OpenVPN
manage.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #ifdef ENABLE_MANAGEMENT
33 
34 #include "error.h"
35 #include "fdmisc.h"
36 #include "options.h"
37 #include "sig.h"
38 #include "event.h"
39 #include "otime.h"
40 #include "integer.h"
41 #include "misc.h"
42 #include "ssl.h"
43 #include "common.h"
44 #include "manage.h"
45 
46 #include "memdbg.h"
47 
48 #ifdef ENABLE_PKCS11
49 #include "pkcs11.h"
50 #endif
51 
52 #define MANAGEMENT_ECHO_PULL_INFO 0
53 
54 #if MANAGEMENT_ECHO_PULL_INFO
55 #define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
56 #else
57 #define MANAGEMENT_ECHO_FLAGS 0
58 #endif
59 
60 /* tag for blank username/password */
61 static const char blank_up[] = "[[BLANK]]";
62 
63 struct management *management; /* GLOBAL */
64 
65 /* static forward declarations */
66 static void man_output_standalone(struct management *man, volatile int *signal_received);
67 
68 static void man_reset_client_socket(struct management *man, const bool exiting);
69 
70 static void
71 man_help(void)
72 {
73  msg(M_CLIENT, "Management Interface for %s", title_string);
74  msg(M_CLIENT, "Commands:");
75  msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
76  msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
77  msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
78  msg(M_CLIENT, "exit|quit : Close management session.");
79  msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
80  msg(M_CLIENT, "help : Print this message.");
81  msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
82  msg(M_CLIENT, " release current hold and start tunnel.");
83  msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
84  msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
85  msg(M_CLIENT, "load-stats : Show global server load stats.");
86  msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
87  msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
88  msg(M_CLIENT, "mute [n] : Set log mute level to n, or show level if n is absent.");
89  msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
90  msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
91  msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
92  msg(M_CLIENT, " where action is reply string.");
93  msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
94  msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
95  msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
96  msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
97  msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
98 #ifdef ENABLE_PKCS11
99  msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
100  msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
101 #endif
102 #ifdef MANAGEMENT_DEF_AUTH
103  msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
104  msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
105  msg(M_CLIENT, "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
106  msg(M_CLIENT, " text R and optional client reason text CR");
107  msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
108  msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
109 #ifdef MANAGEMENT_PF
110  msg(M_CLIENT, "client-pf CID : Define packet filter for client CID (MULTILINE)");
111 #endif
112 #endif
113 #ifdef MANAGMENT_EXTERNAL_KEY
114  msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
115  msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
116  msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
117  msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
118  msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge");
119  msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END");
120 #endif
121  msg(M_CLIENT, "signal s : Send signal s to daemon,");
122  msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
123  msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
124  msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
125  msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
126  msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
127  msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
128  msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
129  msg(M_CLIENT, "END");
130 }
131 
132 static const char *
133 man_state_name(const int state)
134 {
135  switch (state)
136  {
138  return "INITIAL";
139 
141  return "CONNECTING";
142 
143  case OPENVPN_STATE_WAIT:
144  return "WAIT";
145 
146  case OPENVPN_STATE_AUTH:
147  return "AUTH";
148 
150  return "GET_CONFIG";
151 
153  return "ASSIGN_IP";
154 
156  return "ADD_ROUTES";
157 
159  return "CONNECTED";
160 
162  return "RECONNECTING";
163 
165  return "EXITING";
166 
168  return "RESOLVE";
169 
171  return "TCP_CONNECT";
172 
173  default:
174  return "?";
175  }
176 }
177 
178 static void
179 man_welcome(struct management *man)
180 {
181  msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
183  if (man->persist.special_state_msg)
184  {
185  msg(M_CLIENT, "%s", man->persist.special_state_msg);
186  }
187 }
188 
189 static inline bool
190 man_password_needed(struct management *man)
191 {
192  return man->settings.up.defined && !man->connection.password_verified;
193 }
194 
195 static void
196 man_check_password(struct management *man, const char *line)
197 {
198  if (man_password_needed(man))
199  {
200  if (streq(line, man->settings.up.password))
201  {
202  man->connection.password_verified = true;
203  msg(M_CLIENT, "SUCCESS: password is correct");
204  man_welcome(man);
205  }
206  else
207  {
208  man->connection.password_verified = false;
209  msg(M_CLIENT, "ERROR: bad password");
211  {
212  msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
214  man->connection.halt = true;
215  }
216  }
217  }
218 }
219 
220 static void
221 man_update_io_state(struct management *man)
222 {
223  if (socket_defined(man->connection.sd_cli))
224  {
226  {
228  }
229  else
230  {
232  }
233  }
234 }
235 
236 static void
237 man_output_list_push_finalize(struct management *man)
238 {
239  if (management_connected(man))
240  {
241  man_update_io_state(man);
242  if (!man->persist.standalone_disabled)
243  {
244  volatile int signal_received = 0;
245  man_output_standalone(man, &signal_received);
246  }
247  }
248 }
249 
250 static void
251 man_output_list_push_str(struct management *man, const char *str)
252 {
253  if (management_connected(man) && str)
254  {
255  buffer_list_push(man->connection.out, str);
256  }
257 }
258 
259 static void
260 man_output_list_push(struct management *man, const char *str)
261 {
262  man_output_list_push_str(man, str);
264 }
265 
266 static void
267 man_prompt(struct management *man)
268 {
269  if (man_password_needed(man))
270  {
271  man_output_list_push(man, "ENTER PASSWORD:");
272  }
273 #if 0 /* should we use prompt? */
274  else
275  {
276  man_output_list_push(man, ">");
277  }
278 #endif
279 }
280 
281 static void
282 man_delete_unix_socket(struct management *man)
283 {
284 #if UNIX_SOCK_SUPPORT
286  {
287  socket_delete_unix(&man->settings.local_unix);
288  }
289 #endif
290 }
291 
292 static void
293 man_close_socket(struct management *man, const socket_descriptor_t sd)
294 {
295 #ifndef _WIN32
296  /*
297  * Windows doesn't need this because the ne32 event is permanently
298  * enabled at struct management scope.
299  */
300  if (man->persist.callback.delete_event)
301  {
302  (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
303  }
304 #endif
306 }
307 
308 static void
309 virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
310 {
311  struct management *man = (struct management *) arg;
312  static int recursive_level = 0; /* GLOBAL */
313 
314 #define AF_DID_PUSH (1<<0)
315 #define AF_DID_RESET (1<<1)
316 
317  if (!recursive_level) /* don't allow recursion */
318  {
319  struct gc_arena gc = gc_new();
320  struct log_entry e;
321  const char *out = NULL;
322  unsigned int action_flags = 0;
323 
324  ++recursive_level;
325 
326  CLEAR(e);
327  update_time();
328  e.timestamp = now;
329  e.u.msg_flags = flags;
330  e.string = str;
331 
332  if (flags & M_FATAL)
333  {
334  man->persist.standalone_disabled = false;
335  }
336 
337  if (flags != M_CLIENT)
338  {
339  log_history_add(man->persist.log, &e);
340  }
341 
342  if (!man_password_needed(man))
343  {
344  if (flags == M_CLIENT)
345  {
346  out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
347  }
348  else if (man->connection.log_realtime)
349  {
353  | LOG_PRINT_CRLF, &gc);
354  }
355  if (out)
356  {
357  man_output_list_push_str(man, out);
358  action_flags |= AF_DID_PUSH;
359  }
360  if (flags & M_FATAL)
361  {
363  if (out)
364  {
365  man_output_list_push_str(man, out);
366  action_flags |= (AF_DID_PUSH|AF_DID_RESET);
367  }
368  }
369  }
370 
371  gc_free(&gc);
372 
373  if (action_flags & AF_DID_PUSH)
374  {
376  }
377  if (action_flags & AF_DID_RESET)
378  {
379  man_reset_client_socket(man, true);
380  }
381 
382  --recursive_level;
383  }
384 }
385 
386 /*
387  * Given a signal, return the signal with possible remapping applied,
388  * or -1 if the signal should be ignored.
389  */
390 static int
391 man_mod_signal(const struct management *man, const int signum)
392 {
393  const unsigned int flags = man->settings.mansig;
394  int s = signum;
395  if (s == SIGUSR1)
396  {
397  if (flags & MANSIG_MAP_USR1_TO_HUP)
398  {
399  s = SIGHUP;
400  }
401  if (flags & MANSIG_MAP_USR1_TO_TERM)
402  {
403  s = SIGTERM;
404  }
405  }
406  if (flags & MANSIG_IGNORE_USR1_HUP)
407  {
408  if (s == SIGHUP || s == SIGUSR1)
409  {
410  s = -1;
411  }
412  }
413  return s;
414 }
415 
416 static void
417 man_signal(struct management *man, const char *name)
418 {
419  const int sig = parse_signal(name);
420  if (sig >= 0)
421  {
422  const int sig_mod = man_mod_signal(man, sig);
423  if (sig_mod >= 0)
424  {
425  throw_signal(sig_mod);
426  msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
427  }
428  else
429  {
430  if (man->persist.special_state_msg)
431  {
432  msg(M_CLIENT, "%s", man->persist.special_state_msg);
433  }
434  else
435  {
436  msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
437  }
438  }
439  }
440  else
441  {
442  msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
443  }
444 }
445 
446 static void
447 man_status(struct management *man, const int version, struct status_output *so)
448 {
449  if (man->persist.callback.status)
450  {
451  (*man->persist.callback.status)(man->persist.callback.arg, version, so);
452  }
453  else
454  {
455  msg(M_CLIENT, "ERROR: The 'status' command is not supported by the current daemon mode");
456  }
457 }
458 
459 static void
460 man_bytecount(struct management *man, const int update_seconds)
461 {
462  if (update_seconds >= 0)
463  {
464  man->connection.bytecount_update_seconds = update_seconds;
465  }
466  else
467  {
469  }
470  msg(M_CLIENT, "SUCCESS: bytecount interval changed");
471 }
472 
473 void
474 man_bytecount_output_client(struct management *man)
475 {
476  char in[32];
477  char out[32];
478  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
479  openvpn_snprintf(in, sizeof(in), counter_format, man->persist.bytes_in);
480  openvpn_snprintf(out, sizeof(out), counter_format, man->persist.bytes_out);
481  msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
483 }
484 
485 #ifdef MANAGEMENT_DEF_AUTH
486 
487 void
488 man_bytecount_output_server(struct management *man,
489  const counter_type *bytes_in_total,
490  const counter_type *bytes_out_total,
491  struct man_def_auth_context *mdac)
492 {
493  char in[32];
494  char out[32];
495  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
496  openvpn_snprintf(in, sizeof(in), counter_format, *bytes_in_total);
497  openvpn_snprintf(out, sizeof(out), counter_format, *bytes_out_total);
498  msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
499  mdac->bytecount_last_update = now;
500 }
501 
502 #endif
503 
504 static void
505 man_kill(struct management *man, const char *victim)
506 {
507  struct gc_arena gc = gc_new();
508 
510  {
511  struct buffer buf;
512  char p1[128];
513  char p2[128];
514  int n_killed;
515 
516  buf_set_read(&buf, (uint8_t *) victim, strlen(victim) + 1);
517  buf_parse(&buf, ':', p1, sizeof(p1));
518  buf_parse(&buf, ':', p2, sizeof(p2));
519 
520  if (strlen(p1) && strlen(p2))
521  {
522  /* IP:port specified */
523  bool status;
524  const in_addr_t addr = getaddr(GETADDR_HOST_ORDER|GETADDR_MSG_VIRT_OUT, p1, 0, &status, NULL);
525  if (status)
526  {
527  const int port = atoi(p2);
528  if (port > 0 && port < 65536)
529  {
530  n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg, addr, port);
531  if (n_killed > 0)
532  {
533  msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%d killed",
534  n_killed,
535  print_in_addr_t(addr, 0, &gc),
536  port);
537  }
538  else
539  {
540  msg(M_CLIENT, "ERROR: client at address %s:%d not found",
541  print_in_addr_t(addr, 0, &gc),
542  port);
543  }
544  }
545  else
546  {
547  msg(M_CLIENT, "ERROR: port number is out of range: %s", p2);
548  }
549  }
550  else
551  {
552  msg(M_CLIENT, "ERROR: error parsing IP address: %s", p1);
553  }
554  }
555  else if (strlen(p1))
556  {
557  /* common name specified */
558  n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
559  if (n_killed > 0)
560  {
561  msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
562  }
563  else
564  {
565  msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
566  }
567  }
568  else
569  {
570  msg(M_CLIENT, "ERROR: kill parse");
571  }
572  }
573  else
574  {
575  msg(M_CLIENT, "ERROR: The 'kill' command is not supported by the current daemon mode");
576  }
577 
578  gc_free(&gc);
579 }
580 
581 /*
582  * General-purpose history command handler
583  * for the log and echo commands.
