OpenVPN
auth_token.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 #ifndef AUTH_TOKEN_H
24 #define AUTH_TOKEN_H
25 
62 void
63 generate_auth_token(const struct user_pass *up, struct tls_multi *multi);
64 
70 unsigned
71 verify_auth_token(struct user_pass *up, struct tls_multi *multi,
72  struct tls_session *session);
73 
74 
75 
80 void
81 auth_token_init_secret(struct key_ctx *key_ctx, const char *key_file,
82  bool key_inline);
83 
84 
90 void auth_token_write_server_key_file(const char *filename);
91 
92 
98 void add_session_token_env(struct tls_session *session, struct tls_multi *multi,
99  const struct user_pass *up);
100 
107 void wipe_auth_token(struct tls_multi *multi);
108 
115 #define SESSION_ID_PREFIX "SESS_ID_AT_"
116 
126 static inline bool
128 {
130  strlen(SESSION_ID_PREFIX)) == 0);
131 }
138 void
140 
141 
146 void
147 check_send_auth_token(struct context *c);
148 
149 #endif /* AUTH_TOKEN_H */
SESSION_ID_PREFIX
#define SESSION_ID_PREFIX
The prefix given to auth tokens start with, this prefix is special cased to not show up in log files ...
Definition: auth_token.h:115
check_send_auth_token
void check_send_auth_token(struct context *c)
Checks if the timer to resend the auth-token has expired and if a new auth-token should be send to th...
Definition: auth_token.c:424
is_auth_token
static bool is_auth_token(const char *password)
Return if the password string has the format of a password.
Definition: auth_token.h:127
context
Contains all state information for one tunnel.
Definition: openvpn.h:476
resend_auth_token_renegotiation
void resend_auth_token_renegotiation(struct tls_multi *multi, struct tls_session *session)
Checks if a client should be sent a new auth token to update its current auth-token.
Definition: auth_token.c:462
add_session_token_env
void add_session_token_env(struct tls_session *session, struct tls_multi *multi, const struct user_pass *up)
Put the session id, and auth token status into the environment if auth-token is enabled.
Definition: auth_token.c:38
tls_multi
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:590
verify_auth_token
unsigned verify_auth_token(struct user_pass *up, struct tls_multi *multi, struct tls_session *session)
Verifies the auth token to be in the format that generate_auth_token create and checks if the token i...
Definition: auth_token.c:297
key_ctx
Container for one set of cipher and/or HMAC contexts.
Definition: crypto.h:162
auth_token_write_server_key_file
void auth_token_write_server_key_file(const char *filename)
Generate a auth-token server secret key, and write to file.
Definition: auth_token.c:118
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:471
generate_auth_token
void generate_auth_token(const struct user_pass *up, struct tls_multi *multi)
Generate an auth token based on username and timestamp.
Definition: auth_token.c:161
auth_token_init_secret
void auth_token_init_secret(struct key_ctx *key_ctx, const char *key_file, bool key_inline)
Loads an HMAC secret from a file or if no file is present generates a epheremal secret for the run ti...
Definition: auth_token.c:124
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition: crypto_openssl.c:1345
wipe_auth_token
void wipe_auth_token(struct tls_multi *multi)
Wipes the authentication token out of the memory, frees and cleans up related buffers and flags.
Definition: auth_token.c:403
user_pass::password
char password[USER_PASS_LEN]
Definition: misc.h:72
session
Definition: keyingmaterialexporter.c:56
user_pass
Definition: misc.h:56