  }
1920  if (!exiting)
1921  {
1922  if (man->settings.flags & MF_FORGET_DISCONNECT)
1923  {
1924  ssl_purge_auth(false);
1925  }
1926 
1927  if (man->settings.flags & MF_SIGNAL)
1928  {
1929  int mysig = man_mod_signal(man, SIGUSR1);
1930  if (mysig >= 0)
1931  {
1932  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
1933  throw_signal_soft(mysig, "management-disconnect");
1934  }
1935  }
1936 
1937  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1938  {
1939  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
1940  throw_signal_soft(SIGTERM, "management-exit");
1941  }
1942  else
1943  {
1944  man_listen(man);
1945  }
1946  }
1947 }
1948 
1949 static void
1950 man_process_command(struct management *man, const char *line)
1951 {
1952  struct gc_arena gc = gc_new();
1953  struct status_output *so;
1954  int nparms;
1955  char *parms[MAX_PARMS+1];
1956 
1957  CLEAR(parms);
1958  so = status_open(NULL, 0, -1, &man->persist.vout, 0);
1960 
1961  if (man_password_needed(man))
1962  {
1963  man_check_password(man, line);
1964  }
1965  else
1966  {
1967  nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
1968  if (parms[0] && streq(parms[0], "password"))
1969  {
1970  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
1971  }
1972  else if (!streq(line, "load-stats"))
1973  {
1974  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
1975  }
1976 
1977 #if 0
1978  /* DEBUGGING -- print args */
1979  {
1980  int i;
1981  for (i = 0; i < nparms; ++i)
1982  {
1983  msg(M_INFO, "[%d] '%s'", i, parms[i]);
1984  }
1985  }
1986 #endif
1987 
1988  if (nparms > 0)
1989  {
1990  man_dispatch_command(man, so, (const char **)parms, nparms);
1991  }
1992  }
1993 
1994  CLEAR(parms);
1995  status_close(so);
1996  gc_free(&gc);
1997 }
1998 
1999 static bool
2000 man_io_error(struct management *man, const char *prefix)
2001 {
2002  const int err = openvpn_errno();
2003 
2004  if (!ignore_sys_error(err))
2005  {
2006  struct gc_arena gc = gc_new();
2007  msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix,
2008  strerror(err));
2009  gc_free(&gc);
2010  return true;
2011  }
2012  else
2013  {
2014  return false;
2015  }
2016 }
2017 
2018 #ifdef TARGET_ANDROID
2019 static ssize_t
2020 man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2021 {
2022  struct msghdr msg;
2023  struct iovec iov[1];
2024 
2025  union {
2026  struct cmsghdr cm;
2027  char control[CMSG_SPACE(sizeof(int))];
2028  } control_un;
2029  struct cmsghdr *cmptr;
2030 
2031  msg.msg_control = control_un.control;
2032  msg.msg_controllen = sizeof(control_un.control);
2033 
2034  cmptr = CMSG_FIRSTHDR(&msg);
2035  cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2036  cmptr->cmsg_level = SOL_SOCKET;
2037  cmptr->cmsg_type = SCM_RIGHTS;
2038  *((int *) CMSG_DATA(cmptr)) = sendfd;
2039 
2040  msg.msg_name = NULL;
2041  msg.msg_namelen = 0;
2042 
2043  iov[0].iov_base = ptr;
2044  iov[0].iov_len = nbytes;
2045  msg.msg_iov = iov;
2046  msg.msg_iovlen = 1;
2047 
2048  return (sendmsg(fd, &msg, flags));
2049 }
2050 
2051 static ssize_t
2052 man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2053 {
2054  struct msghdr msghdr;
2055  struct iovec iov[1];
2056  ssize_t n;
2057 
2058  union {
2059  struct cmsghdr cm;
2060  char control[CMSG_SPACE(sizeof(int))];
2061  } control_un;
2062  struct cmsghdr *cmptr;
2063 
2064  msghdr.msg_control = control_un.control;
2065  msghdr.msg_controllen = sizeof(control_un.control);
2066 
2067  msghdr.msg_name = NULL;
2068  msghdr.msg_namelen = 0;
2069 
2070  iov[0].iov_base = ptr;
2071  iov[0].iov_len = nbytes;
2072  msghdr.msg_iov = iov;
2073  msghdr.msg_iovlen = 1;
2074 
2075  if ( (n = recvmsg(fd, &msghdr, flags)) <= 0)
2076  {
2077  return (n);
2078  }
2079 
2080  if ( (cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL
2081  && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2082  {
2083  if (cmptr->cmsg_level != SOL_SOCKET)
2084  {
2085  msg(M_ERR, "control level != SOL_SOCKET");
2086  }
2087  if (cmptr->cmsg_type != SCM_RIGHTS)
2088  {
2089  msg(M_ERR, "control type != SCM_RIGHTS");
2090  }
2091  *recvfd = *((int *) CMSG_DATA(cmptr));
2092  }
2093  else
2094  {
2095  *recvfd = -1; /* descriptor was not passed */
2096 
2097  }
2098  return (n);
2099 }
2100 
2101 /*
2102  * The android control method will instruct the GUI part of openvpn to do
2103  * the route/ifconfig/open tun command. See doc/android.txt for details.
2104  */
2105 bool
2106 management_android_control(struct management *man, const char *command, const char *msg)
2107 {
2108  struct user_pass up;
2109  CLEAR(up);
2110  strncpy(up.username, msg, sizeof(up.username)-1);
2111 
2112  management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK,(void *) 0);
2113  return strcmp("ok", up.password)==0;
2114 }
2115 
2116 /*
2117  * In Android 4.4 it is not possible to open a new tun device and then close the
2118  * old tun device without breaking the whole VPNService stack until the device
2119  * is rebooted. This management method ask the UI what method should be taken to
2120  * ensure the optimal solution for the situation
2121  */
2122 int
2123 managment_android_persisttun_action(struct management *man)
2124 {
2125  struct user_pass up;
2126  CLEAR(up);
2127  strcpy(up.username,"tunmethod");
2128  management_query_user_pass(management, &up, "PERSIST_TUN_ACTION",
2129  GET_USER_PASS_NEED_OK,(void *) 0);
2130  if (!strcmp("NOACTION", up.password))
2131  {
2132  return ANDROID_KEEP_OLD_TUN;
2133  }
2134  else if (!strcmp("OPEN_AFTER_CLOSE", up.password))
2135  {
2136  return ANDROID_OPEN_AFTER_CLOSE;
2137  }
2138  else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2139  {
2140  return ANDROID_OPEN_BEFORE_CLOSE;
2141  }
2142  else
2143  {
2144  msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query", up.password);
2145  }
2146 
2147  ASSERT(0);
2148  return ANDROID_OPEN_AFTER_CLOSE;
2149 }
2150 
2151 
2152 #endif /* ifdef TARGET_ANDROID */
2153 
2154 static int
2155 man_read(struct management *man)
2156 {
2157  /*
2158  * read command line from socket
2159  */
2160  unsigned char buf[256];
2161  int len = 0;
2162 
2163 #ifdef TARGET_ANDROID
2164  int fd;
2165  len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2166  if (fd >= 0)
2167  {
2168  man->connection.lastfdreceived = fd;
2169  }
2170 #else /* ifdef TARGET_ANDROID */
2171  len = recv(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL);
2172 #endif
2173 
2174  if (len == 0)
2175  {
2176  man_reset_client_socket(man, false);
2177  }
2178  else if (len > 0)
2179  {
2180  bool processed_command = false;
2181 
2182  ASSERT(len <= (int) sizeof(buf));
2183  command_line_add(man->connection.in, buf, len);
2184 
2185  /*
2186  * Reset output object
2187  */
2189 
2190  /*
2191  * process command line if complete
2192  */
2193  {
2194  const char *line;
2195  while ((line = command_line_get(man->connection.in)))
2196  {
2197  if (man->connection.in_extra)
2198  {
2199  if (!strcmp(line, "END"))
2200  {
2201  in_extra_dispatch(man);
2202  }
2203  else
2204  {
2205  buffer_list_push(man->connection.in_extra, line);
2206  }
2207  }
2208  else
2209  {
2210  man_process_command(man, (char *) line);
2211  }
2212  if (man->connection.halt)
2213  {
2214  break;
2215  }
2217  processed_command = true;
2218  }
2219  }
2220 
2221  /*
2222  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2223  */
2224  if (man->connection.halt)
2225  {
2226  man_reset_client_socket(man, false);
2227  len = 0;
2228  }
2229  else
2230  {
2231  if (processed_command)
2232  {
2233  man_prompt(man);
2234  }
2235  man_update_io_state(man);
2236  }
2237  }
2238  else /* len < 0 */
2239  {
2240  if (man_io_error(man, "recv"))
2241  {
2242  man_reset_client_socket(man, false);
2243  }
2244  }
2245  return len;
2246 }
2247 
2248 static int
2249 man_write(struct management *man)
2250 {
2251  const int size_hint = 1024;
2252  int sent = 0;
2253  const struct buffer *buf;
2254 
2255  buffer_list_aggregate(man->connection.out, size_hint);
2256  buf = buffer_list_peek(man->connection.out);
2257  if (buf && BLEN(buf))
2258  {
2259  const int len = min_int(size_hint, BLEN(buf));
2260 #ifdef TARGET_ANDROID
2261  if (man->connection.fdtosend > 0)
2262  {
2263  sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,man->connection.fdtosend);
2264  man->connection.fdtosend = -1;
2265  }
2266  else
2267 #endif
2268  sent = send(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL);
2269  if (sent >= 0)
2270  {
2271  buffer_list_advance(man->connection.out, sent);
2272  }
2273  else if (sent < 0)
2274  {
2275  if (man_io_error(man, "send"))
2276  {
2277  man_reset_client_socket(man, false);
2278  }
2279  }
2280  }
2281 
2282  /*
2283  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2284  */
2285  man_update_io_state(man);
2286 
2287  return sent;
2288 }
2289 
2290 static void
2292 {
2293  CLEAR(*mc);
2294 
2295  /* set initial state */
2296  mc->state = MS_INITIAL;
2297 
2298  /* clear socket descriptors */
2299  mc->sd_top = SOCKET_UNDEFINED;
2300  mc->sd_cli = SOCKET_UNDEFINED;
2301 }
2302 
2303 static void
2304 man_persist_init(struct management *man,
2305  const int log_history_cache,
2306  const int echo_buffer_size,
2307  const int state_buffer_size)
2308 {
2309  struct man_persist *mp = &man->persist;
2310  if (!mp->defined)
2311  {
2312  CLEAR(*mp);
2313 
2314  /* initialize log history store */
2315  mp->log = log_history_init(log_history_cache);
2316 
2317  /*
2318  * Initialize virtual output object, so that functions
2319  * which write to a virtual_output object can be redirected
2320  * here to the management object.