584  */
585 static void
586 man_history(struct management *man,
587  const char *parm,
588  const char *type,
589  struct log_history *log,
590  bool *realtime,
591  const unsigned int lep_flags)
592 {
593  struct gc_arena gc = gc_new();
594  int n = 0;
595 
596  if (streq(parm, "on"))
597  {
598  *realtime = true;
599  msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
600  }
601  else if (streq(parm, "off"))
602  {
603  *realtime = false;
604  msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
605  }
606  else if (streq(parm, "all") || (n = atoi(parm)) > 0)
607  {
608  const int size = log_history_size(log);
609  const int start = (n ? n : size) - 1;
610  int i;
611 
612  for (i = start; i >= 0; --i)
613  {
614  const struct log_entry *e = log_history_ref(log, i);
615  if (e)
616  {
617  const char *out = log_entry_print(e, lep_flags, &gc);
619  }
620  }
621  msg(M_CLIENT, "END");
622  }
623  else
624  {
625  msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
626  }
627 
628  gc_free(&gc);
629 }
630 
631 static void
632 man_log(struct management *man, const char *parm)
633 {
634  man_history(man,
635  parm,
636  "log",
637  man->persist.log,
638  &man->connection.log_realtime,
640 }
641 
642 static void
643 man_echo(struct management *man, const char *parm)
644 {
645  man_history(man,
646  parm,
647  "echo",
648  man->persist.echo,
651 }
652 
653 static void
654 man_state(struct management *man, const char *parm)
655 {
656  man_history(man,
657  parm,
658  "state",
659  man->persist.state,
663 }
664 
665 static void
666 man_up_finalize(struct management *man)
667 {
668  switch (man->connection.up_query_mode)
669  {
670  case UP_QUERY_USER_PASS:
671  if (!strlen(man->connection.up_query.username))
672  {
673  break;
674  }
675 
676  /* fall through */
677  case UP_QUERY_PASS:
678  case UP_QUERY_NEED_OK:
679  case UP_QUERY_NEED_STR:
680  if (strlen(man->connection.up_query.password))
681  {
682  man->connection.up_query.defined = true;
683  }
684  break;
685 
686  case UP_QUERY_DISABLED:
687  man->connection.up_query.defined = false;
688  break;
689 
690  default:
691  ASSERT(0);
692  }
693 }
694 
695 static void
696 man_query_user_pass(struct management *man,
697  const char *type,
698  const char *string,
699  const bool needed,
700  const char *prompt,
701  char *dest,
702  int len)
703 {
704  if (needed)
705  {
707  if (streq(man->connection.up_query_type, type))
708  {
709  strncpynt(dest, string, len);
710  man_up_finalize(man);
711  msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified",
712  type,
713  prompt);
714  }
715  else
716  {
717  msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'",
718  prompt,
719  type,
721  }
722  }
723  else
724  {
725  msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
726  }
727 }
728 
729 static void
730 man_query_username(struct management *man, const char *type, const char *string)
731 {
732  const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS
733  ) && man->connection.up_query_type);
734  man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username, USER_PASS_LEN);
735 }
736 
737 static void
738 man_query_password(struct management *man, const char *type, const char *string)
739 {
740  const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
742  ) && man->connection.up_query_type);
743  if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
744  {
745  string = blank_up;
746  }
747  man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN);
748 }
749 
750 static void
751 man_query_need_ok(struct management *man, const char *type, const char *action)
752 {
753  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
754  man_query_user_pass(man, type, action, needed, "needok-confirmation", man->connection.up_query.password, USER_PASS_LEN);
755 }
756 
757 static void
758 man_query_need_str(struct management *man, const char *type, const char *action)
759 {
760  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
761  man_query_user_pass(man, type, action, needed, "needstr-string", man->connection.up_query.password, USER_PASS_LEN);
762 }
763 
764 static void
765 man_forget_passwords(struct management *man)
766 {
767  ssl_purge_auth(false);
768  msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
769 }
770 
771 static void
772 man_net(struct management *man)
773 {
774  if (man->persist.callback.show_net)
775  {
777  }
778  else
779  {
780  msg(M_CLIENT, "ERROR: The 'net' command is not supported by the current daemon mode");
781  }
782 }
783 
784 #ifdef ENABLE_PKCS11
785 
786 static void
787 man_pkcs11_id_count(struct management *man)
788 {
789  msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
790 }
791 
792 static void
793 man_pkcs11_id_get(struct management *man, const int index)
794 {
795  char *id = NULL;
796  char *base64 = NULL;
797 
798  if (pkcs11_management_id_get(index, &id, &base64))
799  {
800  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
801  }
802  else
803  {
804  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
805  }
806 
807  if (id != NULL)
808  {
809  free(id);
810  }
811  if (base64 != NULL)
812  {
813  free(base64);
814  }
815 }
816 
817 #endif /* ifdef ENABLE_PKCS11 */
818 
819 static void
820 man_hold(struct management *man, const char *cmd)
821 {
822  if (cmd)
823  {
824  if (streq(cmd, "on"))
825  {
826  man->settings.flags |= MF_HOLD;
827  msg(M_CLIENT, "SUCCESS: hold flag set to ON");
828  }
829  else if (streq(cmd, "off"))
830  {
831  man->settings.flags &= ~MF_HOLD;
832  msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
833  }
834  else if (streq(cmd, "release"))
835  {
836  man->persist.hold_release = true;
837  msg(M_CLIENT, "SUCCESS: hold release succeeded");
838  }
839  else
840  {
841  msg(M_CLIENT, "ERROR: bad hold command parameter");
842  }
843  }
844  else
845  {
846  msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
847  }
848 }
849 
850 #ifdef MANAGEMENT_IN_EXTRA
851 
852 #define IER_RESET 0
853 #define IER_NEW 1
854 
855 static void
856 in_extra_reset(struct man_connection *mc, const int mode)
857 {
858  if (mc)
859  {
860  if (mode != IER_NEW)
861  {
862  mc->in_extra_cmd = IEC_UNDEF;
863 #ifdef MANAGEMENT_DEF_AUTH
864  mc->in_extra_cid = 0;
865  mc->in_extra_kid = 0;
866 #endif
867  }
868  if (mc->in_extra)
869  {
870  buffer_list_free(mc->in_extra);
871  mc->in_extra = NULL;
872  }
873  if (mode == IER_NEW)
874  {
875  mc->in_extra = buffer_list_new(0);
876  }
877  }
878 }
879 
880 static void
881 in_extra_dispatch(struct management *man)
882 {
883  switch (man->connection.in_extra_cmd)
884  {
885 #ifdef MANAGEMENT_DEF_AUTH
886  case IEC_CLIENT_AUTH:
887  if (man->persist.callback.client_auth)
888  {
889  const bool status = (*man->persist.callback.client_auth)
890  (man->persist.callback.arg,
891  man->connection.in_extra_cid,
892  man->connection.in_extra_kid,
893  true,
894  NULL,
895  NULL,
896  man->connection.in_extra);
897  man->connection.in_extra = NULL;
898  if (status)
899  {
900  msg(M_CLIENT, "SUCCESS: client-auth command succeeded");
901  }
902  else
903  {
904  msg(M_CLIENT, "ERROR: client-auth command failed");
905  }
906  }
907  else
908  {
909  msg(M_CLIENT, "ERROR: The client-auth command is not supported by the current daemon mode");
910  }
911  break;
912 
913 #endif /* ifdef MANAGEMENT_DEF_AUTH */
914 #ifdef MANAGEMENT_PF
915  case IEC_CLIENT_PF:
916  if (man->persist.callback.client_pf)
917  {
918  const bool status = (*man->persist.callback.client_pf)
919  (man->persist.callback.arg,
920  man->connection.in_extra_cid,
921  man->connection.in_extra);
922  man->connection.in_extra = NULL;
923  if (status)
924  {
925  msg(M_CLIENT, "SUCCESS: client-pf command succeeded");
926  }
927  else
928  {
929  msg(M_CLIENT, "ERROR: client-pf command failed");
930  }
931  }
932  else
933  {
934  msg(M_CLIENT, "ERROR: The client-pf command is not supported by the current daemon mode");
935  }
936  break;
937 
938 #endif /* ifdef MANAGEMENT_PF */
939 #ifdef MANAGMENT_EXTERNAL_KEY
940  case IEC_PK_SIGN:
941  man->connection.ext_key_state = EKS_READY;
942  buffer_list_free(man->connection.ext_key_input);
943  man->connection.ext_key_input = man->connection.in_extra;
944  man->connection.in_extra = NULL;
945  return;
946 
947  case IEC_CERTIFICATE:
948  man->connection.ext_cert_state = EKS_READY;
949  buffer_list_free(man->connection.ext_cert_input);
950  man->connection.ext_cert_input = man->connection.in_extra;
951  man->connection.in_extra = NULL;
952  return;
953 #endif
954  }
956 }
957 
958 #endif /* MANAGEMENT_IN_EXTRA */
959 
960 #ifdef MANAGEMENT_DEF_AUTH
961 
962 static bool
963 parse_cid(const char *str, unsigned long *cid)
964 {
965  if (sscanf(str, "%lu", cid) == 1)
966  {
967  return true;
968  }
969  else
970  {
971  msg(M_CLIENT, "ERROR: cannot parse CID");
972  return false;
973  }
974 }
975 
976 static bool
977 parse_kid(const char *str, unsigned int *kid)
978 {
979  if (sscanf(str, "%u", kid) == 1)
980  {
981  return true;
982  }
983  else
984  {
985  msg(M_CLIENT, "ERROR: cannot parse KID");
986  return false;
987  }
988 }
989 
990 static void
991 man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
992 {
993  struct man_connection *mc = &man->connection;
994  mc->in_extra_cid = 0;
995  mc->in_extra_kid = 0;
996  if (parse_cid(cid_str, &mc->in_extra_cid)
997  && parse_kid(kid_str, &mc->in_extra_kid))
998  {
999  mc->in_extra_cmd = IEC_CLIENT_AUTH;
1000  in_extra_reset(mc, IER_NEW);
1001  if (!extra)
1002  {
1003  in_extra_dispatch(man);
1004  }
1005  }
1006 }
1007 
1008 static void
1009 man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
1010 {
1011  unsigned long cid = 0;
1012  unsigned int kid = 0;
1013  if (parse_cid(cid_str, &cid) && parse_kid(kid_str, &kid))
1014  {
1015  if (man->persist.callback.client_auth)
1016  {
1017  const bool status = (*man->persist.callback.client_auth)
1018  (man->persist.callback.arg,
1019  cid,
1020  kid,
1021  false,
1022  reason,
1023  client_reason,
1024  NULL);
1025  if (status)
1026  {
1027  msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1028  }
1029  else
1030  {
1031  msg(M_CLIENT, "ERROR: client-deny command failed");
1032  }
1033  }
1034  else
1035  {
1036  msg(M_CLIENT, "ERROR: The client-deny command is not supported by the current daemon mode");
1037  }
1038  }
1039 }
1040 
1041 static void
1042 man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1043 {
1044  unsigned long cid = 0;
1045  if (parse_cid(cid_str, &cid))
1046  {
1047  if (man->persist.callback.kill_by_cid)
1048  {
1049  const bool status = (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1050  if (status)
1051  {
1052  msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1053  }
1054  else
1055  {
1056  msg(M_CLIENT, "ERROR: client-kill command failed");
1057  }
1058  }
1059  else
1060  {
1061  msg(M_CLIENT, "ERROR: The client-kill command is not supported by the current daemon mode");
1062  }
1063  }
1064 }
1065 
1066 static void
1067 man_client_n_clients(struct management *man)
1068 {
1069  if (man->persist.callback.n_clients)
1070  {
1071  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1072  msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1073  }
1074  else
1075  {
1076  msg(M_CLIENT, "ERROR: The nclients command is not supported by the current daemon mode");
1077  }
1078 }
1079 
1080 static void
1081 man_env_filter(struct management *man, const int level)
1082 {
1083  man->connection.env_filter_level = level;
1084  msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1085 }
1086 
1087 #ifdef MANAGEMENT_PF
1088 
1089 static void
1090 man_client_pf(struct management *man, const char *cid_str)
1091 {
1092  struct man_connection *mc = &man->connection;
1093  mc->in_extra_cid = 0;
1094  mc->in_extra_kid = 0;
1095  if (parse_cid(cid_str, &mc->in_extra_cid))
1096  {
1097  mc->in_extra_cmd = IEC_CLIENT_PF;
1098  in_extra_reset(mc, IER_NEW);
1099  }
1100 }
1101 
1102 #endif /* MANAGEMENT_PF */
1103 #endif /* MANAGEMENT_DEF_AUTH */
1104 
1105 #ifdef MANAGMENT_EXTERNAL_KEY
1106 
1107 static void
1108 man_pk_sig(struct management *man, const char *cmd_name)
1109 {
1110  struct man_connection *mc = &man->connection;
1111  if (mc->ext_key_state == EKS_SOLICIT)
1112  {
1113  mc->ext_key_state = EKS_INPUT;
1114  mc->in_extra_cmd = IEC_PK_SIGN;
1115  in_extra_reset(mc, IER_NEW);
1116  }
1117  else
1118  {
1119  msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1120  }
1121 }
1122 
1123 static void
1124 man_certificate(struct management *man)
1125 {
1126  struct man_connection *mc = &man->connection;
1127  if (mc->ext_cert_state == EKS_SOLICIT)
1128  {
1129  mc->ext_cert_state = EKS_INPUT;
1130  mc->in_extra_cmd = IEC_CERTIFICATE;
1131  in_extra_reset(mc, IER_NEW);
1132  }
1133  else
1134  {
1135  msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1136  }
1137 }
1138 
1139 #endif /* ifdef MANAGMENT_EXTERNAL_KEY */
1140 
1141 static void
1142 man_load_stats(struct management *man)
1143 {
1146  int nclients = 0;
1147 
1148  if (man->persist.callback.n_clients)
1149  {
1150  nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1151  }
1152  msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1153  nclients,
1154  link_read_bytes_global,
1155  link_write_bytes_global);
1156 }
1157 
1158 #define MN_AT_LEAST (1<<0)
1159 
1160 static bool
1161 man_need(struct management *man, const char **p, const int n, unsigned int flags)
1162 {
1163  int i;
1164  ASSERT(p[0]);
1165  for (i = 1; i <= n; ++i)
1166  {
1167  if (!p[i])
1168  {
1169  msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s",
1170  p[0],
1171  (flags & MN_AT_LEAST) ? "at least " : "",
1172  n,
1173  n > 1 ? "s" : "");
1174  return false;
1175  }
1176  }
1177  return true;
1178 }
1179 
1180 static void
1181 man_proxy(struct management *man, const char **p)
1182 {
1183  if (man->persist.callback.proxy_cmd)
1184  {
1185  const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1186  if (status)
1187  {
1188  msg(M_CLIENT, "SUCCESS: proxy command succeeded");
1189  }
1190  else
1191  {
1192  msg(M_CLIENT, "ERROR: proxy command failed");
1193  }
1194  }
1195  else
1196  {
1197  msg(M_CLIENT, "ERROR: The proxy command is not supported by the current daemon mode");
1198  }
1199 }
1200 
1201 static void
1202 man_remote(struct management *man, const char **p)
1203 {
1204  if (man->persist.callback.remote_cmd)
1205  {
1206  const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1207  if (status)
1208  {
1209  msg(M_CLIENT, "SUCCESS: remote command succeeded");
1210  }
1211  else
1212  {
1213  msg(M_CLIENT, "ERROR: remote command failed");
1214  }
1215  }
1216  else
1217  {
1218  msg(M_CLIENT, "ERROR: The remote command is not supported by the current daemon mode");
1219  }
1220 }
1221 
1222 #ifdef TARGET_ANDROID
1223 static void
1224 man_network_change(struct management *man, bool samenetwork)
1225 {
1226  /* Called to signal the OpenVPN that the network configuration has changed and
1227  * the client should either float or reconnect.
