OpenVPN
manage.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #ifdef ENABLE_MANAGEMENT
31 
32 #include "error.h"
33 #include "fdmisc.h"
34 #include "options.h"
35 #include "sig.h"
36 #include "event.h"
37 #include "otime.h"
38 #include "integer.h"
39 #include "misc.h"
40 #include "ssl.h"
41 #include "common.h"
42 #include "manage.h"
43 #include "openvpn.h"
44 #include "dco.h"
45 
46 #include "memdbg.h"
47 
48 #ifdef ENABLE_PKCS11
49 #include "pkcs11.h"
50 #endif
51 
52 #define MANAGEMENT_ECHO_PULL_INFO 0
53 
54 #if MANAGEMENT_ECHO_PULL_INFO
55 #define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
56 #else
57 #define MANAGEMENT_ECHO_FLAGS 0
58 #endif
59 
60 /* tag for blank username/password */
61 static const char blank_up[] = "[[BLANK]]";
62 
63 struct management *management; /* GLOBAL */
64 
65 /* static forward declarations */
66 static void man_output_standalone(struct management *man, volatile int *signal_received);
67 
68 static void man_reset_client_socket(struct management *man, const bool exiting);
69 
70 static void
71 man_help(void)
72 {
73  msg(M_CLIENT, "Management Interface for %s", title_string);
74  msg(M_CLIENT, "Commands:");
75  msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
76  msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
77  msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
78  msg(M_CLIENT, "cr-response response : Send a challenge response answer via CR_RESPONSE to server");
79  msg(M_CLIENT, "exit|quit : Close management session.");
80  msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
81  msg(M_CLIENT, "help : Print this message.");
82  msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
83  msg(M_CLIENT, " release current hold and start tunnel.");
84  msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
85  msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
86  msg(M_CLIENT, "load-stats : Show global server load stats.");
87  msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
88  msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
89  msg(M_CLIENT, "mute [n] : Set log mute level to n, or show level if n is absent.");
90  msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
91  msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
92  msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
93  msg(M_CLIENT, " where action is reply string.");
94  msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
95  msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
96  msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
97  msg(M_CLIENT, "remote-entry-count : Get number of available remote entries.");
98  msg(M_CLIENT, "remote-entry-get i|all [j]: Get remote entry at index = i to to j-1 or all.");
99  msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
100  msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
101 #ifdef ENABLE_PKCS11
102  msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
103  msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
104 #endif
105  msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
106  msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
107  msg(M_CLIENT, "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
108  msg(M_CLIENT, " text R and optional client reason text CR");
109  msg(M_CLIENT, "client-pending-auth CID KID MSG timeout : Instruct OpenVPN to send AUTH_PENDING and INFO_PRE msg");
110  msg(M_CLIENT, " to the client and wait for a final client-auth/client-deny");
111  msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
112  msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
113  msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
114  msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
115  msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
116  msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
117  msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge");
118  msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END");
119  msg(M_CLIENT, "signal s : Send signal s to daemon,");
120  msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
121  msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
122  msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
123  msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
124  msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
125  msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
126  msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
127  msg(M_CLIENT, "END");
128 }
129 
130 static const char *
131 man_state_name(const int state)
132 {
133  switch (state)
134  {
135  case OPENVPN_STATE_INITIAL:
136  return "INITIAL";
137 
138  case OPENVPN_STATE_CONNECTING:
139  return "CONNECTING";
140 
141  case OPENVPN_STATE_WAIT:
142  return "WAIT";
143 
144  case OPENVPN_STATE_AUTH:
145  return "AUTH";
146 