2321  */
2323  mp->vout.arg = man;
2324  mp->vout.flags_default = M_CLIENT;
2326 
2327  /*
2328  * Initialize --echo list
2329  */
2330  man->persist.echo = log_history_init(echo_buffer_size);
2331 
2332  /*
2333  * Initialize --state list
2334  */
2335  man->persist.state = log_history_init(state_buffer_size);
2336 
2337  mp->defined = true;
2338  }
2339 }
2340 
2341 static void
2343 {
2344  if (mp->log)
2345  {
2346  msg_set_virtual_output(NULL);
2347  log_history_close(mp->log);
2348  }
2349 
2350  if (mp->echo)
2351  {
2352  log_history_close(mp->echo);
2353  }
2354 
2355  if (mp->state)
2356  {
2357  log_history_close(mp->state);
2358  }
2359 
2360  CLEAR(*mp);
2361 }
2362 
2363 static void
2365  const char *addr,
2366  const char *port,
2367  const char *pass_file,
2368  const char *client_user,
2369  const char *client_group,
2370  const int log_history_cache,
2371  const int echo_buffer_size,
2372  const int state_buffer_size,
2373  const char *write_peer_info_file,
2374  const int remap_sigusr1,
2375  const unsigned int flags)
2376 {
2377  if (!ms->defined)
2378  {
2379  CLEAR(*ms);
2380 
2381  ms->flags = flags;
2382  ms->client_uid = -1;
2383  ms->client_gid = -1;
2384 
2385  /*
2386  * Get username/password
2387  */
2388  if (pass_file)
2389  {
2390  get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2391  }
2392 
2393  /*
2394  * lookup client UID/GID if specified
2395  */
2396  if (client_user)
2397  {
2398  struct platform_state_user s;
2399  platform_user_get(client_user, &s);
2401  msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->client_uid);
2402  ASSERT(ms->client_uid >= 0);
2403  }
2404  if (client_group)
2405  {
2406  struct platform_state_group s;
2407  platform_group_get(client_group, &s);
2409  msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->client_gid);
2410  ASSERT(ms->client_gid >= 0);
2411  }
2412 
2413  ms->write_peer_info_file = string_alloc(write_peer_info_file, NULL);
2414 
2415 #if UNIX_SOCK_SUPPORT
2416  if (ms->flags & MF_UNIX_SOCK)
2417  {
2418  sockaddr_unix_init(&ms->local_unix, addr);
2419  }
2420  else
2421 #endif
2422  {
2423 
2424  /*
2425  * Run management over tunnel, or
2426  * separate channel?
2427  */
2428  if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2429  {
2430  ms->management_over_tunnel = true;
2431  }
2432  else
2433  {
2434  int status;
2436 
2437  if (!(flags & MF_CONNECT_AS_CLIENT))
2438  {
2439  resolve_flags |= GETADDR_PASSIVE;
2440  }
2441 
2442  status = openvpn_getaddrinfo(resolve_flags, addr, port, 0,
2443  NULL, AF_UNSPEC, &ms->local);
2444  ASSERT(status==0);
2445  }
2446  }
2447 
2448  /*
2449  * Log history and echo buffer may need to be resized
2450  */
2451  ms->log_history_cache = log_history_cache;
2452  ms->echo_buffer_size = echo_buffer_size;
2453  ms->state_buffer_size = state_buffer_size;
2454 
2455  /*
2456  * Set remap sigusr1 flags
2457  */
2458  if (remap_sigusr1 == SIGHUP)
2459  {
2461  }
2462  else if (remap_sigusr1 == SIGTERM)
2463  {
2465  }
2466 
2467  ms->defined = true;
2468  }
2469 }
2470 
2471 static void
2473 {
2474  if (ms->local)
2475  {
2476  freeaddrinfo(ms->local);
2477  }
2479  CLEAR(*ms);
2480 }
2481 
2482 
2483 static void
2484 man_connection_init(struct management *man)
2485 {
2486  if (man->connection.state == MS_INITIAL)
2487  {
2488 #ifdef _WIN32
2489  /*
2490  * This object is a sort of TCP/IP helper
2491  * for Windows.
2492  */
2494 #endif
2495 
2496  /*
2497  * Allocate helper objects for command line input and
2498  * command output from/to the socket.
2499  */
2500  man->connection.in = command_line_new(1024);
2501  man->connection.out = buffer_list_new(0);
2502 
2503  /*
2504  * Initialize event set for standalone usage, when we are
2505  * running outside of the primary event loop.
2506  */
2507  {
2508  int maxevents = 1;
2509  man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2510  }
2511 
2512  man->connection.client_version = 1; /* default version */
2513 
2514  /*
2515  * Listen/connect socket
2516  */
2517  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2518  {
2519  man_connect(man);
2520  }
2521  else
2522  {
2523  man_listen(man);
2524  }
2525  }
2526 }
2527 
2528 static void
2529 man_connection_close(struct management *man)
2530 {
2531  struct man_connection *mc = &man->connection;
2532 
2533  if (mc->es)
2534  {
2535  event_free(mc->es);
2536  }
2537 #ifdef _WIN32
2539 #endif
2540  if (socket_defined(mc->sd_top))
2541  {
2542  man_close_socket(man, mc->sd_top);
2544  }
2545  if (socket_defined(mc->sd_cli))
2546  {
2547  man_close_socket(man, mc->sd_cli);
2548  }
2549  if (mc->in)
2550  {
2551  command_line_free(mc->in);
2552  }
2553  if (mc->out)
2554  {
2555  buffer_list_free(mc->out);
2556  }
2560 }
2561 
2562 struct management *
2564 {
2565  struct management *man;
2566  ALLOC_OBJ_CLEAR(man, struct management);
2567 
2568  man_persist_init(man,
2572 
2574 
2575  return man;
2576 }
2577 
2578 bool
2579 management_open(struct management *man,
2580  const char *addr,
2581  const char *port,
2582  const char *pass_file,
2583  const char *client_user,
2584  const char *client_group,
2585  const int log_history_cache,
2586  const int echo_buffer_size,
2587  const int state_buffer_size,
2588  const char *write_peer_info_file,
2589  const int remap_sigusr1,
2590  const unsigned int flags)
2591 {
2592  bool ret = false;
2593 
2594  /*
2595  * Save the settings only if they have not
2596  * been saved before.
2597  */
2599  addr,
2600  port,
2601  pass_file,
2602  client_user,
2603  client_group,
2604  log_history_cache,
2605  echo_buffer_size,
2606  state_buffer_size,
2607  write_peer_info_file,
2608  remap_sigusr1,
2609  flags);
2610 
2611  /*
2612  * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2613  * but may be changed here. Ditto for echo and state buffers.
2614  */
2618 
2619  /*
2620  * If connection object is uninitialized and we are not doing
2621  * over-the-tunnel management, then open (listening) connection.