1228  *
1229  * The code is currently only used by ics-openvpn
1230  */
1231  if (man->persist.callback.network_change)
1232  {
1233  int fd = (*man->persist.callback.network_change)
1234  (man->persist.callback.arg, samenetwork);
1235  man->connection.fdtosend = fd;
1236  msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1237  if (fd == -2)
1238  {
1239  man_signal(man, "SIGUSR1");
1240  }
1241  }
1242 }
1243 #endif
1244 
1245 static void
1246 set_client_version(struct management *man, const char *version)
1247 {
1248  if (version)
1249  {
1250  man->connection.client_version = atoi(version);
1251  }
1252 }
1253 
1254 static void
1255 man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
1256 {
1257  struct gc_arena gc = gc_new();
1258 
1259  ASSERT(p[0]);
1260  if (streq(p[0], "exit") || streq(p[0], "quit"))
1261  {
1262  man->connection.halt = true;
1263  goto done;
1264  }
1265  else if (streq(p[0], "help"))
1266  {
1267  man_help();
1268  }
1269  else if (streq(p[0], "version") && p[1])
1270  {
1271  set_client_version(man, p[1]);
1272  }
1273  else if (streq(p[0], "version"))
1274  {
1275  msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1276  msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1277  msg(M_CLIENT, "END");
1278  }
1279  else if (streq(p[0], "pid"))
1280  {
1281  msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1282  }
1283 #ifdef MANAGEMENT_DEF_AUTH
1284  else if (streq(p[0], "nclients"))
1285  {
1286  man_client_n_clients(man);
1287  }
1288  else if (streq(p[0], "env-filter"))
1289  {
1290  int level = 0;
1291  if (p[1])
1292  {
1293  level = atoi(p[1]);
1294  }
1295  man_env_filter(man, level);
1296  }
1297 #endif
1298  else if (streq(p[0], "signal"))
1299  {
1300  if (man_need(man, p, 1, 0))
1301  {
1302  man_signal(man, p[1]);
1303  }
1304  }
1305 #ifdef TARGET_ANDROID
1306  else if (streq(p[0], "network-change"))
1307  {
1308  bool samenetwork = false;
1309  if (p[1] && streq(p[1], "samenetwork"))
1310  {
1311  samenetwork = true;
1312  }
1313 
1314  man_network_change(man, samenetwork);
1315  }
1316 #endif
1317  else if (streq(p[0], "load-stats"))
1318  {
1319  man_load_stats(man);
1320  }
1321  else if (streq(p[0], "status"))
1322  {
1323  int version = 0;
1324  if (p[1])
1325  {
1326  version = atoi(p[1]);
1327  }
1328  man_status(man, version, so);
1329  }
1330  else if (streq(p[0], "kill"))
1331  {
1332  if (man_need(man, p, 1, 0))
1333  {
1334  man_kill(man, p[1]);
1335  }
1336  }
1337  else if (streq(p[0], "verb"))
1338  {
1339  if (p[1])
1340  {
1341  const int level = atoi(p[1]);
1342  if (set_debug_level(level, 0))
1343  {
1344  msg(M_CLIENT, "SUCCESS: verb level changed");
1345  }
1346  else
1347  {
1348  msg(M_CLIENT, "ERROR: verb level is out of range");
1349  }
1350  }
1351  else
1352  {
1353  msg(M_CLIENT, "SUCCESS: verb=%d", get_debug_level());
1354  }
1355  }
1356  else if (streq(p[0], "mute"))
1357  {
1358  if (p[1])
1359  {
1360  const int level = atoi(p[1]);
1361  if (set_mute_cutoff(level))
1362  {
1363  msg(M_CLIENT, "SUCCESS: mute level changed");
1364  }
1365  else
1366  {
1367  msg(M_CLIENT, "ERROR: mute level is out of range");
1368  }
1369  }
1370  else
1371  {
1372  msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1373  }
1374  }
1375  else if (streq(p[0], "auth-retry"))
1376  {
1377 #if P2MP
1378  if (p[1])
1379  {
1380  if (auth_retry_set(M_CLIENT, p[1]))
1381  {
1382  msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1383  }
1384  else
1385  {
1386  msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1387  }
1388  }
1389  else
1390  {
1391  msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1392  }
1393 #else /* if P2MP */
1394  msg(M_CLIENT, "ERROR: auth-retry feature is unavailable");
1395 #endif
1396  }
1397  else if (streq(p[0], "state"))
1398  {
1399  if (!p[1])
1400  {
1401  man_state(man, "1");
1402  }
1403  else
1404  {
1405  if (p[1])
1406  {
1407  man_state(man, p[1]);
1408  }
1409  if (p[2])
1410  {
1411  man_state(man, p[2]);
1412  }
1413  }
1414  }
1415  else if (streq(p[0], "log"))
1416  {
1417  if (man_need(man, p, 1, MN_AT_LEAST))
1418  {
1419  if (p[1])
1420  {
1421  man_log(man, p[1]);
1422  }
1423  if (p[2])
1424  {
1425  man_log(man, p[2]);
1426  }
1427  }
1428  }
1429  else if (streq(p[0], "echo"))
1430  {
1431  if (man_need(man, p, 1, MN_AT_LEAST))
1432  {
1433  if (p[1])
1434  {
1435  man_echo(man, p[1]);
1436  }
1437  if (p[2])
1438  {
1439  man_echo(man, p[2]);
1440  }
1441  }
1442  }
1443  else if (streq(p[0], "username"))
1444  {
1445  if (man_need(man, p, 2, 0))
1446  {
1447  man_query_username(man, p[1], p[2]);
1448  }
1449  }
1450  else if (streq(p[0], "password"))
1451  {
1452  if (man_need(man, p, 2, 0))
1453  {
1454  man_query_password(man, p[1], p[2]);
1455  }
1456  }
1457  else if (streq(p[0], "forget-passwords"))
1458  {
1459  man_forget_passwords(man);
1460  }
1461  else if (streq(p[0], "needok"))
1462  {
1463  if (man_need(man, p, 2, 0))
1464  {
1465  man_query_need_ok(man, p[1], p[2]);
1466  }
1467  }
1468  else if (streq(p[0], "needstr"))
1469  {
1470  if (man_need(man, p, 2, 0))
1471  {
1472  man_query_need_str(man, p[1], p[2]);
1473  }
1474  }
1475  else if (streq(p[0], "net"))
1476  {
1477  man_net(man);
1478  }
1479  else if (streq(p[0], "hold"))
1480  {
1481  man_hold(man, p[1]);
1482  }
1483  else if (streq(p[0], "bytecount"))
1484  {
1485  if (man_need(man, p, 1, 0))
1486  {
1487  man_bytecount(man, atoi(p[1]));
1488  }
1489  }
1490 #ifdef MANAGEMENT_DEF_AUTH
1491  else if (streq(p[0], "client-kill"))
1492  {
1493  if (man_need(man, p, 1, MN_AT_LEAST))
1494  {
1495  man_client_kill(man, p[1], p[2]);
1496  }
1497  }
1498  else if (streq(p[0], "client-deny"))
1499  {
1500  if (man_need(man, p, 3, MN_AT_LEAST))
1501  {
1502  man_client_deny(man, p[1], p[2], p[3], p[4]);
1503  }
1504  }
1505  else if (streq(p[0], "client-auth-nt"))
1506  {
1507  if (man_need(man, p, 2, 0))
1508  {
1509  man_client_auth(man, p[1], p[2], false);
1510  }
1511  }
1512  else if (streq(p[0], "client-auth"))
1513  {
1514  if (man_need(man, p, 2, 0))
1515  {
1516  man_client_auth(man, p[1], p[2], true);
1517  }
1518  }
1519 #ifdef MANAGEMENT_PF
1520  else if (streq(p[0], "client-pf"))
1521  {
1522  if (man_need(man, p, 1, 0))
1523  {
1524  man_client_pf(man, p[1]);
1525  }
1526  }
1527 #endif
1528 #endif /* ifdef MANAGEMENT_DEF_AUTH */
1529 #ifdef MANAGMENT_EXTERNAL_KEY
1530  else if (streq(p[0], "rsa-sig"))
1531  {
1532  man_pk_sig(man, "rsa-sig");
1533  }
1534  else if (streq(p[0], "pk-sig"))
1535  {
1536  man_pk_sig(man, "pk-sig");
1537  }
1538  else if (streq(p[0], "certificate"))
1539  {
1540  man_certificate(man);
1541  }
1542 #endif
1543 #ifdef ENABLE_PKCS11
1544  else if (streq(p[0], "pkcs11-id-count"))
1545  {
1546  man_pkcs11_id_count(man);
1547  }
1548  else if (streq(p[0], "pkcs11-id-get"))
1549  {
1550  if (man_need(man, p, 1, 0))
1551  {
1552  man_pkcs11_id_get(man, atoi(p[1]));
1553  }
1554  }
1555 #endif
1556  else if (streq(p[0], "proxy"))
1557  {
1558  if (man_need(man, p, 1, MN_AT_LEAST))
1559  {
1560  man_proxy(man, p);
1561  }
1562  }
1563  else if (streq(p[0], "remote"))
1564  {
1565  if (man_need(man, p, 1, MN_AT_LEAST))
1566  {
1567  man_remote(man, p);
1568  }
1569  }
1570 #if 1
1571  else if (streq(p[0], "test"))
1572  {
1573  if (man_need(man, p, 1, 0))
1574  {
1575  int i;
1576  const int n = atoi(p[1]);
1577  for (i = 0; i < n; ++i)
1578  {
1579  msg(M_CLIENT, "[%d] The purpose of this command is to generate large amounts of output.", i);
1580  }
1581  }
1582  }
1583 #endif
1584  else
1585  {
1586  msg(M_CLIENT, "ERROR: unknown command, enter 'help' for more options");
1587  }
1588 
1589 done:
1590  gc_free(&gc);
1591 }
1592 
1593 #ifdef _WIN32
1594 
1595 static void
1596 man_start_ne32(struct management *man)
1597 {
1598  switch (man->connection.state)
1599  {
1600  case MS_LISTEN:
1601  net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1602  break;
1603 
1604  case MS_CC_WAIT_READ:
1605  case MS_CC_WAIT_WRITE:
1606  net_event_win32_start(&man->connection.ne32, FD_READ|FD_WRITE|FD_CLOSE, man->connection.sd_cli);
1607  break;
1608 
1609  default:
1610  ASSERT(0);
1611  }
1612 }
1613 
1614 static void
1615 man_stop_ne32(struct management *man)
1616 {
1618 }
1619 
1620 #endif /* ifdef _WIN32 */
1621 
1622 static void
1623 man_record_peer_info(struct management *man)
1624 {
1625  struct gc_arena gc = gc_new();
1626  if (man->settings.write_peer_info_file)
1627  {
1628  bool success = false;
1629 #ifdef HAVE_GETSOCKNAME
1630  if (socket_defined(man->connection.sd_cli))
1631  {
1632  struct sockaddr_in addr;
1633  socklen_t addrlen = sizeof(addr);
1634  int status;
1635 
1636  CLEAR(addr);
1637  status = getsockname(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen);
1638  if (!status && addrlen == sizeof(addr))
1639  {
1640  const in_addr_t a = ntohl(addr.sin_addr.s_addr);
1641  const int p = ntohs(addr.sin_port);
1642  FILE *fp = platform_fopen(man->settings.write_peer_info_file, "w");
1643  if (fp)
1644  {
1645  fprintf(fp, "%s\n%d\n", print_in_addr_t(a, 0, &gc), p);
1646  if (!fclose(fp))
1647  {
1648  success = true;
1649  }
1650  }
1651  }
1652  }
1653 #endif /* ifdef HAVE_GETSOCKNAME */
1654  if (!success)
1655  {
1656  msg(D_MANAGEMENT, "MANAGEMENT: failed to write peer info to file %s",
1658  throw_signal_soft(SIGTERM, "management-connect-failed");
1659  }
1660  }
1661  gc_free(&gc);
1662 }
1663 
1664 static void
1665 man_connection_settings_reset(struct management *man)
1666 {
1667  man->connection.state_realtime = false;
1668  man->connection.log_realtime = false;
1669  man->connection.echo_realtime = false;
1671  man->connection.password_verified = false;
1672  man->connection.password_tries = 0;
1673  man->connection.halt = false;
1675 }
1676 
1677 static void
1678 man_new_connection_post(struct management *man, const char *description)
1679 {
1680  struct gc_arena gc = gc_new();
1681 
1683 
1685 
1686 #ifdef _WIN32
1687  man_start_ne32(man);
1688 #endif
1689 
1690 #if UNIX_SOCK_SUPPORT
1691  if (man->settings.flags & MF_UNIX_SOCK)
1692  {
1693  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1694  description,
1695  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1696  }
1697  else
1698 #endif
1699  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1700  description,
1701  print_sockaddr(man->settings.local->ai_addr, &gc));
1702 
1704 
1705  if (!man_password_needed(man))
1706  {
1707  man_welcome(man);
1708  }
1709  man_prompt(man);
1710  man_update_io_state(man);
1711 
1712  gc_free(&gc);
1713 }
1714 
1715 #if UNIX_SOCK_SUPPORT
1716 static bool
1717 man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1718 {
1719  if (socket_defined(sd) && (man->settings.client_uid != -1 || man->settings.client_gid != -1))
1720  {
1721  static const char err_prefix[] = "MANAGEMENT: unix domain socket client connection rejected --";
1722  int uid, gid;
1723  if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1724  {
1725  if (man->settings.client_uid != -1 && man->settings.client_uid != uid)
1726  {
1727  msg(D_MANAGEMENT, "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1728  err_prefix, uid, man->settings.client_uid);
1729  return false;
1730  }
1731  if (man->settings.client_gid != -1 && man->settings.client_gid != gid)
1732  {
1733  msg(D_MANAGEMENT, "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1734  err_prefix, gid, man->settings.client_gid);
1735  return false;
1736  }
1737  }
1738  else
1739  {
1740  msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1741  return false;
1742  }
1743  }
1744  return true;
1745 }
1746 #endif /* if UNIX_SOCK_SUPPORT */
1747 
1748 static void
1749 man_accept(struct management *man)
1750 {
1751  struct link_socket_actual act;
1752  CLEAR(act);
1753 
1754  /*
1755  * Accept the TCP or Unix domain socket client.
