OpenVPN
misc.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef MISC_H
25 #define MISC_H
26 
27 #include "argv.h"
28 #include "basic.h"
29 #include "common.h"
30 #include "env_set.h"
31 #include "integer.h"
32 #include "buffer.h"
33 #include "platform.h"
34 
35 /* socket descriptor passed by inetd/xinetd server to us */
36 #define INETD_SOCKET_DESCRIPTOR 0
37 
38 /* forward declarations */
39 struct plugin_list;
40 
41 
42 /* Set standard file descriptors to /dev/null */
43 void set_std_files_to_null(bool stdin_only);
44 
45 /* dup inetd/xinetd socket descriptor and save */
46 extern int inetd_socket_descriptor;
48 
49 /* Make arrays of strings */
50 
51 const char **make_arg_array(const char *first, const char *parms, struct gc_arena *gc);
52 
53 const char **make_extended_arg_array(char **p, struct gc_arena *gc);
54 
55 /* prepend a random prefix to hostname */
56 const char *hostname_randomize(const char *hostname, struct gc_arena *gc);
57 
58 /*
59  * Get and store a username/password
60  */
61 
62 struct user_pass
63 {
64  bool defined;
65  bool nocache;
66  bool wait_for_push; /* true if this object is waiting for a push-reply */
67 
68 /* max length of username/password */
69 #ifdef ENABLE_PKCS11
70 #define USER_PASS_LEN 4096
71 #else
72 #define USER_PASS_LEN 128
73 #endif
76 };
77 
78 #ifdef ENABLE_MANAGEMENT
79 /*
80  * Challenge response info on client as pushed by server.
81  */
83 #define CR_ECHO (1<<0) /* echo response when typed by user */
84 #define CR_RESPONSE (1<<1) /* response needed */
85  unsigned int flags;
86 
87  const char *user;
88  const char *state_id;
89  const char *challenge_text;
90 };
91 
92 struct auth_challenge_info *get_auth_challenge(const char *auth_challenge, struct gc_arena *gc);
93 
94 /*
95  * Challenge response info on client as pushed by server.
96  */
98 #define SC_ECHO (1<<0) /* echo response when typed by user */
99  unsigned int flags;
100 
101  const char *challenge_text;
102 };
103 
104 #else /* ifdef ENABLE_MANAGEMENT */
105 struct auth_challenge_info {};
106 struct static_challenge_info {};
107 #endif /* ifdef ENABLE_MANAGEMENT */
108 
109 /*
110  * Flags for get_user_pass and management_query_user_pass
111  */
112 #define GET_USER_PASS_MANAGEMENT (1<<0)
113 /* GET_USER_PASS_SENSITIVE (1<<1) not used anymore */
114 #define GET_USER_PASS_PASSWORD_ONLY (1<<2)
115 #define GET_USER_PASS_NEED_OK (1<<3)
116 #define GET_USER_PASS_NOFATAL (1<<4)
117 #define GET_USER_PASS_NEED_STR (1<<5)
118 #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6)
119 
120 #define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */
121 #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */
122 #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */
123 
124 #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */
125 
126 bool get_user_pass_cr(struct user_pass *up,
127  const char *auth_file,
128  const char *prefix,
129  const unsigned int flags,
130  const char *auth_challenge);
131 
132 static inline bool
134  const char *auth_file,
135  const char *prefix,
136  const unsigned int flags)
137 {
138  return get_user_pass_cr(up, auth_file, prefix, flags, NULL);
139 }
140 
141 void fail_user_pass(const char *prefix,
142  const unsigned int flags,
143  const char *reason);
144 
145 void purge_user_pass(struct user_pass *up, const bool force);
146 
147 void set_auth_token(struct user_pass *up, struct user_pass *tk,
148  const char *token);
149 
150 /*
151  * Process string received by untrusted peer before
152  * printing to console or log file.
153  * Assumes that string has been null terminated.
154  */
155 const char *safe_print(const char *str, struct gc_arena *gc);
156 
157 
158 void configure_path(void);
159 
160 const char *sanitize_control_message(const char *str, struct gc_arena *gc);
161 
162 /*
163  * /sbin/ip path, may be overridden
164  */
165 #ifdef ENABLE_IPROUTE
166 extern const char *iproute_path;
167 #endif
168 
169 #if P2MP_SERVER
170 /* helper to parse peer_info received from multi client, validate
171  * (this is untrusted data) and put into environment */
172 bool validate_peer_info_line(char *line);
173 
174 void output_peer_info_env(struct env_set *es, const char *peer_info);
175 
176 #endif /* P2MP_SERVER */
177 
178 #endif /* ifndef MISC_H */
unsigned int flags
Definition: misc.h:85
#define USER_PASS_LEN
Definition: misc.h:72
bool validate_peer_info_line(char *line)
Definition: misc.c:679
void fail_user_pass(const char *prefix, const unsigned int flags, const char *reason)
void save_inetd_socket_descriptor(void)
Definition: misc.c:85
int inetd_socket_descriptor
Definition: misc.c:82
bool defined
Definition: misc.h:64
void set_std_files_to_null(bool stdin_only)
Definition: misc.c:58
char username[USER_PASS_LEN]
Definition: misc.h:74
list flags
const char * state_id
Definition: misc.h:88
static char * auth_challenge
Definition: ssl.c:404
bool nocache
Definition: misc.h:65
void configure_path(void)
void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
Definition: misc.c:480
const char * challenge_text
Definition: misc.h:89
const char * challenge_text
Definition: misc.h:101
const char ** make_extended_arg_array(char **p, struct gc_arena *gc)
Definition: misc.c:584
bool wait_for_push
Definition: misc.h:66
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:104
const char * user
Definition: misc.h:87
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Definition: misc.h:133
const char ** make_arg_array(const char *first, const char *parms, struct gc_arena *gc)
Definition: misc.c:507
unsigned int flags
Definition: misc.h:99
struct auth_challenge_info * get_auth_challenge(const char *auth_challenge, struct gc_arena *gc)
Definition: misc.c:388
void purge_user_pass(struct user_pass *up, const bool force)
Definition: misc.c:459
Definition: misc.h:62
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
const char * sanitize_control_message(const char *str, struct gc_arena *gc)
Definition: misc.c:614
char password[USER_PASS_LEN]
Definition: misc.h:75
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Definition: misc.c:124
const char * safe_print(const char *str, struct gc_arena *gc)
Definition: misc.c:501
void output_peer_info_env(struct env_set *es, const char *peer_info)
Definition: misc.c:717