2622  */
2623  if (man->connection.state == MS_INITIAL)
2624  {
2625  if (!man->settings.management_over_tunnel)
2626  {
2627  man_connection_init(man);
2628  ret = true;
2629  }
2630  }
2631 
2632  return ret;
2633 }
2634 
2635 void
2636 management_close(struct management *man)
2637 {
2638  man_output_list_push_finalize(man); /* flush output queue */
2639  man_connection_close(man);
2641  man_persist_close(&man->persist);
2642  free(man);
2643 }
2644 
2645 void
2646 management_set_callback(struct management *man,
2647  const struct management_callback *cb)
2648 {
2649  man->persist.standalone_disabled = true;
2650  man->persist.callback = *cb;
2651 }
2652 
2653 void
2654 management_clear_callback(struct management *man)
2655 {
2656  man->persist.standalone_disabled = false;
2657  man->persist.hold_release = false;
2658  CLEAR(man->persist.callback);
2659  man_output_list_push_finalize(man); /* flush output queue */
2660 }
2661 
2662 void
2663 management_set_state(struct management *man,
2664  const int state,
2665  const char *detail,
2666  const in_addr_t *tun_local_ip,
2667  const struct in6_addr *tun_local_ip6,
2668  const struct openvpn_sockaddr *local,
2669  const struct openvpn_sockaddr *remote)
2670 {
2671  if (man->persist.state && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2672  {
2673  struct gc_arena gc = gc_new();
2674  struct log_entry e;
2675  const char *out = NULL;
2676 
2677  update_time();
2678  CLEAR(e);
2679  e.timestamp = now;
2680  e.u.state = state;
2681  e.string = detail;
2682  if (tun_local_ip)
2683  {
2684  e.local_ip = *tun_local_ip;
2685  }
2686  if (tun_local_ip6)
2687  {
2688  e.local_ip6 = *tun_local_ip6;
2689  }
2690  if (local)
2691  {
2692  e.local_sock = *local;
2693  }
2694  if (remote)
2695  {
2696  e.remote_sock = *remote;
2697  }
2698 
2699  log_history_add(man->persist.state, &e);
2700 
2701  if (man->connection.state_realtime)
2702  {
2705  | LOG_PRINT_STATE
2708  | LOG_PRINT_CRLF
2709  | LOG_ECHO_TO_LOG, &gc);
2710  }
2711 
2712  if (out)
2713  {
2714  man_output_list_push(man, out);
2715  }
2716 
2717  gc_free(&gc);
2718  }
2719 }
2720 
2721 static bool
2722 env_filter_match(const char *env_str, const int env_filter_level)
2723 {
2724  static const char *env_names[] = {
2725  "username=",
2726  "password=",
2727  "X509_0_CN=",
2728  "tls_serial_",
2729  "untrusted_ip=",
2730  "ifconfig_local=",
2731  "ifconfig_netmask=",
2732  "daemon_start_time=",
2733  "daemon_pid=",
2734  "dev=",
2735  "ifconfig_pool_remote_ip=",
2736  "ifconfig_pool_netmask=",
2737  "time_duration=",
2738  "bytes_sent=",
2739  "bytes_received="
2740  };
2741 
2742  if (env_filter_level == 0)
2743  {
2744  return true;
2745  }
2746  else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2747  {
2748  return true;
2749  }
2750  else if (env_filter_level <= 2)
2751  {
2752  size_t i;
2753  for (i = 0; i < SIZE(env_names); ++i)
2754  {
2755  const char *en = env_names[i];
2756  const size_t len = strlen(en);
2757  if (!strncmp(env_str, en, len))
2758  {
2759  return true;
2760  }
2761  }
2762  return false;
2763  }
2764  return false;
2765 }
2766 
2767 static void
2768 man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
2769 {
2770  if (es)
2771  {
2772  struct env_item *e;
2773  for (e = es->list; e != NULL; e = e->next)
2774  {
2775  if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2776  {
2777  msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2778  }
2779  }
2780  }
2781  if (tail)
2782  {
2783  msg(M_CLIENT, ">%s:ENV,END", prefix);
2784  }
2785 }
2786 
2787 static void
2788 man_output_extra_env(struct management *man, const char *prefix)
2789 {
2790  struct gc_arena gc = gc_new();
2791  struct env_set *es = env_set_create(&gc);
2792  if (man->persist.callback.n_clients)
2793  {
2794  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2795  setenv_int(es, "n_clients", nclients);
2796  }
2797  man_output_env(es, false, man->connection.env_filter_level, prefix);
2798  gc_free(&gc);
2799 }
2800 
2801 void
2802 management_up_down(struct management *man, const char *updown, const struct env_set *es)
2803 {
2804  if (man->settings.flags & MF_UP_DOWN)
2805  {
2806  msg(M_CLIENT, ">UPDOWN:%s", updown);
2807  man_output_env(es, true, 0, "UPDOWN");
2808  }
2809 }
2810 
2811 void
2812 management_notify(struct management *man, const char *severity, const char *type, const char *text)
2813 {
2814  msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2815 }
2816 
2817 void
2818 management_notify_generic(struct management *man, const char *str)
2819 {
2820  msg(M_CLIENT, "%s", str);
2821 }
2822 
2823 #ifdef MANAGEMENT_DEF_AUTH
2824 
2825 static void
2826 man_output_peer_info_env(struct management *man, struct man_def_auth_context *mdac)
2827 {
2828  char line[256];
2829  if (man->persist.callback.get_peer_info)
2830  {
2831  const char *peer_info = (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2832  if (peer_info)
2833  {
2834  struct buffer buf;
2835  buf_set_read(&buf, (const uint8_t *) peer_info, strlen(peer_info));
2836  while (buf_parse(&buf, '\n', line, sizeof(line)))
2837  {
2838  chomp(line);
2839  if (validate_peer_info_line(line))
2840  {
2841  msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2842  }
2843  else
2844  {
2845  msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2846  }
2847  }
2848  }
2849  }
2850 }
2851 
2852 void
2853 management_notify_client_needing_auth(struct management *management,
2854  const unsigned int mda_key_id,
2855  struct man_def_auth_context *mdac,
2856  const struct env_set *es)
2857 {
2858  if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2859  {
2860  const char *mode = "CONNECT";
2861  if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2862  {
2863  mode = "REAUTH";
2864  }
2865  msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2866  man_output_extra_env(management, "CLIENT");
2867  if (management->connection.env_filter_level>0)
2868  {
2869  man_output_peer_info_env(management, mdac);
2870  }
2871  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2872  mdac->flags |= DAF_INITIAL_AUTH;
2873  }
2874 }
2875 
2876 void
2877 management_connection_established(struct management *management,
2878  struct man_def_auth_context *mdac,
2879  const struct env_set *es)
2880 {
2881  mdac->flags |= DAF_CONNECTION_ESTABLISHED;
2882  msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
2883  man_output_extra_env(management, "CLIENT");
2884  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2885 }
2886 
2887 void
2888 management_notify_client_close(struct management *management,
2889  struct man_def_auth_context *mdac,
2890  const struct env_set *es)
2891 {
2892  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
2893  {
2894  msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
2895  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2896  mdac->flags |= DAF_CONNECTION_CLOSED;
2897  }
2898 }
2899 
2900 void
2901 management_learn_addr(struct management *management,
2902  struct man_def_auth_context *mdac,
2903  const struct mroute_addr *addr,
2904  const bool primary)
2905 {
2906  struct gc_arena gc = gc_new();
2907  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
2908  {
2909  msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d",
2910  mdac->cid,
2911  mroute_addr_print_ex(addr, MAPF_SUBNET, &gc),
2912  BOOL_CAST(primary));
2913  }
2914  gc_free(&gc);
2915 }
2916 
2917 #endif /* MANAGEMENT_DEF_AUTH */
2918 
2919 void
2920 management_echo(struct management *man, const char *string, const bool pull)
2921 {
2922  if (man->persist.echo)
2923  {
2924  struct gc_arena gc = gc_new();
2925  struct log_entry e;
2926  const char *out = NULL;
2927 
2928  update_time();
2929  CLEAR(e);
2930  e.timestamp = now;
2931  e.string = string;
2932  e.u.intval = BOOL_CAST(pull);
2933 
2934  log_history_add(man->persist.echo, &e);
2935 
2936  if (man->connection.echo_realtime)
2937  {
2939  }
2940 
2941  if (out)
2942  {
2943  man_output_list_push(man, out);
2944  }
2945 
2946  gc_free(&gc);
2947  }
2948 }
2949 
2950 void
2951 management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
2952 {
2953  /*
2954  * If we are running management over the tunnel,
2955  * this is the place to initialize the connection.