1756  */
1757 #if UNIX_SOCK_SUPPORT
1758  if (man->settings.flags & MF_UNIX_SOCK)
1759  {
1760  struct sockaddr_un remote;
1761  man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1762  if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1763  {
1764  sd_close(&man->connection.sd_cli);
1765  }
1766  }
1767  else
1768 #endif
1769  man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1770 
1771  if (socket_defined(man->connection.sd_cli))
1772  {
1773  man->connection.remote = act.dest;
1774 
1775  if (socket_defined(man->connection.sd_top))
1776  {
1777 #ifdef _WIN32
1778  man_stop_ne32(man);
1779 #endif
1780  }
1781 
1782  man_new_connection_post(man, "Client connected from");
1783  }
1784 }
1785 
1786 static void
1787 man_listen(struct management *man)
1788 {
1789  struct gc_arena gc = gc_new();
1790 
1791  /*
1792  * Initialize state
1793  */
1794  man->connection.state = MS_LISTEN;
1796 
1797  /*
1798  * Initialize listening socket
1799  */
1800  if (man->connection.sd_top == SOCKET_UNDEFINED)
1801  {
1802 #if UNIX_SOCK_SUPPORT
1803  if (man->settings.flags & MF_UNIX_SOCK)
1804  {
1806  man->connection.sd_top = create_socket_unix();
1807  socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1808  }
1809  else
1810 #endif
1811  {
1814  man->settings.local->ai_family, "MANAGEMENT", false);
1815  }
1816 
1817  /*
1818  * Listen for connection
1819  */
1820  if (listen(man->connection.sd_top, 1))
1821  {
1822  msg(M_ERR, "MANAGEMENT: listen() failed");
1823  }
1824 
1825  /*
1826  * Set misc socket properties
1827  */
1829 
1830 #if UNIX_SOCK_SUPPORT
1831  if (man->settings.flags & MF_UNIX_SOCK)
1832  {
1833  msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1834  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1835  }
1836  else
1837 #endif
1838  msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1839  print_sockaddr(man->settings.local->ai_addr, &gc));
1840  }
1841 
1842 #ifdef _WIN32
1843  man_start_ne32(man);
1844 #endif
1845 
1846  gc_free(&gc);
1847 }
1848 
1849 static void
1850 man_connect(struct management *man)
1851 {
1852  struct gc_arena gc = gc_new();
1853  int status;
1854  int signal_received = 0;
1855 
1856  /*
1857  * Initialize state
1858  */
1859  man->connection.state = MS_INITIAL;
1861 
1862 #if UNIX_SOCK_SUPPORT
1863  if (man->settings.flags & MF_UNIX_SOCK)
1864  {
1865  man->connection.sd_cli = create_socket_unix();
1866  status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
1867  if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1868  {
1869 #ifdef EPERM
1870  status = EPERM;
1871 #else
1872  status = 1;
1873 #endif
1874  sd_close(&man->connection.sd_cli);
1875  }
1876  }
1877  else
1878 #endif
1879  {
1881  status = openvpn_connect(man->connection.sd_cli,
1882  man->settings.local->ai_addr,
1883  5,
1884  &signal_received);
1885  }
1886 
1887  if (signal_received)
1888  {
1889  throw_signal(signal_received);
1890  goto done;
1891  }
1892 
1893  if (status)
1894  {
1895 #if UNIX_SOCK_SUPPORT
1896  if (man->settings.flags & MF_UNIX_SOCK)
1897  {
1899  "MANAGEMENT: connect to unix socket %s failed",
1900  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1901  }
1902  else
1903 #endif
1905  "MANAGEMENT: connect to %s failed",
1906  print_sockaddr(man->settings.local->ai_addr, &gc));
1907  throw_signal_soft(SIGTERM, "management-connect-failed");
1908  goto done;
1909  }
1910 
1911  man_record_peer_info(man);
1912  man_new_connection_post(man, "Connected to management server at");
1913 
1914 done:
1915  gc_free(&gc);
1916 }
1917 
1918 static void
1919 man_reset_client_socket(struct management *man, const bool exiting)
1920 {
1921  if (socket_defined(man->connection.sd_cli))
1922  {
1923 #ifdef _WIN32
1924  man_stop_ne32(man);
1925 #endif
1926  man_close_socket(man, man->connection.sd_cli);
1928  man->connection.state = MS_INITIAL;
1931 #ifdef MANAGEMENT_IN_EXTRA
1933 #endif
1934  msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
1935  }
1936  if (!exiting)
1937  {
1938  if (man->settings.flags & MF_FORGET_DISCONNECT)
1939  {
1940  ssl_purge_auth(false);
1941  }
1942 
1943  if (man->settings.flags & MF_SIGNAL)
1944  {
1945  int mysig = man_mod_signal(man, SIGUSR1);
1946  if (mysig >= 0)
1947  {
1948  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
1949  throw_signal_soft(mysig, "management-disconnect");
1950  }
1951  }
1952 
1953  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1954  {
1955  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
1956  throw_signal_soft(SIGTERM, "management-exit");
1957  }
1958  else
1959  {
1960  man_listen(man);
1961  }
1962  }
1963 }
1964 
1965 static void
1966 man_process_command(struct management *man, const char *line)
1967 {
1968  struct gc_arena gc = gc_new();
1969  struct status_output *so;
1970  int nparms;
1971  char *parms[MAX_PARMS+1];
1972 
1973  CLEAR(parms);
1974  so = status_open(NULL, 0, -1, &man->persist.vout, 0);
1975 #ifdef MANAGEMENT_IN_EXTRA
1977 #endif
1978 
1979  if (man_password_needed(man))
1980  {
1981  man_check_password(man, line);
1982  }
1983  else
1984  {
1985  nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
1986  if (parms[0] && streq(parms[0], "password"))
1987  {
1988  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
1989  }
1990  else if (!streq(line, "load-stats"))
1991  {
1992  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
1993  }
1994 
1995 #if 0
1996  /* DEBUGGING -- print args */
1997  {
1998  int i;
1999  for (i = 0; i < nparms; ++i)
2000  {
2001  msg(M_INFO, "[%d] '%s'", i, parms[i]);
2002  }
2003  }
2004 #endif
2005 
2006  if (nparms > 0)
2007  {
2008  man_dispatch_command(man, so, (const char **)parms, nparms);
2009  }
2010  }
2011 
2012  CLEAR(parms);
2013  status_close(so);
2014  gc_free(&gc);
2015 }
2016 
2017 static bool
2018 man_io_error(struct management *man, const char *prefix)
2019 {
2020  const int err = openvpn_errno();
2021 
2022  if (!ignore_sys_error(err))
2023  {
2024  struct gc_arena gc = gc_new();
2025  msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix,
2026  strerror(err));
2027  gc_free(&gc);
2028  return true;
2029  }
2030  else
2031  {
2032  return false;
2033  }
2034 }
2035 
2036 #ifdef TARGET_ANDROID
2037 static ssize_t
2038 man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2039 {
2040  struct msghdr msg;
2041  struct iovec iov[1];
2042 
2043  union {
2044  struct cmsghdr cm;
2045  char control[CMSG_SPACE(sizeof(int))];
2046  } control_un;
2047  struct cmsghdr *cmptr;
2048 
2049  msg.msg_control = control_un.control;
2050  msg.msg_controllen = sizeof(control_un.control);
2051 
2052  cmptr = CMSG_FIRSTHDR(&msg);
2053  cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2054  cmptr->cmsg_level = SOL_SOCKET;
2055  cmptr->cmsg_type = SCM_RIGHTS;
2056  *((int *) CMSG_DATA(cmptr)) = sendfd;
2057 
2058  msg.msg_name = NULL;
2059  msg.msg_namelen = 0;
2060 
2061  iov[0].iov_base = ptr;
2062  iov[0].iov_len = nbytes;
2063  msg.msg_iov = iov;
2064  msg.msg_iovlen = 1;
2065 
2066  return (sendmsg(fd, &msg, flags));
2067 }
2068 
2069 static ssize_t
2070 man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2071 {
2072  struct msghdr msghdr;
2073  struct iovec iov[1];
2074  ssize_t n;
2075 
2076  union {
2077  struct cmsghdr cm;
2078  char control[CMSG_SPACE(sizeof(int))];
2079  } control_un;
2080  struct cmsghdr *cmptr;
2081 
2082  msghdr.msg_control = control_un.control;
2083  msghdr.msg_controllen = sizeof(control_un.control);
2084 
2085  msghdr.msg_name = NULL;
2086  msghdr.msg_namelen = 0;
2087 
2088  iov[0].iov_base = ptr;
2089  iov[0].iov_len = nbytes;
2090  msghdr.msg_iov = iov;
2091  msghdr.msg_iovlen = 1;
2092 
2093  if ( (n = recvmsg(fd, &msghdr, flags)) <= 0)
2094  {
2095  return (n);
2096  }
2097 
2098  if ( (cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL
2099  && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2100  {
2101  if (cmptr->cmsg_level != SOL_SOCKET)
2102  {
2103  msg(M_ERR, "control level != SOL_SOCKET");
2104  }
2105  if (cmptr->cmsg_type != SCM_RIGHTS)
2106  {
2107  msg(M_ERR, "control type != SCM_RIGHTS");
2108  }
2109  *recvfd = *((int *) CMSG_DATA(cmptr));
2110  }
2111  else
2112  {
2113  *recvfd = -1; /* descriptor was not passed */
2114 
2115  }
2116  return (n);
2117 }
2118 
2119 /*
2120  * The android control method will instruct the GUI part of openvpn to do
2121  * the route/ifconfig/open tun command. See doc/android.txt for details.
2122  */
2123 bool
2124 management_android_control(struct management *man, const char *command, const char *msg)
2125 {
2126  struct user_pass up;
2127  CLEAR(up);
2128  strncpy(up.username, msg, sizeof(up.username)-1);
2129 
2130  management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK,(void *) 0);
2131  return strcmp("ok", up.password)==0;
2132 }
2133 
2134 /*
2135  * In Android 4.4 it is not possible to open a new tun device and then close the
2136  * old tun device without breaking the whole VPNService stack until the device
2137  * is rebooted. This management method ask the UI what method should be taken to
2138  * ensure the optimal solution for the situation
2139  */
2140 int
2141 managment_android_persisttun_action(struct management *man)
2142 {
2143  struct user_pass up;
2144  CLEAR(up);
2145  strcpy(up.username,"tunmethod");
2146  management_query_user_pass(management, &up, "PERSIST_TUN_ACTION",
2147  GET_USER_PASS_NEED_OK,(void *) 0);
2148  if (!strcmp("NOACTION", up.password))
2149  {
2150  return ANDROID_KEEP_OLD_TUN;
2151  }
2152  else if (!strcmp("OPEN_AFTER_CLOSE", up.password))
2153  {
2154  return ANDROID_OPEN_AFTER_CLOSE;
2155  }
2156  else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2157  {
2158  return ANDROID_OPEN_BEFORE_CLOSE;
2159  }
2160  else
2161  {
2162  msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query", up.password);
2163  }
2164 
2165  ASSERT(0);
2166  return ANDROID_OPEN_AFTER_CLOSE;
2167 }
2168 
2169 
2170 #endif /* ifdef TARGET_ANDROID */
2171 
2172 static int
2173 man_read(struct management *man)
2174 {
2175  /*
2176  * read command line from socket
2177  */
2178  unsigned char buf[256];
2179  int len = 0;
2180 
2181 #ifdef TARGET_ANDROID
2182  int fd;
2183  len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2184  if (fd >= 0)
2185  {
2186  man->connection.lastfdreceived = fd;
2187  }
2188 #else /* ifdef TARGET_ANDROID */
2189  len = recv(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL);
2190 #endif
2191 
2192  if (len == 0)
2193  {
2194  man_reset_client_socket(man, false);
2195  }
2196  else if (len > 0)
2197  {
2198  bool processed_command = false;
2199 
2200  ASSERT(len <= (int) sizeof(buf));
2201  command_line_add(man->connection.in, buf, len);
2202 
2203  /*
2204  * Reset output object
2205  */
2207 
2208  /*
2209  * process command line if complete
2210  */
2211  {
2212  const char *line;
2213  while ((line = command_line_get(man->connection.in)))
2214  {
2215 #ifdef MANAGEMENT_IN_EXTRA
2216  if (man->connection.in_extra)
2217  {
2218  if (!strcmp(line, "END"))
2219  {
2220  in_extra_dispatch(man);
2221  }
2222  else
2223  {
2224  buffer_list_push(man->connection.in_extra, line);
2225  }
2226  }
2227  else
2228 #endif
2229  man_process_command(man, (char *) line);
2230  if (man->connection.halt)
2231  {
2232  break;
2233  }
2235  processed_command = true;
2236  }
2237  }
2238 
2239  /*
2240  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2241  */
2242  if (man->connection.halt)
2243  {
2244  man_reset_client_socket(man, false);
2245  len = 0;
2246  }
2247  else
2248  {
2249  if (processed_command)
2250  {
2251  man_prompt(man);
2252  }
2253  man_update_io_state(man);
2254  }
2255  }
2256  else /* len < 0 */
2257  {
2258  if (man_io_error(man, "recv"))
2259  {
2260  man_reset_client_socket(man, false);
2261  }
2262  }
2263  return len;
2264 }
2265 
2266 static int
2267 man_write(struct management *man)
2268 {
2269  const int size_hint = 1024;
2270  int sent = 0;
2271  const struct buffer *buf;
2272 
2273  buffer_list_aggregate(man->connection.out, size_hint);
2274  buf = buffer_list_peek(man->connection.out);
2275  if (buf && BLEN(buf))
2276  {
2277  const int len = min_int(size_hint, BLEN(buf));
2278 #ifdef TARGET_ANDROID
2279  if (man->connection.fdtosend > 0)
2280  {
2281  sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,man->connection.fdtosend);
2282  man->connection.fdtosend = -1;
2283  }
2284  else
2285 #endif
2286  sent = send(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL);
2287  if (sent >= 0)
2288  {
2289  buffer_list_advance(man->connection.out, sent);
2290  }
2291  else if (sent < 0)
2292  {
2293  if (man_io_error(man, "send"))
2294  {
2295  man_reset_client_socket(man, false);
2296  }
2297  }
2298  }
2299 
2300  /*
2301  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2302  */
2303  man_update_io_state(man);
2304 
2305  return sent;
2306 }
2307 
2308 static void
2310 {
2311  CLEAR(*mc);
2312 
2313  /* set initial state */
2314  mc->state = MS_INITIAL;
2315 
2316  /* clear socket descriptors */
2317  mc->sd_top = SOCKET_UNDEFINED;
2318  mc->sd_cli = SOCKET_UNDEFINED;
2319 }
2320 
2321 static void
2322 man_persist_init(struct management *man,
2323  const int log_history_cache,
2324  const int echo_buffer_size,
2325  const int state_buffer_size)
2326 {
2327  struct man_persist *mp = &man->persist;
2328  if (!mp->defined)
2329  {
2330  CLEAR(*mp);
2331 
2332  /* initialize log history store */
2333  mp->log = log_history_init(log_history_cache);
2334 
2335  /*
2336  * Initialize virtual output object, so that functions
2337  * which write to a virtual_output object can be redirected
2338  * here to the management object.
2339  */
2341  mp->vout.arg = man;
2342  mp->vout.flags_default = M_CLIENT;
2344 
2345  /*
2346  * Initialize --echo list
2347  */
2348  man->persist.echo = log_history_init(echo_buffer_size);
2349 
2350  /*
2351  * Initialize --state list
2352  */
2353  man->persist.state = log_history_init(state_buffer_size);
2354 
2355  mp->defined = true;
2356  }
2357 }
2358 
2359 static void
2361 {
2362  if (mp->log)
2363  {
2364  msg_set_virtual_output(NULL);
2365  log_history_close(mp->log);
2366  }
2367 
2368  if (mp->echo)
2369  {
2370  log_history_close(mp->echo);
2371  }
2372 
2373  if (mp->state)
2374  {
2375  log_history_close(mp->state);
2376  }
2377 
2378  CLEAR(*mp);
2379 }
2380 
2381 static void
2383  const char *addr,
2384  const char *port,
2385  const char *pass_file,
2386  const char *client_user,
2387  const char *client_group,
2388  const int log_history_cache,
2389  const int echo_buffer_size,
2390  const int state_buffer_size,
2391  const char *write_peer_info_file,
2392  const int remap_sigusr1,
2393  const unsigned int flags)
2394 {
2395  if (!ms->defined)
2396  {
2397  CLEAR(*ms);
2398 
2399  ms->flags = flags;
2400  ms->client_uid = -1;
2401  ms->client_gid = -1;
2402 
2403  /*
2404  * Get username/password
2405  */
2406  if (pass_file)
2407  {
2408  get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2409  }
2410 
2411  /*
2412  * lookup client UID/GID if specified
2413  */
2414  if (client_user)
2415  {
2416  struct platform_state_user s;
2417  platform_user_get(client_user, &s);
2419  msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->client_uid);
2420  ASSERT(ms->client_uid >= 0);
2421  }
2422  if (client_group)
2423  {
2424  struct platform_state_group s;
2425  platform_group_get(client_group, &s);
2427  msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->client_gid);
2428  ASSERT(ms->client_gid >= 0);
2429  }
2430 
2431  ms->write_peer_info_file = string_alloc(write_peer_info_file, NULL);
2432 
2433 #if UNIX_SOCK_SUPPORT
2434  if (ms->flags & MF_UNIX_SOCK)
2435  {
2436  sockaddr_unix_init(&ms->local_unix, addr);
2437  }
2438  else
2439 #endif
2440  {
2441 
2442  /*
2443  * Run management over tunnel, or
2444  * separate channel?
2445  */
2446  if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2447  {
2448  ms->management_over_tunnel = true;
2449  }
2450  else
2451  {
2452  int status;
2454 
2455  if (!(flags & MF_CONNECT_AS_CLIENT))
2456  {
2457  resolve_flags |= GETADDR_PASSIVE;
2458  }
2459 
2460  status = openvpn_getaddrinfo(resolve_flags, addr, port, 0,
2461  NULL, AF_UNSPEC, &ms->local);
2462  ASSERT(status==0);
2463  }
2464  }
2465 
2466  /*
2467  * Log history and echo buffer may need to be resized
2468  */
2469  ms->log_history_cache = log_history_cache;
2470  ms->echo_buffer_size = echo_buffer_size;
2471  ms->state_buffer_size = state_buffer_size;
2472 
2473  /*
2474  * Set remap sigusr1 flags
2475  */
2476  if (remap_sigusr1 == SIGHUP)
2477  {
2479  }
2480  else if (remap_sigusr1 == SIGTERM)
2481  {
2483  }
2484 
2485  ms->defined = true;
2486  }
2487 }
2488 
2489 static void
2491 {
2492  if (ms->local)
2493  {
2494  freeaddrinfo(ms->local);
2495  }
2497  CLEAR(*ms);
2498 }
2499 
2500 
2501 static void
2502 man_connection_init(struct management *man)
2503 {
2504  if (man->connection.state == MS_INITIAL)
2505  {
2506 #ifdef _WIN32
2507  /*
2508  * This object is a sort of TCP/IP helper
2509  * for Windows.