2956  */
2958  && man->connection.state == MS_INITIAL)
2959  {
2960  /* listen on our local TUN/TAP IP address */
2961  struct in_addr ia;
2962  int ret;
2963 
2964  ia.s_addr = htonl(tun_local_ip);
2965  ret = openvpn_getaddrinfo(GETADDR_PASSIVE, inet_ntoa(ia), NULL, 0, NULL,
2966  AF_INET, &man->settings.local);
2967  ASSERT(ret==0);
2968  man_connection_init(man);
2969  }
2970 
2971 }
2972 
2973 void
2974 management_pre_tunnel_close(struct management *man)
2975 {
2977  {
2978  man_connection_close(man);
2979  }
2980 }
2981 
2982 void
2983 management_auth_failure(struct management *man, const char *type, const char *reason)
2984 {
2985  if (reason)
2986  {
2987  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
2988  }
2989  else
2990  {
2991  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
2992  }
2993 }
2994 
2995 void
2996 management_auth_token(struct management *man, const char *token)
2997 {
2998  msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
2999 }
3000 
3001 static inline bool
3002 man_persist_state(unsigned int *persistent, const int n)
3003 {
3004  if (persistent)
3005  {
3006  if (*persistent == (unsigned int)n)
3007  {
3008  return false;
3009  }
3010  *persistent = n;
3011  }
3012  return true;
3013 }
3014 
3015 #ifdef _WIN32
3016 
3017 void
3018 management_socket_set(struct management *man,
3019  struct event_set *es,
3020  void *arg,
3021  unsigned int *persistent)
3022 {
3023  if (man->connection.state != MS_INITIAL)
3024  {
3027 
3028  switch (man->connection.state)
3029  {
3030  case MS_LISTEN:
3031  if (man_persist_state(persistent, 1))
3032  {
3033  event_ctl(es, ev, EVENT_READ, arg);
3034  }
3035  break;
3036 
3037  case MS_CC_WAIT_READ:
3038  if (man_persist_state(persistent, 2))
3039  {
3040  event_ctl(es, ev, EVENT_READ, arg);
3041  }
3042  break;
3043 
3044  case MS_CC_WAIT_WRITE:
3045  if (man_persist_state(persistent, 3))
3046  {
3047  event_ctl(es, ev, EVENT_READ|EVENT_WRITE, arg);
3048  }
3049  break;
3050 
3051  default:
3052  ASSERT(0);
3053  }
3054  }
3055 }
3056 
3057 void
3058 management_io(struct management *man)
3059 {
3060  if (man->connection.state != MS_INITIAL)
3061  {
3062  long net_events;
3064  net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3065 
3066  if (net_events & FD_CLOSE)
3067  {
3068  man_reset_client_socket(man, false);
3069  }
3070  else
3071  {
3072  if (man->connection.state == MS_LISTEN)
3073  {
3074  if (net_events & FD_ACCEPT)
3075  {
3076  man_accept(man);
3078  }
3079  }
3080  else if (man->connection.state == MS_CC_WAIT_READ || man->connection.state == MS_CC_WAIT_WRITE)
3081  {
3082  if (net_events & FD_READ)
3083  {
3084  while (man_read(man) > 0)
3085  {
3086  }
3088  }
3089 
3090  if (net_events & FD_WRITE)
3091  {
3092  int status;
3093  status = man_write(man);
3094  if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3095  {
3097  }
3098  }
3099  }
3100  }
3101  }
3102 }
3103 
3104 #else /* ifdef _WIN32 */
3105 
3106 void
3107 management_socket_set(struct management *man,
3108  struct event_set *es,
3109  void *arg,
3110  unsigned int *persistent)
3111 {
3112  switch (man->connection.state)
3113  {
3114  case MS_LISTEN:
3115  if (man_persist_state(persistent, 1))
3116  {
3117  event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3118  }
3119  break;
3120 
3121  case MS_CC_WAIT_READ:
3122  if (man_persist_state(persistent, 2))
3123  {
3124  event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3125  }
3126  break;
3127 
3128  case MS_CC_WAIT_WRITE:
3129  if (man_persist_state(persistent, 3))
3130  {
3131  event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3132  }
3133  break;
3134 
3135  case MS_INITIAL:
3136  break;
3137 
3138  default:
3139  ASSERT(0);
3140  }
3141 }
3142 
3143 void
3144 management_io(struct management *man)
3145 {
3146  switch (man->connection.state)
3147  {
3148  case MS_LISTEN:
3149  man_accept(man);
3150  break;
3151 
3152  case MS_CC_WAIT_READ:
3153  man_read(man);
3154  break;
3155 
3156  case MS_CC_WAIT_WRITE:
3157  man_write(man);
3158  break;
3159 
3160  case MS_INITIAL:
3161  break;
3162 
3163  default:
3164  ASSERT(0);
3165  }
3166 }
3167 
3168 #endif /* ifdef _WIN32 */
3169 
3170 static inline bool
3171 man_standalone_ok(const struct management *man)
3172 {
3173  return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3174 }
3175 
3176 static bool
3177 man_check_for_signals(volatile int *signal_received)
3178 {
3179  if (signal_received)
3180  {
3181  get_signal(signal_received);
3182  if (*signal_received)
3183  {
3184  return true;
3185  }
3186  }
3187  return false;
3188 }
3189 
3190 /*
3191  * Wait for socket I/O when outside primary event loop
3192  */
3193 static int
3194 man_block(struct management *man, volatile int *signal_received, const time_t expire)
3195 {
3196  struct timeval tv;
3197  struct event_set_return esr;
3198  int status = -1;
3199 
3200  if (man_standalone_ok(man))
3201  {
3202  while (true)
3203  {
3204  event_reset(man->connection.es);
3205  management_socket_set(man, man->connection.es, NULL, NULL);
3206  tv.tv_usec = 0;
3207  tv.tv_sec = 1;
3208  if (man_check_for_signals(signal_received))
3209  {
3210  status = -1;
3211  break;
3212  }
3213  status = event_wait(man->connection.es, &tv, &esr, 1);
3214  update_time();
3215  if (man_check_for_signals(signal_received))
3216  {
3217  status = -1;
3218  break;
3219  }
3220 
3221  if (status > 0)
3222  {
3223  break;
3224  }
3225  else if (expire && now >= expire)
3226  {
3227  /* set SIGINT signal if expiration time exceeded */
3228  status = 0;
3229  if (signal_received)
3230  {
3231  *signal_received = SIGINT;
3232  }
3233  break;
3234  }
3235  }
3236  }
3237  return status;
3238 }
3239 
3240 /*
3241  * Perform management socket output outside primary event loop
3242  */
3243 static void
3244 man_output_standalone(struct management *man, volatile int *signal_received)
3245 {
3246  if (man_standalone_ok(man))
3247  {
3248  while (man->connection.state == MS_CC_WAIT_WRITE)
3249  {
3250  management_io(man);
3251  if (man->connection.state == MS_CC_WAIT_WRITE)
3252  {
3253  man_block(man, signal_received, 0);
3254  }
3255  if (signal_received && *signal_received)
3256  {
3257  break;
3258  }
3259  }
3260  }
3261 }
3262 
3263 /*
3264  * Process management event loop outside primary event loop
3265  */
3266 static int
3267 man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
3268 {
3269  int status = -1;
3270  if (man_standalone_ok(man))
3271  {
3272  status = man_block(man, signal_received, expire);
3273  if (status > 0)
3274  {
3275  management_io(man);
3276  }
3277  }
3278  return status;
3279 }
3280 
3281 #define MWCC_PASSWORD_WAIT (1<<0)
3282 #define MWCC_HOLD_WAIT (1<<1)
3283 #define MWCC_OTHER_WAIT (1<<2)
3284 
3285 /*
3286  * Block until client connects
3287  */
3288 static void
3289 man_wait_for_client_connection(struct management *man,
3290  volatile int *signal_received,
3291  const time_t expire,
3292  unsigned int flags)
3293 {
3294  ASSERT(man_standalone_ok(man));
3295  if (man->connection.state == MS_LISTEN)
3296  {
3297  if (flags & MWCC_PASSWORD_WAIT)
3298  {
3299  msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3300  }
3301  if (flags & MWCC_HOLD_WAIT)
3302  {
3303  msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3304  }
3305  if (flags & MWCC_OTHER_WAIT)
3306  {
3307  msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3308  }
3309  do
3310  {
3311  man_standalone_event_loop(man, signal_received, expire);
3312  if (signal_received && *signal_received)
3313  {
3314  break;
3315  }
3316  } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3317  }
3318 }
3319 
3320 /*
3321  * Process the management event loop for sec seconds
3322  */
3323 void
3324 management_event_loop_n_seconds(struct management *man, int sec)
3325 {
3326  if (man_standalone_ok(man))
3327  {
3328  volatile int signal_received = 0;
3329  const bool standalone_disabled_save = man->persist.standalone_disabled;
3330  time_t expire = 0;
3331 
3332  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3333 
3334  /* set expire time */
3335  update_time();
3336  if (sec)
3337  {
3338  expire = now + sec;
3339  }
3340 
3341  /* if no client connection, wait for one */
3342  man_wait_for_client_connection(man, &signal_received, expire, 0);
3343  if (signal_received)
3344  {
3345  return;
3346  }
3347 
3348  /* run command processing event loop */
3349  do
3350  {
3351  man_standalone_event_loop(man, &signal_received, expire);
3352  if (!signal_received)
3353  {
3354  man_check_for_signals(&signal_received);
3355  }
3356  if (signal_received)
3357  {
3358  return;
3359  }
3360  update_time();
3361  } while (expire && expire > now);
3362 
3363  /* revert state */
3364  man->persist.standalone_disabled = standalone_disabled_save;
3365  }
3366  else
3367  {
3368  sleep(sec);
3369  }
3370 }
3371 
3372 /*
3373  * Get a username/password from management channel in standalone mode.
3374  */
3375 bool
3376 management_query_user_pass(struct management *man,
3377  struct user_pass *up,
3378  const char *type,
3379  const unsigned int flags,
3380  const char *static_challenge)
3381 {
3382  struct gc_arena gc = gc_new();
3383  bool ret = false;
3384 
3385  if (man_standalone_ok(man))
3386  {
3387  volatile int signal_received = 0;
3388  const bool standalone_disabled_save = man->persist.standalone_disabled;
3389  struct buffer alert_msg = alloc_buf_gc(128, &gc);
3390  const char *alert_type = NULL;
3391  const char *prefix = NULL;
3392  unsigned int up_query_mode = 0;
3393  const char *sc = NULL;
3394  ret = true;
3395  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3396  man->persist.special_state_msg = NULL;
3397 
3398  CLEAR(man->connection.up_query);
3399 
3400  if (flags & GET_USER_PASS_NEED_OK)
3401  {
3402  up_query_mode = UP_QUERY_NEED_OK;
3403  prefix = "NEED-OK";
3404  alert_type = "confirmation";
3405  }
3406  else if (flags & GET_USER_PASS_NEED_STR)
3407  {
3408  up_query_mode = UP_QUERY_NEED_STR;
3409  prefix = "NEED-STR";
3410  alert_type = "string";
3411  }
3412  else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3413  {
3414  up_query_mode = UP_QUERY_PASS;
3415  prefix = "PASSWORD";
3416  alert_type = "password";
3417  }
3418  else
3419  {
3420  up_query_mode = UP_QUERY_USER_PASS;
3421  prefix = "PASSWORD";
3422  alert_type = "username/password";
3423  if (static_challenge)
3424  {
3425  sc = static_challenge;
3426  }
3427  }
3428  buf_printf(&alert_msg, ">%s:Need '%s' %s",
3429  prefix,
3430  type,
3431  alert_type);
3432 
3433  if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3434  {
3435  buf_printf(&alert_msg, " MSG:%s", up->username);
3436  }
3437 
3438  if (sc)
3439  {
3440  buf_printf(&alert_msg, " SC:%d,%s",
3442  sc);
3443  }
3444 
3445  man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3446  if (signal_received)
3447  {
3448  ret = false;
3449  }
3450 
3451  if (ret)
3452  {
3453  man->persist.special_state_msg = BSTR(&alert_msg);
3454  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3455 
3456  /* tell command line parser which info we need */
3457  man->connection.up_query_mode = up_query_mode;
3458  man->connection.up_query_type = type;
3459 
3460  /* run command processing event loop until we get our username/password/response */
3461  do
3462  {
3463  man_standalone_event_loop(man, &signal_received, 0);
3464  if (!signal_received)
3465  {
3466  man_check_for_signals(&signal_received);
3467  }
3468  if (signal_received)
3469  {
3470  ret = false;
3471  break;
3472  }
3473  } while (!man->connection.up_query.defined);
3474  }
3475 
3476  /* revert state */
3478  man->connection.up_query_type = NULL;
3479  man->persist.standalone_disabled = standalone_disabled_save;
3480  man->persist.special_state_msg = NULL;
3481 
3482  /* pass through blank passwords */
3483  if (!strcmp(man->connection.up_query.password, blank_up))
3484  {
3486  }
3487 
3488  /*
3489  * Transfer u/p to return object, zero any record
3490  * we hold in the management object.
3491  */
3492  if (ret)
3493  {
3494  /* preserve caller's settings */
3495  man->connection.up_query.nocache = up->nocache;
3497  *up = man->connection.up_query;
3498  }
3499  secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3500  }
3501 
3502  gc_free(&gc);
3503  return ret;
3504 }
3505 
3506 static int
3507 management_query_multiline(struct management *man,
3508  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3509 {
3510  struct gc_arena gc = gc_new();
3511  int ret = 0;
3512  volatile int signal_received = 0;
3513  struct buffer alert_msg = clear_buf();
3514  const bool standalone_disabled_save = man->persist.standalone_disabled;
3515  struct man_connection *mc = &man->connection;
3516 
3517  if (man_standalone_ok(man))
3518  {
3519  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3520  man->persist.special_state_msg = NULL;
3521 
3522  *state = EKS_SOLICIT;
3523 
3524  if (b64_data)
3525  {
3526  alert_msg = alloc_buf_gc(strlen(b64_data)+strlen(prompt)+3, &gc);
3527  buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3528  }
3529  else
3530  {
3531  alert_msg = alloc_buf_gc(strlen(prompt)+3, &gc);
3532  buf_printf(&alert_msg, ">%s", prompt);
3533  }
3534 
3535  man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3536 
3537  if (signal_received)
3538  {
3539  goto done;
3540  }
3541 
3542  man->persist.special_state_msg = BSTR(&alert_msg);
3543  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3544 
3545  /* run command processing event loop until we get our signature */
3546  do
3547  {
3548  man_standalone_event_loop(man, &signal_received, 0);
3549  if (!signal_received)
3550  {
3551  man_check_for_signals(&signal_received);
3552  }
3553  if (signal_received)
3554  {
3555  goto done;
3556  }
3557  } while (*state != EKS_READY);
3558 
3559  ret = 1;
3560  }
3561 
3562 done:
3563  if (*state == EKS_READY && ret)
3564  {
3565  msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3566  }
3567  else if (*state == EKS_INPUT || *state == EKS_READY)
3568  {
3569  msg(M_CLIENT, "ERROR: %s command failed", cmd);
3570  }
3571 
3572  /* revert state */
3573  man->persist.standalone_disabled = standalone_disabled_save;
3574  man->persist.special_state_msg = NULL;
3576  *state = EKS_UNDEF;
3577 
3578  gc_free(&gc);
3579  return ret;
3580 }
3581 
3582 static char *
3583 /* returns allocated base64 signature */
3585  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3586 {
3587  int ok;
3588  char *result = NULL;
3589  struct buffer *buf;
3590 
3591  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3592  if (ok && buffer_list_defined(*input))
3593  {
3594  buffer_list_aggregate_separator(*input, 10000, "\n");
3595  buf = buffer_list_peek(*input);
3596  if (buf && BLEN(buf) > 0)
3597  {
3598  result = (char *) malloc(BLEN(buf)+1);
3599  check_malloc_return(result);
3600  memcpy(result, buf->data, BLEN(buf));
3601  result[BLEN(buf)] = '\0';
3602  }
3603  }
3604 
3605  buffer_list_free(*input);
3606  *input = NULL;
3607 
3608  return result;
3609 }
3610 
3611 static char *
3612 /* returns allocated base64 signature */
3613 management_query_multiline_flatten(struct management *man,
3614  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3615 {
3616  int ok;
3617  char *result = NULL;
3618  struct buffer *buf;
3619 
3620  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3621  if (ok && buffer_list_defined(*input))
3622  {
3623  buffer_list_aggregate(*input, 2048);
3624  buf = buffer_list_peek(*input);
3625  if (buf && BLEN(buf) > 0)
3626  {
3627  result = (char *) malloc(BLEN(buf)+1);
3628  check_malloc_return(result);
3629  memcpy(result, buf->data, BLEN(buf));
3630  result[BLEN(buf)] = '\0';
3631  }
3632  }
3633 
3634  buffer_list_free(*input);
3635  *input = NULL;
3636 
3637  return result;
3638 }
3639 
3640 char *
3641 /* returns allocated base64 signature */
3642 management_query_pk_sig(struct management *man,
3643  const char *b64_data)
3644 {
3645  const char *prompt = "PK_SIGN";
3646  const char *desc = "pk-sign";
3647  if (man->connection.client_version <= 1)
3648  {
3649  prompt = "RSA_SIGN";
3650  desc = "rsa-sign";
3651  }
3652  return management_query_multiline_flatten(man, b64_data, prompt, desc,
3654 }
3655 
3656 char *
3657 management_query_cert(struct management *man, const char *cert_name)
3658 {
3659  const char prompt_1[] = "NEED-CERTIFICATE:";
3660  struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3661  buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3662  buf_write(&buf_prompt, cert_name, strlen(cert_name)+1); /* +1 for \0 */
3663 
3664  char *result;
3665  result = management_query_multiline_flatten_newline(management,
3666  NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3668  free_buf(&buf_prompt);
3669  return result;
3670 }
3671 
3672 /*
3673  * Return true if management_hold() would block
3674  */
3675 bool
3676 management_would_hold(struct management *man)
3677 {
3678  return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3679 }
3680 
3681 /*
3682  * Return true if (from the management interface's perspective) OpenVPN should
3683  * daemonize.
3684  */
3685 bool
3686 management_should_daemonize(struct management *man)
3687 {
3688  return management_would_hold(man) || (man->settings.flags & MF_QUERY_PASSWORDS);
3689 }
3690 
3691 /*
3692  * If the hold flag is enabled, hibernate until a management client releases the hold.
3693  * Return true if the caller should not sleep for an additional time interval.
3694  */
3695 bool
3696 management_hold(struct management *man, int holdtime)
3697 {
3698  if (management_would_hold(man))
3699  {
3700  volatile int signal_received = 0;
3701  const bool standalone_disabled_save = man->persist.standalone_disabled;
3702  struct gc_arena gc = gc_new();
3703 
3704  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3705  man->persist.special_state_msg = NULL;
3707 
3708  man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3709 
3710  if (!signal_received)
3711  {
3712  struct buffer out = alloc_buf_gc(128, &gc);
3713  buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3714  man->persist.special_state_msg = BSTR(&out);
3715  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3716 
3717  /* run command processing event loop until we get our username/password */
3718  do
3719  {
3720  man_standalone_event_loop(man, &signal_received, 0);
3721  if (!signal_received)
3722  {
3723  man_check_for_signals(&signal_received);
3724  }
3725  if (signal_received)
3726  {
3727  break;
3728  }
3729  } while (!man->persist.hold_release);
3730  }
3731 
3732  /* revert state */
3733  man->persist.standalone_disabled = standalone_disabled_save;
3734  man->persist.special_state_msg = NULL;
3736 
3737  gc_free(&gc);
3738  return true;
3739  }
3740  return false;
3741 }
3742 
3743 /*
3744  * struct command_line
3745  */
3746 
3747 struct command_line *
3749 {
3750  struct command_line *cl;
3751  ALLOC_OBJ_CLEAR(cl, struct command_line);
3752  cl->buf = alloc_buf(buf_len);
3753  cl->residual = alloc_buf(buf_len);
3754  return cl;
3755 }
3756 
3757 void
3759 {
3760  buf_clear(&cl->buf);
3761  buf_clear(&cl->residual);
3762 }
3763 
3764 void
3766 {
3767  command_line_reset(cl);
3768  free_buf(&cl->buf);
3769  free_buf(&cl->residual);
3770  free(cl);
3771 }
3772 
3773 void
3774 command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
3775 {
3776  int i;
3777  for (i = 0; i < len; ++i)
3778  {
3779  if (buf[i] && char_class(buf[i], (CC_PRINT|CC_NEWLINE)))
3780  {
3781  if (!buf_write_u8(&cl->buf, buf[i]))
3782  {
3783  buf_clear(&cl->buf);
3784  }
3785  }
3786  }
3787 }
3788 
3789 const char *
3791 {
3792  int i;
3793  const char *ret = NULL;
3794 
3795  i = buf_substring_len(&cl->buf, '\n');
3796  if (i >= 0)
3797  {
3798  buf_copy_excess(&cl->residual, &cl->buf, i);
3799  buf_chomp(&cl->buf);
3800  ret = BSTR(&cl->buf);
3801  }
3802  return ret;
3803 }
3804 
3805 void
3807 {
3808  buf_clear(&cl->buf);
3809  buf_copy(&cl->buf, &cl->residual);
3810  buf_clear(&cl->residual);
3811 }
3812 
3813 /*
3814  * struct log_entry
3815  */
3816 
3817 const char *
3818 log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3819 {
3820  struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3821  if (flags & LOG_FATAL_NOTIFY)
3822  {
3823  buf_printf(&out, ">FATAL:");
3824  }
3825  if (flags & LOG_PRINT_LOG_PREFIX)
3826  {
3827  buf_printf(&out, ">LOG:");
3828  }
3829  if (flags & LOG_PRINT_ECHO_PREFIX)
3830  {
3831  buf_printf(&out, ">ECHO:");
3832  }
3833  if (flags & LOG_PRINT_STATE_PREFIX)
3834  {
3835  buf_printf(&out, ">STATE:");
3836  }
3837  if (flags & LOG_PRINT_INT_DATE)
3838  {
3839  buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3840  }
3841  if (flags & LOG_PRINT_MSG_FLAGS)