2510  */
2512 #endif
2513 
2514  /*
2515  * Allocate helper objects for command line input and
2516  * command output from/to the socket.
2517  */
2518  man->connection.in = command_line_new(1024);
2519  man->connection.out = buffer_list_new(0);
2520 
2521  /*
2522  * Initialize event set for standalone usage, when we are
2523  * running outside of the primary event loop.
2524  */
2525  {
2526  int maxevents = 1;
2527  man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2528  }
2529 
2530  man->connection.client_version = 1; /* default version */
2531 
2532  /*
2533  * Listen/connect socket
2534  */
2535  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2536  {
2537  man_connect(man);
2538  }
2539  else
2540  {
2541  man_listen(man);
2542  }
2543  }
2544 }
2545 
2546 static void
2547 man_connection_close(struct management *man)
2548 {
2549  struct man_connection *mc = &man->connection;
2550 
2551  if (mc->es)
2552  {
2553  event_free(mc->es);
2554  }
2555 #ifdef _WIN32
2557 #endif
2558  if (socket_defined(mc->sd_top))
2559  {
2560  man_close_socket(man, mc->sd_top);
2562  }
2563  if (socket_defined(mc->sd_cli))
2564  {
2565  man_close_socket(man, mc->sd_cli);
2566  }
2567  if (mc->in)
2568  {
2569  command_line_free(mc->in);
2570  }
2571  if (mc->out)
2572  {
2573  buffer_list_free(mc->out);
2574  }
2575 #ifdef MANAGEMENT_IN_EXTRA
2577 #endif
2578 #ifdef MANAGMENT_EXTERNAL_KEY
2579  buffer_list_free(mc->ext_key_input);
2580 #endif
2582 }
2583 
2584 struct management *
2586 {
2587  struct management *man;
2588  ALLOC_OBJ_CLEAR(man, struct management);
2589 
2590  man_persist_init(man,
2594 
2596 
2597  return man;
2598 }
2599 
2600 bool
2601 management_open(struct management *man,
2602  const char *addr,
2603  const char *port,
2604  const char *pass_file,
2605  const char *client_user,
2606  const char *client_group,
2607  const int log_history_cache,
2608  const int echo_buffer_size,
2609  const int state_buffer_size,
2610  const char *write_peer_info_file,
2611  const int remap_sigusr1,
2612  const unsigned int flags)
2613 {
2614  bool ret = false;
2615 
2616  /*
2617  * Save the settings only if they have not
2618  * been saved before.
2619  */
2621  addr,
2622  port,
2623  pass_file,
2624  client_user,
2625  client_group,
2626  log_history_cache,
2627  echo_buffer_size,
2628  state_buffer_size,
2629  write_peer_info_file,
2630  remap_sigusr1,
2631  flags);
2632 
2633  /*
2634  * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2635  * but may be changed here. Ditto for echo and state buffers.
2636  */
2640 
2641  /*
2642  * If connection object is uninitialized and we are not doing
2643  * over-the-tunnel management, then open (listening) connection.
2644  */
2645  if (man->connection.state == MS_INITIAL)
2646  {
2647  if (!man->settings.management_over_tunnel)
2648  {
2649  man_connection_init(man);
2650  ret = true;
2651  }
2652  }
2653 
2654  return ret;
2655 }
2656 
2657 void
2658 management_close(struct management *man)
2659 {
2660  man_output_list_push_finalize(man); /* flush output queue */
2661  man_connection_close(man);
2663  man_persist_close(&man->persist);
2664  free(man);
2665 }
2666 
2667 void
2668 management_set_callback(struct management *man,
2669  const struct management_callback *cb)
2670 {
2671  man->persist.standalone_disabled = true;
2672  man->persist.callback = *cb;
2673 }
2674 
2675 void
2676 management_clear_callback(struct management *man)
2677 {
2678  man->persist.standalone_disabled = false;
2679  man->persist.hold_release = false;
2680  CLEAR(man->persist.callback);
2681  man_output_list_push_finalize(man); /* flush output queue */
2682 }
2683 
2684 void
2685 management_set_state(struct management *man,
2686  const int state,
2687  const char *detail,
2688  const in_addr_t *tun_local_ip,
2689  const struct in6_addr *tun_local_ip6,
2690  const struct openvpn_sockaddr *local,
2691  const struct openvpn_sockaddr *remote)
2692 {
2693  if (man->persist.state && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2694  {
2695  struct gc_arena gc = gc_new();
2696  struct log_entry e;
2697  const char *out = NULL;
2698 
2699  update_time();
2700  CLEAR(e);
2701  e.timestamp = now;
2702  e.u.state = state;
2703  e.string = detail;
2704  if (tun_local_ip)
2705  {
2706  e.local_ip = *tun_local_ip;
2707  }
2708  if (tun_local_ip6)
2709  {
2710  e.local_ip6 = *tun_local_ip6;
2711  }
2712  if (local)
2713  {
2714  e.local_sock = *local;
2715  }
2716  if (remote)
2717  {
2718  e.remote_sock = *remote;
2719  }
2720 
2721  log_history_add(man->persist.state, &e);
2722 
2723  if (man->connection.state_realtime)
2724  {
2727  | LOG_PRINT_STATE
2730  | LOG_PRINT_CRLF
2731  | LOG_ECHO_TO_LOG, &gc);
2732  }
2733 
2734  if (out)
2735  {
2736  man_output_list_push(man, out);
2737  }
2738 
2739  gc_free(&gc);
2740  }
2741 }
2742 
2743 static bool
2744 env_filter_match(const char *env_str, const int env_filter_level)
2745 {
2746  static const char *env_names[] = {
2747  "username=",
2748  "password=",
2749  "X509_0_CN=",
2750  "tls_serial_",
2751  "untrusted_ip=",
2752  "ifconfig_local=",
2753  "ifconfig_netmask=",
2754  "daemon_start_time=",
2755  "daemon_pid=",
2756  "dev=",
2757  "ifconfig_pool_remote_ip=",
2758  "ifconfig_pool_netmask=",
2759  "time_duration=",
2760  "bytes_sent=",
2761  "bytes_received="
2762  };
2763 
2764  if (env_filter_level == 0)
2765  {
2766  return true;
2767  }
2768  else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2769  {
2770  return true;
2771  }
2772  else if (env_filter_level <= 2)
2773  {
2774  size_t i;
2775  for (i = 0; i < SIZE(env_names); ++i)
2776  {
2777  const char *en = env_names[i];
2778  const size_t len = strlen(en);
2779  if (!strncmp(env_str, en, len))
2780  {
2781  return true;
2782  }
2783  }
2784  return false;
2785  }
2786  return false;
2787 }
2788 
2789 static void
2790 man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
2791 {
2792  if (es)
2793  {
2794  struct env_item *e;
2795  for (e = es->list; e != NULL; e = e->next)
2796  {
2797  if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2798  {
2799  msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2800  }
2801  }
2802  }
2803  if (tail)
2804  {
2805  msg(M_CLIENT, ">%s:ENV,END", prefix);
2806  }
2807 }
2808 
2809 static void
2810 man_output_extra_env(struct management *man, const char *prefix)
2811 {
2812  struct gc_arena gc = gc_new();
2813  struct env_set *es = env_set_create(&gc);
2814  if (man->persist.callback.n_clients)
2815  {
2816  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2817  setenv_int(es, "n_clients", nclients);
2818  }
2819  man_output_env(es, false, man->connection.env_filter_level, prefix);
2820  gc_free(&gc);
2821 }
2822 
2823 void
2824 management_up_down(struct management *man, const char *updown, const struct env_set *es)
2825 {
2826  if (man->settings.flags & MF_UP_DOWN)
2827  {
2828  msg(M_CLIENT, ">UPDOWN:%s", updown);
2829  man_output_env(es, true, 0, "UPDOWN");
2830  }
2831 }
2832 
2833 void
2834 management_notify(struct management *man, const char *severity, const char *type, const char *text)
2835 {
2836  msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2837 }
2838 
2839 void
2840 management_notify_generic(struct management *man, const char *str)
2841 {
2842  msg(M_CLIENT, "%s", str);
2843 }
2844 
2845 #ifdef MANAGEMENT_DEF_AUTH
2846 
2847 static void
2848 man_output_peer_info_env(struct management *man, struct man_def_auth_context *mdac)
2849 {
2850  char line[256];
2851  if (man->persist.callback.get_peer_info)
2852  {
2853  const char *peer_info = (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2854  if (peer_info)
2855  {
2856  struct buffer buf;
2857  buf_set_read(&buf, (const uint8_t *) peer_info, strlen(peer_info));
2858  while (buf_parse(&buf, '\n', line, sizeof(line)))
2859  {
2860  chomp(line);
2861  if (validate_peer_info_line(line))
2862  {
2863  msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2864  }
2865  else
2866  {
2867  msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2868  }
2869  }
2870  }
2871  }
2872 }
2873 
2874 void
2875 management_notify_client_needing_auth(struct management *management,
2876  const unsigned int mda_key_id,
2877  struct man_def_auth_context *mdac,
2878  const struct env_set *es)
2879 {
2880  if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2881  {
2882  const char *mode = "CONNECT";
2883  if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2884  {
2885  mode = "REAUTH";
2886  }
2887  msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2888  man_output_extra_env(management, "CLIENT");
2889  if (management->connection.env_filter_level>0)
2890  {
2891  man_output_peer_info_env(management, mdac);
2892  }
2893  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2894  mdac->flags |= DAF_INITIAL_AUTH;
2895  }
2896 }
2897 
2898 void
2899 management_connection_established(struct management *management,
2900  struct man_def_auth_context *mdac,
2901  const struct env_set *es)
2902 {
2903  mdac->flags |= DAF_CONNECTION_ESTABLISHED;
2904  msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
2905  man_output_extra_env(management, "CLIENT");
2906  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2907 }
2908 
2909 void
2910 management_notify_client_close(struct management *management,
2911  struct man_def_auth_context *mdac,
2912  const struct env_set *es)
2913 {
2914  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
2915  {
2916  msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
2917  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2918  mdac->flags |= DAF_CONNECTION_CLOSED;
2919  }
2920 }
2921 
2922 void
2923 management_learn_addr(struct management *management,
2924  struct man_def_auth_context *mdac,
2925  const struct mroute_addr *addr,
2926  const bool primary)
2927 {
2928  struct gc_arena gc = gc_new();
2929  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
2930  {
2931  msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d",
2932  mdac->cid,
2933  mroute_addr_print_ex(addr, MAPF_SUBNET, &gc),
2934  BOOL_CAST(primary));
2935  }
2936  gc_free(&gc);
2937 }
2938 
2939 #endif /* MANAGEMENT_DEF_AUTH */
2940 
2941 void
2942 management_echo(struct management *man, const char *string, const bool pull)
2943 {
2944  if (man->persist.echo)
2945  {
2946  struct gc_arena gc = gc_new();
2947  struct log_entry e;
2948  const char *out = NULL;
2949 
2950  update_time();
2951  CLEAR(e);
2952  e.timestamp = now;
2953  e.string = string;
2954  e.u.intval = BOOL_CAST(pull);
2955 
2956  log_history_add(man->persist.echo, &e);
2957 
2958  if (man->connection.echo_realtime)
2959  {
2961  }
2962 
2963  if (out)
2964  {
2965  man_output_list_push(man, out);
2966  }
2967 
2968  gc_free(&gc);
2969  }
2970 }
2971 
2972 void
2973 management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
2974 {
2975  /*
2976  * If we are running management over the tunnel,
2977  * this is the place to initialize the connection.