3842  {
3843  buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3844  }
3845  if (flags & LOG_PRINT_STATE)
3846  {
3847  buf_printf(&out, "%s,", man_state_name(e->u.state));
3848  }
3849  if (flags & LOG_PRINT_INTVAL)
3850  {
3851  buf_printf(&out, "%d,", e->u.intval);
3852  }
3853  if (e->string)
3854  {
3855  buf_printf(&out, "%s", e->string);
3856  }
3857  if (flags & LOG_PRINT_LOCAL_IP)
3858  {
3859  buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
3860  }
3861  if (flags & LOG_PRINT_REMOTE_IP)
3862  {
3863  buf_printf(&out, ",%s", (!addr_defined(&e->remote_sock) ? "," :
3865  buf_printf(&out, ",%s", (!addr_defined(&e->local_sock) ? "," :
3867  }
3868  if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
3869  {
3870  buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
3871  }
3872  if (flags & LOG_ECHO_TO_LOG)
3873  {
3874  msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
3875  }
3876  if (flags & LOG_PRINT_CRLF)
3877  {
3878  buf_printf(&out, "\r\n");
3879  }
3880  return BSTR(&out);
3881 }
3882 
3883 static void
3885 {
3886  if (e->string)
3887  {
3888  free((char *)e->string);
3889  }
3890  CLEAR(*e);
3891 }
3892 
3893 /*
3894  * struct log_history
3895  */
3896 
3897 static inline int
3898 log_index(const struct log_history *h, int i)
3899 {
3900  return modulo_add(h->base, i, h->capacity);
3901 }
3902 
3903 static void
3905 {
3906  CLEAR(*h);
3907  h->capacity = capacity;
3908  ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
3909 }
3910 
3911 struct log_history *
3913 {
3914  struct log_history *h;
3915  ASSERT(capacity > 0);
3916  ALLOC_OBJ(h, struct log_history);
3917  log_history_obj_init(h, capacity);
3918  return h;
3919 }
3920 
3921 static void
3923 {
3924  int i;
3925  for (i = 0; i < h->size; ++i)
3926  {
3928  }
3929  free(h->array);
3930 }
3931 
3932 void
3934 {
3936  free(h);
3937 }
3938 
3939 void
3940 log_history_add(struct log_history *h, const struct log_entry *le)
3941 {
3942  struct log_entry *e;
3943  ASSERT(h->size >= 0 && h->size <= h->capacity);
3944  if (h->size == h->capacity)
3945  {
3946  e = &h->array[h->base];
3948  h->base = log_index(h, 1);
3949  }
3950  else
3951  {
3952  e = &h->array[log_index(h, h->size)];
3953  ++h->size;
3954  }
3955 
3956  *e = *le;
3957  e->string = string_alloc(le->string, NULL);
3958 }
3959 
3960 void
3961 log_history_resize(struct log_history *h, const int capacity)
3962 {
3963  if (capacity != h->capacity)
3964  {
3965  struct log_history newlog;
3966  int i;
3967 
3968  ASSERT(capacity > 0);
3969  log_history_obj_init(&newlog, capacity);
3970 
3971  for (i = 0; i < h->size; ++i)
3972  {
3973  log_history_add(&newlog, &h->array[log_index(h, i)]);
3974  }
3975 
3977  *h = newlog;
3978  }
3979 }
3980 
3981 const struct log_entry *
3982 log_history_ref(const struct log_history *h, const int index)
3983 {
3984  if (index >= 0 && index < h->size)
3985  {
3986  return &h->array[log_index(h, (h->size - 1) - index)];
3987  }
3988  else
3989  {
3990  return NULL;
3991  }
3992 }
3993 
3994 void
3995 management_sleep(const int n)
3996 {
3997  if (management)
3998  {
3999  management_event_loop_n_seconds(management, n);
4000  }
4001  else
4002  {
4003  sleep(n);
4004  }
4005 }
4006 
4007 #else /* ifdef ENABLE_MANAGEMENT */
4008 
4009 void
4010 management_sleep(const int n)
4011 {
4012  sleep(n);
4013 }
4014 
4015 #endif /* ENABLE_MANAGEMENT */
#define EKS_INPUT
Definition: manage.h:292
char * management_query_cert(struct management *man, const char *cert_name)
Definition: manage.c:3657
unsigned int platform_getpid(void)
Definition: platform.c:178
static bool buf_write_u8(struct buffer *dest, int data)
Definition: buffer.h:696
#define UP_QUERY_DISABLED
Definition: manage.h:248
static const char * man_state_name(const int state)
Definition: manage.c:131
void management_close(struct management *man)
Definition: manage.c:2636
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:494
void command_line_reset(struct command_line *cl)
Definition: manage.c:3758
union log_entry_union u
Definition: manage.h:97
static void man_status(struct management *man, const int version, struct status_output *so)
Definition: manage.c:445
void(* delete_event)(void *arg, event_t event)
Definition: manage.h:165
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition: manage.h:38
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
struct env_set * env_set_create(struct gc_arena *gc)
Definition: env_set.c:158
#define MSG_NOSIGNAL
Definition: socket.h:256
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition: platform.c:108
const char * string
Definition: manage.h:92
int client_uid
Definition: manage.h:237
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition: manage.c:694
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:436
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
#define ALLOC_OBJ(dptr, type)
Definition: buffer.h:1021
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition: buffer.c:1196
static void man_echo(struct management *man, const char *parm)
Definition: manage.c:641
unsigned int flags_default
Definition: status.h:34
static void man_forget_passwords(struct management *man)
Definition: manage.c:763
void free_buf(struct buffer *buf)
Definition: buffer.c:183
static void man_output_extra_env(struct management *man, const char *prefix)
Definition: manage.c:2788
#define D_MANAGEMENT_DEBUG
Definition: errlevel.h:134
static int buf_len(const struct buffer *buf)
Definition: buffer.h:240
bool management_over_tunnel
Definition: manage.h:231
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:663
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition: manage.c:3818
int password_tries
Definition: manage.h:273
struct log_history * state
Definition: manage.h:214
#define UP_QUERY_USER_PASS
Definition: manage.h:249
#define USER_PASS_LEN
Definition: misc.h:73
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition: manage.c:3289
bool validate_peer_info_line(char *line)
Definition: misc.c:698
#define streq(x, y)
Definition: options.h:617
static void in_extra_dispatch(struct management *man)
Definition: manage.c:877
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:401
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:189
int state
Definition: manage.h:85
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2988
#define M_INFO
Definition: errlevel.h:55
static int log_history_size(const struct log_history *h)
Definition: manage.h:139
#define SIZE(x)
Definition: basic.h:30
static void man_process_command(struct management *man, const char *line)
Definition: manage.c:1950
static bool man_password_needed(struct management *man)
Definition: manage.c:188
struct openvpn_sockaddr remote_sock
Definition: manage.h:96
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition: win32.h:126
struct man_persist persist
Definition: manage.h:320
static void man_output_list_push(struct management *man, const char *str)
Definition: manage.c:258
unsigned int msg_flags
Definition: manage.h:84
static bool man_persist_state(unsigned int *persistent, const int n)
Definition: manage.c:3002
void throw_signal_soft(const int signum, const char *signal_text)
Definition: sig.c:111
struct user_pass up_query
Definition: manage.h:309
bool char_class(const unsigned char c, const unsigned int flags)
Definition: buffer.c:892
static void gc_free(struct gc_arena *a)
Definition: buffer.h:999
const char * msg_flags_string(const unsigned int flags, struct gc_arena *gc)
Definition: error.c:781
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition: platform.c:69
const char * up_query_type
Definition: manage.h:307
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:2983
union openvpn_sockaddr::@8 addr
#define EVENT_METHOD_FAST
Definition: event.h:42
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition: manage.c:2812
#define CC_PRINT
Definition: buffer.h:891
#define UP_QUERY_PASS
Definition: manage.h:250
struct man_connection connection
Definition: manage.h:322
struct buffer_list * buffer_list_new(const int max_size)
Allocate an empty buffer list of capacity max_size.
Definition: buffer.c:1176
#define ASSERT(x)
Definition: error.h:221
static void man_proxy(struct management *man, const char **p)
Definition: manage.c:1169
struct management_callback callback
Definition: manage.h:211
#define SIGUSR1
Definition: config-msvc.h:116
static void man_record_peer_info(struct management *man)
Definition: manage.c:1609
int size
Definition: manage.h:123
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition: manage.c:3982
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition: buffer.c:1186
struct command_line * command_line_new(const int buf_len)
Definition: manage.c:3748
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len ...
Definition: buffer.c:1317
#define MF_UNIX_SOCK
Definition: manage.h:344
static void man_log(struct management *man, const char *parm)
Definition: manage.c:630
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const char *write_peer_info_file, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2364
#define M_FATAL
Definition: error.h:94
static void man_bytecount(struct management *man, const int update_seconds)
Definition: manage.c:458
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:243
static void man_listen(struct management *man)
Definition: manage.c:1773
struct buffer_list * in_extra
Definition: manage.h:285
#define CLEAR(x)
Definition: basic.h:33
static int modulo_add(int x, int y, int mod)
Definition: integer.h:106
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition: mroute.c:431
void man_bytecount_output_client(struct management *man)
Definition: manage.c:472
bool defined
Definition: misc.h:64
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:495
static void man_help(void)
Definition: manage.c:71
#define in_addr_t
Definition: config-msvc.h:104
struct buffer buf
Definition: manage.h:63
#define MAX_PARMS
Definition: options.h:51
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4192
struct addrinfo * local
Definition: manage.h:227
void command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
Definition: manage.c:3774
#define UP_QUERY_NEED_OK
Definition: manage.h:251
void command_line_free(struct command_line *cl)
Definition: manage.c:3765
#define SIGTERM
Definition: config-msvc.h:118
counter_type bytes_in
Definition: manage.h:220
static void get_signal(volatile int *sig)
Definition: sig.h:92
#define SIGHUP
Definition: config-msvc.h:114
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition: event.h:125
static void man_net(struct management *man)
Definition: manage.c:770
int echo_buffer_size
Definition: manage.h:234
bool management_hold(struct management *man, int holdtime)
Definition: manage.c:3696
struct in6_addr local_ip6
Definition: manage.h:94
int ext_key_state
Definition: manage.h:294
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition: manage.c:307
void management_echo(struct management *man, const char *string, const bool pull)
Definition: manage.c:2920
#define OPENVPN_STATE_AUTH
Definition: manage.h:492
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3584
#define openvpn_errno()
Definition: error.h:74
void(* status)(void *arg, const int version, struct status_output *so)
Definition: manage.h:161
in_addr_t local_ip
Definition: manage.h:93
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition: manage.c:2768
char username[USER_PASS_LEN]
Definition: misc.h:75
counter_type link_read_bytes_global
Definition: forward.c:50
#define LOG_PRINT_CRLF
Definition: manage.h:109
char * management_query_pk_sig(struct management *man, const char *b64_data)
Definition: manage.c:3642
#define PS_SHOW_PORT
Definition: socket.h:346
const char * command_line_get(struct command_line *cl)
Definition: manage.c:3790
static const char blank_up[]
Definition: manage.c:61
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition: manage.c:3376
#define MF_SERVER
Definition: manage.h:332
static void man_hold(struct management *man, const char *cmd)
Definition: manage.c:818
int capacity
Size in bytes of memory allocated by malloc().
Definition: buffer.h:62
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition: event.c:1180
static void man_certificate(struct management *man)
Definition: manage.c:1114
#define LOG_PRINT_LOG_PREFIX
Definition: manage.h:100
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition: status.c:63
#define LOG_PRINT_LOCAL_IP
Definition: manage.h:107
#define IEC_CLIENT_AUTH
Definition: manage.h:279
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:672
#define openvpn_close_socket(s)
Definition: socket.h:261
bool status_close(struct status_output *so)
Definition: status.c:203
time_t bytecount_last_update
Definition: manage.h:305
#define LOG_PRINT_ECHO_PREFIX
Definition: manage.h:101
const char * signal_name(const int sig, const bool upper)
Definition: sig.c:77
static void man_check_password(struct management *man, const char *line)
Definition: manage.c:194
FILE * platform_fopen(const char *path, const char *mode)
Definition: platform.c:302
#define EKS_SOLICIT
Definition: manage.h:291
bool nocache
Definition: misc.h:65
#define BPTR(buf)
Definition: buffer.h:124
static int platform_state_user_uid(const struct platform_state_user *s)
Definition: platform.h:89
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:349
struct buffer_list * ext_key_input
Definition: manage.h:295
void * arg
Definition: status.h:33
void net_event_win32_stop(struct net_event_win32 *ne)
Definition: win32.c:359
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const char *write_peer_info_file, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2579
#define LOG_PRINT_INTVAL
Definition: manage.h:112
#define OPENVPN_STATE_WAIT
Definition: manage.h:491
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition: socket.h:631
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
Definition: misc.h:123
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:297
char * write_peer_info_file
Definition: manage.h:236
int get_debug_level(void)
Definition: error.c:139
#define MF_HOLD
Definition: manage.h:334
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:393
static void man_connection_settings_reset(struct management *man)
Definition: manage.c:1651
int up_query_mode
Definition: manage.h:308
struct env_item * list
Definition: env_set.h:44
#define MN_AT_LEAST
Definition: manage.c:1146
#define counter_format
Definition: common.h:39
time_t timestamp
Definition: manage.h:91
#define IEC_CLIENT_PF
Definition: manage.h:280
bool(* proxy_cmd)(void *arg, const char **p)
Definition: manage.h:183
static struct gc_arena gc_new(void)
Definition: buffer.h:991
struct user_pass up
Definition: manage.h:232
static bool ignore_sys_error(const int err)
Definition: error.h:366
time_t now
Definition: otime.c:36
bool standalone_disabled
Definition: manage.h:210
void log_history_close(struct log_history *h)
Definition: manage.c:3933
#define malloc
Definition: cmocka.c:1795
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:376
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition: error.h:350
void chomp(char *str)
Definition: buffer.c:628
void management_notify_generic(struct management *man, const char *str)
Definition: manage.c:2818
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1026
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition: manage.c:1098
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition: manage.c:3018
struct event_set * es
Definition: manage.h:298
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2968
#define OPENVPN_STATE_ADD_ROUTES
Definition: manage.h:485
static int man_read(struct management *man)
Definition: manage.c:2155
#define LOG_PRINT_STATE_PREFIX
Definition: manage.h:102
void buffer_list_advance(struct buffer_list *ol, int n)
Definition: buffer.c:1340
#define sleep(x)
Definition: syshead.h:42
#define MANAGEMENT_VERSION
Definition: manage.h:34
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:758
void management_event_loop_n_seconds(struct management *man, int sec)
Definition: manage.c:3324
struct management * management_init(void)
Definition: manage.c:2563
void management_auth_token(struct management *man, const char *token)
Definition: manage.c:2996
static void man_query_password(struct management *man, const char *type, const char *string)
Definition: manage.c:736
static void man_kill(struct management *man, const char *victim)
Definition: manage.c:503
#define M_ERR
Definition: error.h:110
#define GET_USER_PASS_PASSWORD_ONLY
Definition: misc.h:115
int in_extra_cmd
Definition: manage.h:284
#define GET_USER_PASS_NEED_OK
Definition: misc.h:116
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition: manage.c:584
int capacity
Definition: manage.h:124
#define OPENVPN_STATE_CONNECTING
Definition: manage.h:483
bool set_mute_cutoff(const int cutoff)
Definition: error.c:125
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:495
void ssl_purge_auth(const bool auth_user_pass_only)
Definition: ssl.c:473
#define MANSIG_MAP_USR1_TO_TERM
Definition: manage.h:243
#define EKS_UNDEF
Definition: manage.h:290
static void man_accept(struct management *man)
Definition: manage.c:1735
int(* kill_by_cn)(void *arg, const char *common_name)
Definition: manage.h:163
struct command_line * in
Definition: manage.h:275
static void man_delete_unix_socket(struct management *man)
Definition: manage.c:280
static void man_connect(struct management *man)
Definition: manage.c:1836
static SERVICE_STATUS status
Definition: automatic.c:43
static bool man_check_for_signals(volatile int *signal_received)
Definition: manage.c:3177
#define MWCC_PASSWORD_WAIT
Definition: manage.c:3281
#define AF_DID_PUSH
static void event_reset(struct event_set *es)
Definition: event.h:107
void net_event_win32_reset(struct net_event_win32 *ne)
Definition: win32.c:353
struct net_event_win32 ne32
Definition: manage.h:268
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3194
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1371
int state_buffer_size
Definition: manage.h:235
void buf_clear(struct buffer *buf)
Definition: buffer.c:162
void net_event_win32_init(struct net_event_win32 *ne)
Definition: win32.c:319
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition: buffer.c:1202
unsigned int counter_type
Definition: common.h:38
struct openvpn_sockaddr remote
Definition: manage.h:265
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3964
#define OPENVPN_STATE_ASSIGN_IP
Definition: manage.h:484
static void man_signal(struct management *man, const char *name)
Definition: manage.c:415
static void man_update_io_state(struct management *man)
Definition: manage.c:219
void net_event_win32_close(struct net_event_win32 *ne)
Definition: win32.c:370
struct env_item * next
Definition: env_set.h:39
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:717
char * string
Definition: env_set.h:38
socket_descriptor_t sd_cli
Definition: manage.h:264
#define LOG_PRINT_STATE
Definition: manage.h:106
counter_type link_write_bytes_global
Definition: forward.c:51
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3613
#define GETADDR_HOST_ORDER
Definition: socket.h:522
void command_line_next(struct command_line *cl)
Definition: manage.c:3806
const char * auth_retry_print(void)
Definition: options.c:4030
int buf_substring_len(const struct buffer *buf, int delim)
Definition: buffer.c:818
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition: manage.c:3244
#define ERR_BUF_SIZE
Definition: error.h:39
bool state_realtime
Definition: manage.h:301
struct management * management
Definition: manage.c:63
static bool management_connected(const struct management *man)
Definition: manage.h:438
#define IER_NEW
Definition: manage.c:849
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition: win32.h:138
static void event_free(struct event_set *es)