2978  */
2980  && man->connection.state == MS_INITIAL)
2981  {
2982  /* listen on our local TUN/TAP IP address */
2983  struct in_addr ia;
2984  int ret;
2985 
2986  ia.s_addr = htonl(tun_local_ip);
2987  ret = openvpn_getaddrinfo(GETADDR_PASSIVE, inet_ntoa(ia), NULL, 0, NULL,
2988  AF_INET, &man->settings.local);
2989  ASSERT(ret==0);
2990  man_connection_init(man);
2991  }
2992 
2993 }
2994 
2995 void
2996 management_pre_tunnel_close(struct management *man)
2997 {
2999  {
3000  man_connection_close(man);
3001  }
3002 }
3003 
3004 void
3005 management_auth_failure(struct management *man, const char *type, const char *reason)
3006 {
3007  if (reason)
3008  {
3009  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3010  }
3011  else
3012  {
3013  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3014  }
3015 }
3016 
3017 void
3018 management_auth_token(struct management *man, const char *token)
3019 {
3020  msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3021 }
3022 
3023 static inline bool
3024 man_persist_state(unsigned int *persistent, const int n)
3025 {
3026  if (persistent)
3027  {
3028  if (*persistent == (unsigned int)n)
3029  {
3030  return false;
3031  }
3032  *persistent = n;
3033  }
3034  return true;
3035 }
3036 
3037 #ifdef _WIN32
3038 
3039 void
3040 management_socket_set(struct management *man,
3041  struct event_set *es,
3042  void *arg,
3043  unsigned int *persistent)
3044 {
3045  if (man->connection.state != MS_INITIAL)
3046  {
3049 
3050  switch (man->connection.state)
3051  {
3052  case MS_LISTEN:
3053  if (man_persist_state(persistent, 1))
3054  {
3055  event_ctl(es, ev, EVENT_READ, arg);
3056  }
3057  break;
3058 
3059  case MS_CC_WAIT_READ:
3060  if (man_persist_state(persistent, 2))
3061  {
3062  event_ctl(es, ev, EVENT_READ, arg);
3063  }
3064  break;
3065 
3066  case MS_CC_WAIT_WRITE:
3067  if (man_persist_state(persistent, 3))
3068  {
3069  event_ctl(es, ev, EVENT_READ|EVENT_WRITE, arg);
3070  }
3071  break;
3072 
3073  default:
3074  ASSERT(0);
3075  }
3076  }
3077 }
3078 
3079 void
3080 management_io(struct management *man)
3081 {
3082  if (man->connection.state != MS_INITIAL)
3083  {
3084  long net_events;
3086  net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3087 
3088  if (net_events & FD_CLOSE)
3089  {
3090  man_reset_client_socket(man, false);
3091  }
3092  else
3093  {
3094  if (man->connection.state == MS_LISTEN)
3095  {
3096  if (net_events & FD_ACCEPT)
3097  {
3098  man_accept(man);
3100  }
3101  }
3102  else if (man->connection.state == MS_CC_WAIT_READ || man->connection.state == MS_CC_WAIT_WRITE)
3103  {
3104  if (net_events & FD_READ)
3105  {
3106  while (man_read(man) > 0)
3107  {
3108  }
3110  }
3111 
3112  if (net_events & FD_WRITE)
3113  {
3114  int status;
3115  status = man_write(man);
3116  if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3117  {
3119  }
3120  }
3121  }
3122  }
3123  }
3124 }
3125 
3126 #else /* ifdef _WIN32 */
3127 
3128 void
3129 management_socket_set(struct management *man,
3130  struct event_set *es,
3131  void *arg,
3132  unsigned int *persistent)
3133 {
3134  switch (man->connection.state)
3135  {
3136  case MS_LISTEN:
3137  if (man_persist_state(persistent, 1))
3138  {
3139  event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3140  }
3141  break;
3142 
3143  case MS_CC_WAIT_READ:
3144  if (man_persist_state(persistent, 2))
3145  {
3146  event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3147  }
3148  break;
3149 
3150  case MS_CC_WAIT_WRITE:
3151  if (man_persist_state(persistent, 3))
3152  {
3153  event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3154  }
3155  break;
3156 
3157  case MS_INITIAL:
3158  break;
3159 
3160  default:
3161  ASSERT(0);
3162  }
3163 }
3164 
3165 void
3166 management_io(struct management *man)
3167 {
3168  switch (man->connection.state)
3169  {
3170  case MS_LISTEN:
3171  man_accept(man);
3172  break;
3173 
3174  case MS_CC_WAIT_READ:
3175  man_read(man);
3176  break;
3177 
3178  case MS_CC_WAIT_WRITE:
3179  man_write(man);
3180  break;
3181 
3182  case MS_INITIAL:
3183  break;
3184 
3185  default:
3186  ASSERT(0);
3187  }
3188 }
3189 
3190 #endif /* ifdef _WIN32 */
3191 
3192 static inline bool
3193 man_standalone_ok(const struct management *man)
3194 {
3195  return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3196 }
3197 
3198 static bool
3199 man_check_for_signals(volatile int *signal_received)
3200 {
3201  if (signal_received)
3202  {
3203  get_signal(signal_received);
3204  if (*signal_received)
3205  {
3206  return true;
3207  }
3208  }
3209  return false;
3210 }
3211 
3212 /*
3213  * Wait for socket I/O when outside primary event loop
3214  */
3215 static int
3216 man_block(struct management *man, volatile int *signal_received, const time_t expire)
3217 {
3218  struct timeval tv;
3219  struct event_set_return esr;
3220  int status = -1;
3221 
3222  if (man_standalone_ok(man))
3223  {
3224  while (true)
3225  {
3226  event_reset(man->connection.es);
3227  management_socket_set(man, man->connection.es, NULL, NULL);
3228  tv.tv_usec = 0;
3229  tv.tv_sec = 1;
3230  if (man_check_for_signals(signal_received))
3231  {
3232  status = -1;
3233  break;
3234  }
3235  status = event_wait(man->connection.es, &tv, &esr, 1);
3236  update_time();
3237  if (man_check_for_signals(signal_received))
3238  {
3239  status = -1;
3240  break;
3241  }
3242 
3243  if (status > 0)
3244  {
3245  break;
3246  }
3247  else if (expire && now >= expire)
3248  {
3249  /* set SIGINT signal if expiration time exceeded */
3250  status = 0;
3251  if (signal_received)
3252  {
3253  *signal_received = SIGINT;
3254  }
3255  break;
3256  }
3257  }
3258  }
3259  return status;
3260 }
3261 
3262 /*
3263  * Perform management socket output outside primary event loop
3264  */
3265 static void
3266 man_output_standalone(struct management *man, volatile int *signal_received)
3267 {
3268  if (man_standalone_ok(man))
3269  {
3270  while (man->connection.state == MS_CC_WAIT_WRITE)
3271  {
3272  management_io(man);
3273  if (man->connection.state == MS_CC_WAIT_WRITE)
3274  {
3275  man_block(man, signal_received, 0);
3276  }
3277  if (signal_received && *signal_received)
3278  {
3279  break;
3280  }
3281  }
3282  }
3283 }
3284 
3285 /*
3286  * Process management event loop outside primary event loop
3287  */
3288 static int
3289 man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
3290 {
3291  int status = -1;
3292  if (man_standalone_ok(man))
3293  {
3294  status = man_block(man, signal_received, expire);
3295  if (status > 0)
3296  {
3297  management_io(man);
3298  }
3299  }
3300  return status;
3301 }
3302 
3303 #define MWCC_PASSWORD_WAIT (1<<0)
3304 #define MWCC_HOLD_WAIT (1<<1)
3305 #define MWCC_OTHER_WAIT (1<<2)
3306 
3307 /*
3308  * Block until client connects
3309  */
3310 static void
3311 man_wait_for_client_connection(struct management *man,
3312  volatile int *signal_received,
3313  const time_t expire,
3314  unsigned int flags)
3315 {
3316  ASSERT(man_standalone_ok(man));
3317  if (man->connection.state == MS_LISTEN)
3318  {
3319  if (flags & MWCC_PASSWORD_WAIT)
3320  {
3321  msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3322  }
3323  if (flags & MWCC_HOLD_WAIT)
3324  {
3325  msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3326  }
3327  if (flags & MWCC_OTHER_WAIT)
3328  {
3329  msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3330  }
3331  do
3332  {
3333  man_standalone_event_loop(man, signal_received, expire);
3334  if (signal_received && *signal_received)
3335  {
3336  break;
3337  }
3338  } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3339  }
3340 }
3341 
3342 /*
3343  * Process the management event loop for sec seconds
3344  */
3345 void
3346 management_event_loop_n_seconds(struct management *man, int sec)
3347 {
3348  if (man_standalone_ok(man))
3349  {
3350  volatile int signal_received = 0;
3351  const bool standalone_disabled_save = man->persist.standalone_disabled;
3352  time_t expire = 0;
3353 
3354  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3355 
3356  /* set expire time */
3357  update_time();
3358  if (sec)
3359  {
3360  expire = now + sec;
3361  }
3362 
3363  /* if no client connection, wait for one */
3364  man_wait_for_client_connection(man, &signal_received, expire, 0);
3365  if (signal_received)
3366  {
3367  return;
3368  }
3369 
3370  /* run command processing event loop */
3371  do
3372  {
3373  man_standalone_event_loop(man, &signal_received, expire);
3374  if (!signal_received)
3375  {
3376  man_check_for_signals(&signal_received);
3377  }
3378  if (signal_received)
3379  {
3380  return;
3381  }
3382  update_time();
3383  } while (expire && expire > now);
3384 
3385  /* revert state */
3386  man->persist.standalone_disabled = standalone_disabled_save;
3387  }
3388  else
3389  {
3390  sleep(sec);
3391  }
3392 }
3393 
3394 /*
3395  * Get a username/password from management channel in standalone mode.
3396  */
3397 bool
3398 management_query_user_pass(struct management *man,
3399  struct user_pass *up,
3400  const char *type,
3401  const unsigned int flags,
3402  const char *static_challenge)
3403 {
3404  struct gc_arena gc = gc_new();
3405  bool ret = false;
3406 
3407  if (man_standalone_ok(man))
3408  {
3409  volatile int signal_received = 0;
3410  const bool standalone_disabled_save = man->persist.standalone_disabled;
3411  struct buffer alert_msg = alloc_buf_gc(128, &gc);
3412  const char *alert_type = NULL;
3413  const char *prefix = NULL;
3414  unsigned int up_query_mode = 0;
3415 #ifdef ENABLE_CLIENT_CR
3416  const char *sc = NULL;
3417 #endif
3418  ret = true;
3419  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3420  man->persist.special_state_msg = NULL;
3421 
3422  CLEAR(man->connection.up_query);
3423 
3424  if (flags & GET_USER_PASS_NEED_OK)
3425  {
3426  up_query_mode = UP_QUERY_NEED_OK;
3427  prefix = "NEED-OK";
3428  alert_type = "confirmation";
3429  }
3430  else if (flags & GET_USER_PASS_NEED_STR)
3431  {
3432  up_query_mode = UP_QUERY_NEED_STR;
3433  prefix = "NEED-STR";
3434  alert_type = "string";
3435  }
3436  else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3437  {
3438  up_query_mode = UP_QUERY_PASS;
3439  prefix = "PASSWORD";
3440  alert_type = "password";
3441  }
3442  else
3443  {
3444  up_query_mode = UP_QUERY_USER_PASS;
3445  prefix = "PASSWORD";
3446  alert_type = "username/password";
3447 #ifdef ENABLE_CLIENT_CR
3448  if (static_challenge)
3449  {
3450  sc = static_challenge;
3451  }
3452 #endif
3453  }
3454  buf_printf(&alert_msg, ">%s:Need '%s' %s",
3455  prefix,
3456  type,
3457  alert_type);
3458 
3459  if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3460  {
3461  buf_printf(&alert_msg, " MSG:%s", up->username);
3462  }
3463 
3464 #ifdef ENABLE_CLIENT_CR
3465  if (sc)
3466  {
3467  buf_printf(&alert_msg, " SC:%d,%s",
3469  sc);
3470  }
3471 #endif
3472 
3473  man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3474  if (signal_received)
3475  {
3476  ret = false;
3477  }
3478 
3479  if (ret)
3480  {
3481  man->persist.special_state_msg = BSTR(&alert_msg);
3482  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3483 
3484  /* tell command line parser which info we need */
3485  man->connection.up_query_mode = up_query_mode;
3486  man->connection.up_query_type = type;
3487 
3488  /* run command processing event loop until we get our username/password/response */
3489  do
3490  {
3491  man_standalone_event_loop(man, &signal_received, 0);
3492  if (!signal_received)
3493  {
3494  man_check_for_signals(&signal_received);
3495  }
3496  if (signal_received)
3497  {
3498  ret = false;
3499  break;
3500  }
3501  } while (!man->connection.up_query.defined);
3502  }
3503 
3504  /* revert state */
3506  man->connection.up_query_type = NULL;
3507  man->persist.standalone_disabled = standalone_disabled_save;
3508  man->persist.special_state_msg = NULL;
3509 
3510  /* pass through blank passwords */
3511  if (!strcmp(man->connection.up_query.password, blank_up))
3512  {
3514  }
3515 
3516  /*
3517  * Transfer u/p to return object, zero any record
3518  * we hold in the management object.
3519  */
3520  if (ret)
3521  {
3522  /* preserve caller's settings */
3523  man->connection.up_query.nocache = up->nocache;
3525  *up = man->connection.up_query;
3526  }
3527  secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3528  }
3529 
3530  gc_free(&gc);
3531  return ret;
3532 }
3533 
3534 #ifdef MANAGMENT_EXTERNAL_KEY
3535 
3536 static int
3537 management_query_multiline(struct management *man,
3538  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3539 {
3540  struct gc_arena gc = gc_new();
3541  int ret = 0;
3542  volatile int signal_received = 0;
3543  struct buffer alert_msg = clear_buf();
3544  const bool standalone_disabled_save = man->persist.standalone_disabled;
3545  struct man_connection *mc = &man->connection;
3546 
3547  if (man_standalone_ok(man))
3548  {
3549  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3550  man->persist.special_state_msg = NULL;
3551 
3552  *state = EKS_SOLICIT;
3553 
3554  if (b64_data)
3555  {
3556  alert_msg = alloc_buf_gc(strlen(b64_data)+strlen(prompt)+3, &gc);
3557  buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3558  }
3559  else
3560  {
3561  alert_msg = alloc_buf_gc(strlen(prompt)+3, &gc);
3562  buf_printf(&alert_msg, ">%s", prompt);
3563  }
3564 
3565  man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3566 
3567  if (signal_received)
3568  {
3569  goto done;
3570  }
3571 
3572  man->persist.special_state_msg = BSTR(&alert_msg);
3573  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3574 
3575  /* run command processing event loop until we get our signature */
3576  do
3577  {
3578  man_standalone_event_loop(man, &signal_received, 0);
3579  if (!signal_received)
3580  {
3581  man_check_for_signals(&signal_received);
3582  }
3583  if (signal_received)
3584  {
3585  goto done;
3586  }
3587  } while (*state != EKS_READY);
3588 
3589  ret = 1;
3590  }
3591 
3592 done:
3593  if (*state == EKS_READY && ret)
3594  {
3595  msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3596  }
3597  else if (*state == EKS_INPUT || *state == EKS_READY)
3598  {
3599  msg(M_CLIENT, "ERROR: %s command failed", cmd);
3600  }
3601 
3602  /* revert state */
3603  man->persist.standalone_disabled = standalone_disabled_save;
3604  man->persist.special_state_msg = NULL;
3606  *state = EKS_UNDEF;
3607 
3608  gc_free(&gc);
3609  return ret;
3610 }
3611 
3612 static char *
3613 /* returns allocated base64 signature */
3615  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3616 {
3617  int ok;
3618  char *result = NULL;
3619  struct buffer *buf;
3620 
3621  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3622  if (ok && buffer_list_defined(*input))
3623  {
3624  buffer_list_aggregate_separator(*input, 10000, "\n");
3625  buf = buffer_list_peek(*input);
3626  if (buf && BLEN(buf) > 0)
3627  {
3628  result = (char *) malloc(BLEN(buf)+1);
3629  check_malloc_return(result);
3630  memcpy(result, buf->data, BLEN(buf));
3631  result[BLEN(buf)] = '\0';
3632  }
3633  }
3634 
3635  buffer_list_free(*input);
3636  *input = NULL;
3637 
3638  return result;
3639 }
3640 
3641 static char *
3642 /* returns allocated base64 signature */
3643 management_query_multiline_flatten(struct management *man,
3644  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3645 {
3646  int ok;
3647  char *result = NULL;
3648  struct buffer *buf;
3649 
3650  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3651  if (ok && buffer_list_defined(*input))
3652  {
3653  buffer_list_aggregate(*input, 2048);
3654  buf = buffer_list_peek(*input);
3655  if (buf && BLEN(buf) > 0)
3656  {
3657  result = (char *) malloc(BLEN(buf)+1);
3658  check_malloc_return(result);
3659  memcpy(result, buf->data, BLEN(buf));
3660  result[BLEN(buf)] = '\0';
3661  }
3662  }
3663 
3664  buffer_list_free(*input);
3665  *input = NULL;
3666 
3667  return result;
3668 }
3669 
3670 char *
3671 /* returns allocated base64 signature */
3672 management_query_pk_sig(struct management *man,
3673  const char *b64_data)
3674 {
3675  const char *prompt = "PK_SIGN";
3676  const char *desc = "pk-sign";
3677  if (man->connection.client_version <= 1)
3678  {
3679  prompt = "RSA_SIGN";
3680  desc = "rsa-sign";
3681  }
3682  return management_query_multiline_flatten(man, b64_data, prompt, desc,
3683  &man->connection.ext_key_state, &man->connection.ext_key_input);
3684 }
3685 
3686 char *
3687 management_query_cert(struct management *man, const char *cert_name)
3688 {
3689  const char prompt_1[] = "NEED-CERTIFICATE:";
3690  struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3691  buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3692  buf_write(&buf_prompt, cert_name, strlen(cert_name)+1); /* +1 for \0 */
3693 
3694  char *result;
3695  result = management_query_multiline_flatten_newline(management,
3696  NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3697  &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3698  free_buf(&buf_prompt);
3699  return result;
3700 }
3701 
3702 #endif /* ifdef MANAGMENT_EXTERNAL_KEY */
3703 
3704 /*
3705  * Return true if management_hold() would block
3706  */
3707 bool
3708 management_would_hold(struct management *man)
3709 {
3710  return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3711 }
3712 
3713 /*
3714  * Return true if (from the management interface's perspective) OpenVPN should
3715  * daemonize.
3716  */
3717 bool
3718 management_should_daemonize(struct management *man)
3719 {
3720  return management_would_hold(man) || (man->settings.flags & MF_QUERY_PASSWORDS);
3721 }
3722 
3723 /*
3724  * If the hold flag is enabled, hibernate until a management client releases the hold.
3725  * Return true if the caller should not sleep for an additional time interval.
3726  */
3727 bool
3728 management_hold(struct management *man, int holdtime)
3729 {
3730  if (management_would_hold(man))
3731  {
3732  volatile int signal_received = 0;
3733  const bool standalone_disabled_save = man->persist.standalone_disabled;
3734  struct gc_arena gc = gc_new();
3735 
3736  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3737  man->persist.special_state_msg = NULL;
3739 
3740  man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3741 
3742  if (!signal_received)
3743  {
3744  struct buffer out = alloc_buf_gc(128, &gc);
3745  buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3746  man->persist.special_state_msg = BSTR(&out);
3747  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3748 
3749  /* run command processing event loop until we get our username/password */
3750  do
3751  {
3752  man_standalone_event_loop(man, &signal_received, 0);
3753  if (!signal_received)
3754  {
3755  man_check_for_signals(&signal_received);
3756  }
3757  if (signal_received)
3758  {
3759  break;
3760  }
3761  } while (!man->persist.hold_release);
3762  }
3763 
3764  /* revert state */
3765  man->persist.standalone_disabled = standalone_disabled_save;
3766  man->persist.special_state_msg = NULL;
3768 
3769  gc_free(&gc);
3770  return true;
3771  }
3772  return false;
3773 }
3774 
3775 /*
3776  * struct command_line
3777  */
3778 
3779 struct command_line *
3781 {
3782  struct command_line *cl;
3783  ALLOC_OBJ_CLEAR(cl, struct command_line);
3784  cl->buf = alloc_buf(buf_len);
3785  cl->residual = alloc_buf(buf_len);
3786  return cl;
3787 }
3788 
3789 void
3791 {
3792  buf_clear(&cl->buf);
3793  buf_clear(&cl->residual);
3794 }
3795 
3796 void
3798 {
3799  command_line_reset(cl);
3800  free_buf(&cl->buf);
3801  free_buf(&cl->residual);
3802  free(cl);
3803 }
3804 
3805 void
3806 command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
3807 {
3808  int i;
3809  for (i = 0; i < len; ++i)
3810  {
3811  if (buf[i] && char_class(buf[i], (CC_PRINT|CC_NEWLINE)))
3812  {
3813  if (!buf_write_u8(&cl->buf, buf[i]))
3814  {
3815  buf_clear(&cl->buf);
3816  }
3817  }
3818  }
3819 }
3820 
3821 const char *
3823 {
3824  int i;
3825  const char *ret = NULL;
3826 
3827  i = buf_substring_len(&cl->buf, '\n');
3828  if (i >= 0)
3829  {
3830  buf_copy_excess(&cl->residual, &cl->buf, i);
3831  buf_chomp(&cl->buf);
3832  ret = BSTR(&cl->buf);
3833  }
3834  return ret;
3835 }
3836 
3837 void
3839 {
3840  buf_clear(&cl->buf);
3841  buf_copy(&cl->buf, &cl->residual);
3842  buf_clear(&cl->residual);
3843 }
3844 
3845 /*
3846  * struct log_entry
3847  */
3848 
3849 const char *
3850 log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3851 {
3852  struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3853  if (flags & LOG_FATAL_NOTIFY)
3854  {
3855  buf_printf(&out, ">FATAL:");
3856  }
3857  if (flags & LOG_PRINT_LOG_PREFIX)
3858  {
3859  buf_printf(&out, ">LOG:");
3860  }
3861  if (flags & LOG_PRINT_ECHO_PREFIX)
3862  {
3863  buf_printf(&out, ">ECHO:");
3864  }
3865  if (flags & LOG_PRINT_STATE_PREFIX)
3866  {
3867  buf_printf(&out, ">STATE:");
3868  }
3869  if (flags & LOG_PRINT_INT_DATE)
3870  {
3871  buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3872  }
3873  if (flags & LOG_PRINT_MSG_FLAGS)
3874  {
3875  buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3876  }
3877  if (flags & LOG_PRINT_STATE)
3878  {
3879  buf_printf(&out, "%s,", man_state_name(e->u.state));
3880  }
3881  if (flags & LOG_PRINT_INTVAL)
3882  {
3883  buf_printf(&out, "%d,", e->u.intval);
3884  }
3885  if (e->string)
3886  {
3887  buf_printf(&out, "%s", e->string);
3888  }
3889  if (flags & LOG_PRINT_LOCAL_IP)
3890  {
3891  buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
3892  }
3893  if (flags & LOG_PRINT_REMOTE_IP)
3894  {
3895  buf_printf(&out, ",%s", (!addr_defined(&e->remote_sock) ? "," :
3897  buf_printf(&out, ",%s", (!addr_defined(&e->local_sock) ? "," :
3899  }
3900  if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
3901  {
3902  buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
3903  }
3904  if (flags & LOG_ECHO_TO_LOG)
3905  {
3906  msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
3907  }
3908  if (flags & LOG_PRINT_CRLF)
3909  {
3910  buf_printf(&out, "\r\n");
3911  }
3912  return BSTR(&out);
3913 }
3914 
3915 static void
3917 {
3918  if (e->string)
3919  {
3920  free((char *)e->string);
3921  }
3922  CLEAR(*e);
3923 }
3924 
3925 /*
3926  * struct log_history
3927  */
3928 
3929 static inline int
3930 log_index(const struct log_history *h, int i)
3931 {
3932  return modulo_add(h->base, i, h->capacity);
3933 }
3934 
3935 static void
3937 {
3938  CLEAR(*h);
3939  h->capacity = capacity;
3940  ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
3941 }
3942 
3943 struct log_history *
3945 {
3946  struct log_history *h;
3947  ASSERT(capacity > 0);
3948  ALLOC_OBJ(h, struct log_history);
3949  log_history_obj_init(h, capacity);
3950  return h;
3951 }
3952 
3953 static void
3955 {
3956  int i;
3957  for (i = 0; i < h->size; ++i)
3958  {
3960  }
3961  free(h->array);
3962 }
3963 
3964 void
3966 {
3968  free(h);
3969 }
3970 
3971 void
3972 log_history_add(struct log_history *h, const struct log_entry *le)
3973 {
3974  struct log_entry *e;
3975  ASSERT(h->size >= 0 && h->size <= h->capacity);
3976  if (h->size == h->capacity)
3977  {
3978  e = &h->array[h->base];
3980  h->base = log_index(h, 1);
3981  }
3982  else
3983  {
3984  e = &h->array[log_index(h, h->size)];
3985  ++h->size;
3986  }
3987 
3988  *e = *le;
3989  e->string = string_alloc(le->string, NULL);
3990 }
3991 
3992 void
3993 log_history_resize(struct log_history *h, const int capacity)
3994 {
3995  if (capacity != h->capacity)
3996  {
3997  struct log_history newlog;
3998  int i;
3999 
4000  ASSERT(capacity > 0);
4001  log_history_obj_init(&newlog, capacity);
4002 
4003  for (i = 0; i < h->size; ++i)
4004  {
4005  log_history_add(&newlog, &h->array[log_index(h, i)]);
4006  }
4007 
4009  *h = newlog;
4010  }
4011 }
4012 
4013 const struct log_entry *
4014 log_history_ref(const struct log_history *h, const int index)
4015 {
4016  if (index >= 0 && index < h->size)
4017  {
4018  return &h->array[log_index(h, (h->size - 1) - index)];
4019  }
4020  else
4021  {
4022  return NULL;
4023  }
4024 }
4025 
4026 void
4027 management_sleep(const int n)
4028 {
4029  if (management)
4030  {
4031  management_event_loop_n_seconds(management, n);
4032  }
4033  else
4034  {
4035  sleep(n);
4036  }
4037 }
4038 
4039 #else /* ifdef ENABLE_MANAGEMENT */
4040 
4041 void
4042 management_sleep(const int n)
4043 {
4044  sleep(n);
4045 }
4046 
4047 #endif /* ENABLE_MANAGEMENT */
char * management_query_cert(struct management *man, const char *cert_name)
Definition: manage.c:3687
unsigned int platform_getpid(void)
Definition: platform.c:177
static bool buf_write_u8(struct buffer *dest, int data)
Definition: buffer.h:696
#define UP_QUERY_DISABLED
Definition: manage.h:248
static const char * man_state_name(const int state)
Definition: manage.c:133
void management_close(struct management *man)
Definition: manage.c:2658
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:504
void command_line_reset(struct command_line *cl)
Definition: manage.c:3790
union log_entry_union u
Definition: manage.h:97
static void man_status(struct management *man, const int version, struct status_output *so)
Definition: manage.c:447
void(* delete_event)(void *arg, event_t event)
Definition: manage.h:165
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition: manage.h:38
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
struct env_set * env_set_create(struct gc_arena *gc)
Definition: env_set.c:158
#define MSG_NOSIGNAL
Definition: socket.h:256
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition: platform.c:107
const char * string
Definition: manage.h:92
int client_uid
Definition: manage.h:237
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition: manage.c:696
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:320
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
#define ALLOC_OBJ(dptr, type)
Definition: buffer.h:1021
bool buffer_list_defined(const struct buffer_list *ol)
Definition: buffer.c:1196
static void man_echo(struct management *man, const char *parm)
Definition: manage.c:643
unsigned int flags_default
Definition: status.h:34
static void man_forget_passwords(struct management *man)
Definition: manage.c:765
void free_buf(struct buffer *buf)
Definition: buffer.c:183
static void man_output_extra_env(struct management *man, const char *prefix)
Definition: manage.c:2810
#define D_MANAGEMENT_DEBUG
Definition: errlevel.h:134
static int buf_len(const struct buffer *buf)
Definition: buffer.h:240
bool management_over_tunnel
Definition: manage.h:231
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:663
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition: manage.c:3850
int password_tries
Definition: manage.h:273
struct log_history * state
Definition: manage.h:214
#define UP_QUERY_USER_PASS
Definition: manage.h:249
#define USER_PASS_LEN
Definition: misc.h:76
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition: manage.c:3311
bool validate_peer_info_line(char *line)
Definition: misc.c:745
#define streq(x, y)
Definition: options.h:616
static void in_extra_dispatch(struct management *man)
Definition: manage.c:881
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:401
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Definition: socket.c:85
int state
Definition: manage.h:85
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2872
#define M_INFO
Definition: errlevel.h:55
static int log_history_size(const struct log_history *h)
Definition: manage.h:139
#define SIZE(x)
Definition: basic.h:30
static void man_process_command(struct management *man, const char *line)
Definition: manage.c:1966
static bool man_password_needed(struct management *man)
Definition: manage.c:190
struct openvpn_sockaddr remote_sock
Definition: manage.h:96
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition: win32.h:125
struct man_persist persist
Definition: manage.h:324
static void man_output_list_push(struct management *man, const char *str)
Definition: manage.c:260
unsigned int msg_flags
Definition: manage.h:84
static bool man_persist_state(unsigned int *persistent, const int n)
Definition: manage.c:3024
void throw_signal_soft(const int signum, const char *signal_text)
Definition: sig.c:111
struct user_pass up_query
Definition: manage.h:313
bool char_class(const unsigned char c, const unsigned int flags)
Definition: buffer.c:892
static void gc_free(struct gc_arena *a)
Definition: buffer.h:999
const char * msg_flags_string(const unsigned int flags, struct gc_arena *gc)
Definition: error.c:787
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition: platform.c:68
const char * up_query_type
Definition: manage.h:311
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:3005
union openvpn_sockaddr::@8 addr
#define EVENT_METHOD_FAST
Definition: event.h:42
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition: manage.c:2834
#define CC_PRINT
Definition: buffer.h:891
#define UP_QUERY_PASS
Definition: manage.h:250
struct man_connection connection
Definition: manage.h:326
struct buffer_list * buffer_list_new(const int max_size)
Definition: buffer.c:1176
#define ASSERT(x)
Definition: error.h:221
static void man_proxy(struct management *man, const char **p)
Definition: manage.c:1181
struct management_callback callback
Definition: manage.h:211
#define SIGUSR1
Definition: config-msvc.h:115
static void man_record_peer_info(struct management *man)
Definition: manage.c:1623
int size
Definition: manage.h:123
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition: manage.c:4014
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
void buffer_list_free(struct buffer_list *ol)
Definition: buffer.c:1186
struct command_line * command_line_new(const int buf_len)
Definition: manage.c:3780
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Definition: buffer.c:1322
#define MF_UNIX_SOCK
Definition: manage.h:348
static void man_log(struct management *man, const char *parm)
Definition: manage.c:632
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const char *write_peer_info_file, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2382
#define M_FATAL
Definition: error.h:94
static void man_bytecount(struct management *man, const int update_seconds)
Definition: manage.c:460
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:243
static void man_listen(struct management *man)
Definition: manage.c:1787
#define CLEAR(x)
Definition: basic.h:33
static int modulo_add(int x, int y, int mod)
Definition: integer.h:106
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition: mroute.c:431
void man_bytecount_output_client(struct management *man)
Definition: manage.c:474
bool defined
Definition: misc.h:67
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:505
static void man_help(void)
Definition: manage.c:71
#define in_addr_t
Definition: config-msvc.h:103
struct buffer buf
Definition: manage.h:63
#define MAX_PARMS
Definition: options.h:51
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4249
struct addrinfo * local
Definition: manage.h:227
void command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
Definition: manage.c:3806
#define UP_QUERY_NEED_OK
Definition: manage.h:251
void command_line_free(struct command_line *cl)
Definition: manage.c:3797
#define SIGTERM
Definition: config-msvc.h:117
counter_type bytes_in
Definition: manage.h:220
static void get_signal(volatile int *sig)
Definition: sig.h:92
#define SIGHUP
Definition: config-msvc.h:113
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition: event.h:125
static void man_net(struct management *man)
Definition: manage.c:772
int echo_buffer_size
Definition: manage.h:234
bool management_hold(struct management *man, int holdtime)
Definition: manage.c:3728
struct in6_addr local_ip6
Definition: manage.h:94
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition: manage.c:309
void management_echo(struct management *man, const char *string, const bool pull)
Definition: manage.c:2942
#define OPENVPN_STATE_AUTH
Definition: manage.h:502
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3614
#define openvpn_errno()
Definition: error.h:74
void(* status)(void *arg, const int version, struct status_output *so)
Definition: manage.h:161
in_addr_t local_ip
Definition: manage.h:93
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition: manage.c:2790
char username[USER_PASS_LEN]
Definition: misc.h:78
counter_type link_read_bytes_global
Definition: forward.c:50
#define LOG_PRINT_CRLF
Definition: manage.h:109
char * management_query_pk_sig(struct management *man, const char *b64_data)
Definition: manage.c:3672
#define PS_SHOW_PORT
Definition: socket.h:346
const char * command_line_get(struct command_line *cl)
Definition: manage.c:3822
static const char blank_up[]
Definition: manage.c:61
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition: manage.c:3398
#define MF_SERVER
Definition: manage.h:336
static void man_hold(struct management *man, const char *cmd)
Definition: manage.c:820
int capacity
Size in bytes of memory allocated by malloc().