Definition: event.h:98
static int platform_state_group_gid(const struct platform_state_group *s)
Definition: platform.h:101
#define GET_USER_PASS_NEED_STR
Definition: misc.h:118
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
bool hold_release
Definition: manage.h:216
bool wait_for_push
Definition: misc.h:67
#define SOCKET_UNDEFINED
Definition: syshead.h:487
#define IER_RESET
Definition: manage.c:848
unsigned int mansig
Definition: manage.h:244
void buf_chomp(struct buffer *buf)
Definition: buffer.c:568
static void man_connection_init(struct management *man)
Definition: manage.c:2484
struct log_history * log_history_init(const int capacity)
Definition: manage.c:3912
static void man_welcome(struct management *man)
Definition: manage.c:177
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition: manage.c:749
int get_mute_cutoff(void)
Definition: error.c:145
static void man_stop_ne32(struct management *man)
Definition: manage.c:1601
#define EVENT_READ
Definition: event.h:36
bool defined
Definition: manage.h:205
void(* show_net)(void *arg, const int msglevel)
Definition: manage.h:162
counter_type bytes_out
Definition: manage.h:221
bool management_should_daemonize(struct management *man)
Definition: manage.c:3686
#define BLEN(buf)
Definition: buffer.h:127
void log_history_resize(struct log_history *h, const int capacity)
Definition: manage.c:3961
struct openvpn_sockaddr local_sock
Definition: manage.h:95
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3267
static void man_up_finalize(struct management *man)
Definition: manage.c:664
#define LOG_FATAL_NOTIFY
Definition: manage.h:110
int(* n_clients)(void *arg)
Definition: manage.h:166
#define MF_FORGET_DISCONNECT
Definition: manage.h:336
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Definition: misc.h:134
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition: status.h:35
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1425
struct virtual_output vout
Definition: manage.h:208
#define IEC_PK_SIGN
Definition: manage.h:283
static int log_index(const struct log_history *h, int i)
Definition: manage.c:3898
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition: manage.c:2646
unsigned __int8 uint8_t
Definition: config-msvc.h:123
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition: win32.c:326
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1042
int base
Definition: manage.h:122
struct log_history * log
Definition: manage.h:207
static void man_persist_close(struct man_persist *mp)
Definition: manage.c:2342
#define OPENVPN_STATE_RECONNECTING
Definition: manage.h:487
#define MS_LISTEN
Definition: manage.h:256
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition: manage.c:756
int parse_signal(const char *signame)
Definition: sig.c:63
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2807
static void set_client_version(struct management *man, const char *version)
Definition: manage.c:1234
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition: buffer.c:1217
#define SIGINT
Definition: config-msvc.h:115
#define MF_QUERY_PASSWORDS
Definition: manage.h:333
const char * special_state_msg
Definition: manage.h:218
int log_history_cache
Definition: manage.h:233
int(* kill_by_addr)(void *arg, const in_addr_t addr, const int port)
Definition: manage.h:164
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:996
static int man_mod_signal(const struct management *man, const int signum)
Definition: manage.c:389
static void check_malloc_return(const void *p)
Definition: buffer.h:1069
#define MANSIG_MAP_USR1_TO_HUP
Definition: manage.h:242
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition: buffer.c:840
static void log_entry_free_contents(struct log_entry *e)
Definition: manage.c:3884
#define IEC_UNDEF
Definition: manage.h:278
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition: manage.c:2304
#define GETADDR_FATAL
Definition: socket.h:521
int client_version
Definition: manage.h:315
#define EKS_READY
Definition: manage.h:293
static void man_remote(struct management *man, const char **p)
Definition: manage.c:1190
int env_filter_level
Definition: manage.h:299
void management_clear_callback(struct management *man)
Definition: manage.c:2654
static void man_state(struct management *man, const char *parm)
Definition: manage.c:652
#define MF_UP_DOWN
Definition: manage.h:346
static void log_history_free_contents(struct log_history *h)
Definition: manage.c:3922
SOCKET socket_descriptor_t
Definition: syshead.h:488
#define OPENVPN_STATE_GET_CONFIG
Definition: manage.h:493
#define msg
Definition: error.h:173
struct log_entry * array
Definition: manage.h:125
#define OPENVPN_STATE_INITIAL
Definition: manage.h:482
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:269
Definition: misc.h:62
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition: manage.c:2802
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void set_nonblock(int fd)
Definition: fdmisc.c:71
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition: manage.c:3940
struct buffer_list * ext_cert_input
Definition: manage.h:297
bool echo_realtime
Definition: manage.h:303
unsigned int flags
Definition: manage.h:226
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition: manage.h:36
socket_descriptor_t sd_top
Definition: manage.h:263
struct buffer residual
Definition: manage.h:64
static void man_new_connection_post(struct management *man, const char *description)
Definition: manage.c:1664
#define IEC_CERTIFICATE
Definition: manage.h:282
int intval
Definition: manage.h:86
static void log_history_obj_init(struct log_history *h, int capacity)
Definition: manage.c:3904
void management_io(struct management *man)
Definition: manage.c:3058
#define LOG_PRINT_REMOTE_IP
Definition: manage.h:114
Definition: manage.h:89
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2663
static bool man_io_error(struct management *man, const char *prefix)
Definition: manage.c:2000
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition: manage.c:291
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition: manage.c:852
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
#define OPENVPN_STATE_EXITING
Definition: manage.h:488
#define MANSIG_IGNORE_USR1_HUP
Definition: manage.h:241
#define LOG_PRINT_MSG_FLAGS
Definition: manage.h:105
#define LOG_PRINT_INT_DATE
Definition: manage.h:104
#define MWCC_HOLD_WAIT
Definition: manage.c:3282
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:526
#define AF_DID_RESET
static int min_int(int x, int y)
Definition: integer.h:47
void management_pre_tunnel_close(struct management *man)
Definition: manage.c:2974
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1190
void throw_signal(const int signum)
Definition: sig.c:104
#define free
Definition: cmocka.c:1850
bool set_debug_level(const int level, const unsigned int flags)
Definition: error.c:107
#define EVENT_WRITE
Definition: event.h:37
static uint8_t * buf_bptr(const struct buffer *buf)
Definition: buffer.h:227
struct buffer_list * out
Definition: manage.h:276
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static void man_query_username(struct management *man, const char *type, const char *string)
Definition: manage.c:728
#define M_CLIENT
Definition: error.h:112
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition: manage.c:2722
#define MWCC_OTHER_WAIT
Definition: manage.c:3283
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3507
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition: buffer.h:209
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing...
Definition: manage.c:3995
#define GETADDR_PASSIVE
Definition: socket.h:530
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Definition: manage.c:1149
bool defined
Definition: manage.h:225
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition: win32.c:335
#define MS_INITIAL
Definition: manage.h:255
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition: manage.c:1905
bool(* remote_cmd)(void *arg, const char **p)
Definition: manage.h:184
#define BSTR(buf)
Definition: buffer.h:129
#define MAPF_SUBNET
Definition: mroute.h:156
static void man_settings_close(struct man_settings *ms)
Definition: manage.c:2472
#define LOG_ECHO_TO_LOG
Definition: manage.h:116
#define OPENVPN_STATE_CONNECTED
Definition: manage.h:486
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition: win32.h:132
static void man_output_list_push_finalize(struct management *man)
Definition: manage.c:235
#define M_ERRNO
Definition: error.h:99
char password[USER_PASS_LEN]
Definition: misc.h:76
static bool man_standalone_ok(const struct management *man)
Definition: manage.c:3171
#define MS_CC_WAIT_WRITE
Definition: manage.h:258
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition: manage.h:35
bool log_realtime
Definition: manage.h:302
static void man_start_ne32(struct management *man)
Definition: manage.c:1582
bool password_verified
Definition: manage.h:272
static void update_time(void)
Definition: otime.h:93
static void man_connection_close(struct management *man)
Definition: manage.c:2529
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition: manage.c:2951
char * dest
Definition: compat-lz4.h:431
int bytecount_update_seconds
Definition: manage.h:304
#define MANAGEMENT_ECHO_FLAGS
Definition: manage.c:57
#define BOOL_CAST(x)
Definition: basic.h:27
struct sockaddr sa
Definition: socket.h:68
static int man_write(struct management *man)
Definition: manage.c:2249
#define MF_SIGNAL
Definition: manage.h:335
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition: buffer.c:1258
#define GETADDR_RESOLVE
Definition: socket.h:520
#define ssize_t
Definition: config-msvc.h:105
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len ...
Definition: buffer.c:1271
int client_gid
Definition: manage.h:238
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:335
static void man_load_stats(struct management *man)
Definition: manage.c:1130
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition: manage.c:1243
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4007
const char title_string[]
Definition: options.c:65
static void man_prompt(struct management *man)
Definition: manage.c:265
#define CC_NEWLINE
Definition: buffer.h:897
#define M_WARN
Definition: error.h:96
static void man_connection_clear(struct man_connection *mc)
Definition: manage.c:2291
#define D_MANAGEMENT
Definition: errlevel.h:88
static void man_output_list_push_str(struct management *man, const char *str)
Definition: manage.c:249
struct man_settings settings
Definition: manage.h:321
bool management_would_hold(struct management *man)
Definition: manage.c:3676
#define MS_CC_WAIT_READ
Definition: manage.h:257
#define D_LINK_ERRORS
Definition: errlevel.h:57
struct log_history * echo
Definition: manage.h:213
#define MF_CONNECT_AS_CLIENT
Definition: manage.h:337
#define OPENVPN_STATE_CLIENT_BASE
Definition: manage.h:497
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition: manage.h:37
#define UP_QUERY_NEED_STR
Definition: manage.h:252
int ext_cert_state
Definition: manage.h:296