Definition: buffer.h:62
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition: event.c:1180
static void man_certificate(struct management *man)
Definition: manage.c:1124
#define LOG_PRINT_LOG_PREFIX
Definition: manage.h:100
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition: status.c:63
#define LOG_PRINT_LOCAL_IP
Definition: manage.h:107
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:672
#define openvpn_close_socket(s)
Definition: socket.h:261
bool status_close(struct status_output *so)
Definition: status.c:203
time_t bytecount_last_update
Definition: manage.h:309
#define LOG_PRINT_ECHO_PREFIX
Definition: manage.h:101
const char * signal_name(const int sig, const bool upper)
Definition: sig.c:77
static void man_check_password(struct management *man, const char *line)
Definition: manage.c:196
FILE * platform_fopen(const char *path, const char *mode)
Definition: platform.c:301
bool nocache
Definition: misc.h:68
#define BPTR(buf)
Definition: buffer.h:124
static int platform_state_user_uid(const struct platform_state_user *s)
Definition: platform.h:89
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:349
void * arg
Definition: status.h:33
void net_event_win32_stop(struct net_event_win32 *ne)
Definition: win32.c:359
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const char *write_peer_info_file, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2601
#define LOG_PRINT_INTVAL
Definition: manage.h:112
#define OPENVPN_STATE_WAIT
Definition: manage.h:501
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition: socket.h:619
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
Definition: misc.h:126
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:297
char * write_peer_info_file
Definition: manage.h:236
int get_debug_level(void)
Definition: error.c:138
#define MF_HOLD
Definition: manage.h:338
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:393
static void man_connection_settings_reset(struct management *man)
Definition: manage.c:1665
int up_query_mode
Definition: manage.h:312
struct env_item * list
Definition: env_set.h:44
#define MN_AT_LEAST
Definition: manage.c:1158
#define counter_format
Definition: common.h:39
time_t timestamp
Definition: manage.h:91
bool(* proxy_cmd)(void *arg, const char **p)
Definition: manage.h:183
static struct gc_arena gc_new(void)
Definition: buffer.h:991
struct user_pass up
Definition: manage.h:232
static bool ignore_sys_error(const int err)
Definition: error.h:366
time_t now
Definition: otime.c:36
bool standalone_disabled
Definition: manage.h:210
void log_history_close(struct log_history *h)
Definition: manage.c:3965
#define malloc
Definition: cmocka.c:1795
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:376
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition: error.h:350
void chomp(char *str)
Definition: buffer.c:628
void management_notify_generic(struct management *man, const char *str)
Definition: manage.c:2840
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1026
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition: manage.c:1108
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition: manage.c:3040
struct event_set * es
Definition: manage.h:302
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2852
#define OPENVPN_STATE_ADD_ROUTES
Definition: manage.h:495
static int man_read(struct management *man)
Definition: manage.c:2173
#define LOG_PRINT_STATE_PREFIX
Definition: manage.h:102
void buffer_list_advance(struct buffer_list *ol, int n)
Definition: buffer.c:1345
#define sleep(x)
Definition: syshead.h:42
#define MANAGEMENT_VERSION
Definition: manage.h:34
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:758
void management_event_loop_n_seconds(struct management *man, int sec)
Definition: manage.c:3346
struct management * management_init(void)
Definition: manage.c:2585
void management_auth_token(struct management *man, const char *token)
Definition: manage.c:3018
static void man_query_password(struct management *man, const char *type, const char *string)
Definition: manage.c:738
static void man_kill(struct management *man, const char *victim)
Definition: manage.c:505
#define M_ERR
Definition: error.h:110
#define GET_USER_PASS_PASSWORD_ONLY
Definition: misc.h:118
#define GET_USER_PASS_NEED_OK
Definition: misc.h:119
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition: manage.c:586
int capacity
Definition: manage.h:124
#define OPENVPN_STATE_CONNECTING
Definition: manage.h:493
bool set_mute_cutoff(const int cutoff)
Definition: error.c:124
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:494
void ssl_purge_auth(const bool auth_user_pass_only)
Definition: ssl.c:477
#define MANSIG_MAP_USR1_TO_TERM
Definition: manage.h:243
static void man_accept(struct management *man)
Definition: manage.c:1749
int(* kill_by_cn)(void *arg, const char *common_name)
Definition: manage.h:163
struct command_line * in
Definition: manage.h:275
static void man_delete_unix_socket(struct management *man)
Definition: manage.c:282
static void man_connect(struct management *man)
Definition: manage.c:1850
static SERVICE_STATUS status
Definition: automatic.c:47
static bool man_check_for_signals(volatile int *signal_received)
Definition: manage.c:3199
#define MWCC_PASSWORD_WAIT
Definition: manage.c:3303
#define AF_DID_PUSH
static void event_reset(struct event_set *es)
Definition: event.h:107
void net_event_win32_reset(struct net_event_win32 *ne)
Definition: win32.c:353
struct net_event_win32 ne32
Definition: manage.h:268
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3216
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1255
int state_buffer_size
Definition: manage.h:235
void buf_clear(struct buffer *buf)
Definition: buffer.c:162
void net_event_win32_init(struct net_event_win32 *ne)
Definition: win32.c:319
void buffer_list_reset(struct buffer_list *ol)
Definition: buffer.c:1202
unsigned int counter_type
Definition: common.h:38
struct openvpn_sockaddr remote
Definition: manage.h:265
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3848
#define OPENVPN_STATE_ASSIGN_IP
Definition: manage.h:494
static void man_signal(struct management *man, const char *name)
Definition: manage.c:417
static void man_update_io_state(struct management *man)
Definition: manage.c:221
void net_event_win32_close(struct net_event_win32 *ne)
Definition: win32.c:370
struct env_item * next
Definition: env_set.h:39
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:717
char * string
Definition: env_set.h:38
socket_descriptor_t sd_cli
Definition: manage.h:264
#define LOG_PRINT_STATE
Definition: manage.h:106
counter_type link_write_bytes_global
Definition: forward.c:51
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3643
#define GETADDR_HOST_ORDER
Definition: socket.h:522
void command_line_next(struct command_line *cl)
Definition: manage.c:3838
const char * auth_retry_print(void)
Definition: options.c:4087
int buf_substring_len(const struct buffer *buf, int delim)
Definition: buffer.c:818
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition: manage.c:3266
#define ERR_BUF_SIZE
Definition: error.h:39
bool state_realtime
Definition: manage.h:305
struct management * management
Definition: manage.c:63
static bool management_connected(const struct management *man)
Definition: manage.h:448
#define IER_NEW
Definition: manage.c:853
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition: win32.h:137
static void event_free(struct event_set *es)
Definition: event.h:98
static int platform_state_group_gid(const struct platform_state_group *s)
Definition: platform.h:101
#define GET_USER_PASS_NEED_STR
Definition: misc.h:121
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
bool hold_release
Definition: manage.h:216
bool wait_for_push
Definition: misc.h:70
#define SOCKET_UNDEFINED
Definition: syshead.h:486
#define IER_RESET
Definition: manage.c:852
unsigned int mansig
Definition: manage.h:244
void buf_chomp(struct buffer *buf)
Definition: buffer.c:568
static void man_connection_init(struct management *man)
Definition: manage.c:2502
struct log_history * log_history_init(const int capacity)
Definition: manage.c:3944
static void man_welcome(struct management *man)
Definition: manage.c:179
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition: manage.c:751
int get_mute_cutoff(void)
Definition: error.c:144
static void man_stop_ne32(struct management *man)
Definition: manage.c:1615
#define EVENT_READ
Definition: event.h:36
bool defined
Definition: manage.h:205
void(* show_net)(void *arg, const int msglevel)
Definition: manage.h:162
counter_type bytes_out
Definition: manage.h:221
bool management_should_daemonize(struct management *man)
Definition: manage.c:3718
#define BLEN(buf)
Definition: buffer.h:127
void log_history_resize(struct log_history *h, const int capacity)
Definition: manage.c:3993
struct openvpn_sockaddr local_sock
Definition: manage.h:95
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3289
static void man_up_finalize(struct management *man)
Definition: manage.c:666
#define LOG_FATAL_NOTIFY
Definition: manage.h:110
int(* n_clients)(void *arg)
Definition: manage.h:166
#define MF_FORGET_DISCONNECT
Definition: manage.h:340
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Definition: misc.h:137
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition: status.h:35
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1309
struct virtual_output vout
Definition: manage.h:208
static int log_index(const struct log_history *h, int i)
Definition: manage.c:3930
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition: manage.c:2668
unsigned __int8 uint8_t
Definition: config-msvc.h:122
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition: win32.c:326
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1042
int base
Definition: manage.h:122
struct log_history * log
Definition: manage.h:207
static void man_persist_close(struct man_persist *mp)
Definition: manage.c:2360
#define OPENVPN_STATE_RECONNECTING
Definition: manage.h:497
#define MS_LISTEN
Definition: manage.h:256
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition: manage.c:758
int parse_signal(const char *signame)
Definition: sig.c:63
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2691
static void set_client_version(struct management *man, const char *version)
Definition: manage.c:1246
void buffer_list_push(struct buffer_list *ol, const char *str)
Definition: buffer.c:1217
#define SIGINT
Definition: config-msvc.h:114
#define MF_QUERY_PASSWORDS
Definition: manage.h:337
const char * special_state_msg
Definition: manage.h:218
int log_history_cache
Definition: manage.h:233
int(* kill_by_addr)(void *arg, const in_addr_t addr, const int port)
Definition: manage.h:164
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:880
static int man_mod_signal(const struct management *man, const int signum)
Definition: manage.c:391
static void check_malloc_return(const void *p)
Definition: buffer.h:1069
#define MANSIG_MAP_USR1_TO_HUP
Definition: manage.h:242
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition: buffer.c:840
static void log_entry_free_contents(struct log_entry *e)
Definition: manage.c:3916
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition: manage.c:2322
#define GETADDR_FATAL
Definition: socket.h:521
int client_version
Definition: manage.h:319
static void man_remote(struct management *man, const char **p)
Definition: manage.c:1202
int env_filter_level
Definition: manage.h:303
void management_clear_callback(struct management *man)
Definition: manage.c:2676
static void man_state(struct management *man, const char *parm)
Definition: manage.c:654
#define MF_UP_DOWN
Definition: manage.h:352
static void log_history_free_contents(struct log_history *h)
Definition: manage.c:3954
SOCKET socket_descriptor_t
Definition: syshead.h:487
#define OPENVPN_STATE_GET_CONFIG
Definition: manage.h:503
#define msg
Definition: error.h:173
struct log_entry * array
Definition: manage.h:125
#define OPENVPN_STATE_INITIAL
Definition: manage.h:492
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:269
Definition: misc.h:65
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition: manage.c:2824
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void set_nonblock(int fd)
Definition: fdmisc.c:71
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition: manage.c:3972
bool echo_realtime
Definition: manage.h:307
unsigned int flags
Definition: manage.h:226
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition: manage.h:36
socket_descriptor_t sd_top
Definition: manage.h:263
struct buffer residual
Definition: manage.h:64
static void man_new_connection_post(struct management *man, const char *description)
Definition: manage.c:1678
int intval
Definition: manage.h:86
static void log_history_obj_init(struct log_history *h, int capacity)
Definition: manage.c:3936
void management_io(struct management *man)
Definition: manage.c:3080
#define LOG_PRINT_REMOTE_IP
Definition: manage.h:114
Definition: manage.h:89
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2685
static bool man_io_error(struct management *man, const char *prefix)
Definition: manage.c:2018
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition: manage.c:293
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition: manage.c:856
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
#define OPENVPN_STATE_EXITING
Definition: manage.h:498
#define MANSIG_IGNORE_USR1_HUP
Definition: manage.h:241
#define LOG_PRINT_MSG_FLAGS
Definition: manage.h:105
#define LOG_PRINT_INT_DATE
Definition: manage.h:104
#define MWCC_HOLD_WAIT
Definition: manage.c:3304
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:526
#define AF_DID_RESET
static int min_int(int x, int y)
Definition: integer.h:47
void management_pre_tunnel_close(struct management *man)
Definition: manage.c:2996
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1074
void throw_signal(const int signum)
Definition: sig.c:104
#define free
Definition: cmocka.c:1850
bool set_debug_level(const int level, const unsigned int flags)
Definition: error.c:106
#define EVENT_WRITE
Definition: event.h:37
static uint8_t * buf_bptr(const struct buffer *buf)
Definition: buffer.h:227
struct buffer_list * out
Definition: manage.h:276
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static void man_query_username(struct management *man, const char *type, const char *string)
Definition: manage.c:730
#define M_CLIENT
Definition: error.h:112
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition: manage.c:2744
#define MWCC_OTHER_WAIT
Definition: manage.c:3305
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3537
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition: buffer.h:209
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing...
Definition: manage.c:4027
#define GETADDR_PASSIVE
Definition: socket.h:530
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Definition: manage.c:1161
bool defined
Definition: manage.h:225
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition: win32.c:335
#define MS_INITIAL
Definition: manage.h:255
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition: manage.c:1919
bool(* remote_cmd)(void *arg, const char **p)
Definition: manage.h:184
#define BSTR(buf)
Definition: buffer.h:129
#define MAPF_SUBNET
Definition: mroute.h:156
static void man_settings_close(struct man_settings *ms)
Definition: manage.c:2490
#define LOG_ECHO_TO_LOG
Definition: manage.h:116
#define OPENVPN_STATE_CONNECTED
Definition: manage.h:496
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition: win32.h:131
static void man_output_list_push_finalize(struct management *man)
Definition: manage.c:237
#define M_ERRNO
Definition: error.h:99
char password[USER_PASS_LEN]
Definition: misc.h:79
static bool man_standalone_ok(const struct management *man)
Definition: manage.c:3193
#define MS_CC_WAIT_WRITE
Definition: manage.h:258
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition: manage.h:35
bool log_realtime
Definition: manage.h:306
static void man_start_ne32(struct management *man)
Definition: manage.c:1596
bool password_verified
Definition: manage.h:272
static void update_time(void)
Definition: otime.h:93
static void man_connection_close(struct management *man)
Definition: manage.c:2547
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition: manage.c:2973
char * dest
Definition: compat-lz4.h:431
int bytecount_update_seconds
Definition: manage.h:308
#define MANAGEMENT_ECHO_FLAGS
Definition: manage.c:57
#define BOOL_CAST(x)
Definition: basic.h:27
struct sockaddr sa
Definition: socket.h:68
static int man_write(struct management *man)
Definition: manage.c:2267
#define MF_SIGNAL
Definition: manage.h:339
struct buffer * buffer_list_peek(struct buffer_list *ol)
Definition: buffer.c:1258
#define GETADDR_RESOLVE
Definition: socket.h:520
#define ssize_t
Definition: config-msvc.h:104
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Definition: buffer.c:1271
int client_gid
Definition: manage.h:238
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:335
static void man_load_stats(struct management *man)
Definition: manage.c:1142
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition: manage.c:1255
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4064
const char title_string[]
Definition: options.c:65
static void man_prompt(struct management *man)
Definition: manage.c:267
#define CC_NEWLINE
Definition: buffer.h:897
#define M_WARN
Definition: error.h:96
static void man_connection_clear(struct man_connection *mc)
Definition: manage.c:2309
#define D_MANAGEMENT
Definition: errlevel.h:88
static void man_output_list_push_str(struct management *man, const char *str)
Definition: manage.c:251
struct man_settings settings
Definition: manage.h:325
bool management_would_hold(struct management *man)
Definition: manage.c:3708
#define MS_CC_WAIT_READ
Definition: manage.h:257
#define D_LINK_ERRORS
Definition: errlevel.h:57
struct log_history * echo
Definition: manage.h:213
#define MF_CONNECT_AS_CLIENT
Definition: manage.h:341
#define OPENVPN_STATE_CLIENT_BASE
Definition: manage.h:507
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition: manage.h:37
#define UP_QUERY_NEED_STR
Definition: manage.h:252