147  case OPENVPN_STATE_GET_CONFIG:
148  return "GET_CONFIG";
149 
150  case OPENVPN_STATE_ASSIGN_IP:
151  return "ASSIGN_IP";
152 
153  case OPENVPN_STATE_ADD_ROUTES:
154  return "ADD_ROUTES";
155 
156  case OPENVPN_STATE_CONNECTED:
157  return "CONNECTED";
158 
159  case OPENVPN_STATE_RECONNECTING:
160  return "RECONNECTING";
161 
162  case OPENVPN_STATE_EXITING:
163  return "EXITING";
164 
165  case OPENVPN_STATE_RESOLVE:
166  return "RESOLVE";
167 
168  case OPENVPN_STATE_TCP_CONNECT:
169  return "TCP_CONNECT";
170 
171  case OPENVPN_STATE_AUTH_PENDING:
172  return "AUTH_PENDING";
173 
174  default:
175  return "?";
176  }
177 }
178 
179 static void
180 man_welcome(struct management *man)
181 {
182  msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
183  MANAGEMENT_VERSION);
184  if (man->persist.special_state_msg)
185  {
186  msg(M_CLIENT, "%s", man->persist.special_state_msg);
187  }
188 }
189 
190 static inline bool
191 man_password_needed(struct management *man)
192 {
193  return man->settings.up.defined && !man->connection.password_verified;
194 }
195 
196 static void
197 man_check_password(struct management *man, const char *line)
198 {
199  if (man_password_needed(man))
200  {
201  /* This comparison is not fixed time but since strlen(time) is based on
202  * the attacker choice, it should not give any indication of the real
203  * password length, use + 1 to include the NUL byte that terminates the
204  * string*/
205  size_t compare_len = min_uint(strlen(line) + 1, sizeof(man->settings.up.password));
206  if (memcmp_constant_time(line, man->settings.up.password, compare_len) == 0)
207  {
208  man->connection.password_verified = true;
209  msg(M_CLIENT, "SUCCESS: password is correct");
210  man_welcome(man);
211  }
212  else
213  {
214  man->connection.password_verified = false;
215  msg(M_CLIENT, "ERROR: bad password");
216  if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES)
217  {
218  msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
219  MANAGEMENT_N_PASSWORD_RETRIES);
220  man->connection.halt = true;
221  }
222  }
223  }
224 }
225 
226 static void
227 man_update_io_state(struct management *man)
228 {
229  if (socket_defined(man->connection.sd_cli))
230  {
231  if (buffer_list_defined(man->connection.out))
232  {
233  man->connection.state = MS_CC_WAIT_WRITE;
234  }
235  else
236  {
237  man->connection.state = MS_CC_WAIT_READ;
238  }
239  }
240 }
241 
242 static void
243 man_output_list_push_finalize(struct management *man)
244 {
245  if (management_connected(man))
246  {
247  man_update_io_state(man);
248  if (!man->persist.standalone_disabled)
249  {
250  volatile int signal_received = 0;
251  man_output_standalone(man, &signal_received);
252  }
253  }
254 }
255 
256 static void
257 man_output_list_push_str(struct management *man, const char *str)
258 {
259  if (management_connected(man) && str)
260  {
261  buffer_list_push(man->connection.out, str);
262  }
263 }
264 
265 static void
266 man_output_list_push(struct management *man, const char *str)
267 {
268  man_output_list_push_str(man, str);
269  man_output_list_push_finalize(man);
270 }
271 
272 static void
273 man_prompt(struct management *man)
274 {
275  if (man_password_needed(man))
276  {
277  man_output_list_push(man, "ENTER PASSWORD:");
278  }
279 #if 0 /* should we use prompt? */
280  else
281  {
282  man_output_list_push(man, ">");
283  }
284 #endif
285 }
286 
287 
292 static void
293 report_command_status(const bool status, const char *command)
294 {
295  if (status)
296  {
297  msg(M_CLIENT, "SUCCESS: %s command succeeded", command);
298  }
299  else
300  {
301  msg(M_CLIENT, "ERROR: %s command failed", command);
302  }
303 }
304 
305 static void
306 man_delete_unix_socket(struct management *man)
307 {
308 #if UNIX_SOCK_SUPPORT
309  if ((man->settings.flags & (MF_UNIX_SOCK|MF_CONNECT_AS_CLIENT)) == MF_UNIX_SOCK)
310  {
311  socket_delete_unix(&man->settings.local_unix);
312  }
313 #endif
314 }
315 
316 static void
317 man_close_socket(struct management *man, const socket_descriptor_t sd)
318 {
319 #ifndef _WIN32
320  /*
321  * Windows doesn't need this because the ne32 event is permanently
322  * enabled at struct management scope.
323  */
324  if (man->persist.callback.delete_event)
325  {
326  (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
327  }
328 #endif
329  openvpn_close_socket(sd);
330 }
331 
332 static void
333 virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
334 {
335  struct management *man = (struct management *) arg;
336  static int recursive_level = 0; /* GLOBAL */
337 
338 #define AF_DID_PUSH (1<<0)
339 #define AF_DID_RESET (1<<1)
340  if (recursive_level < 5) /* limit recursion */
341  {
342  struct gc_arena gc = gc_new();
343  struct log_entry e;
344  const char *out = NULL;
345  unsigned int action_flags = 0;
346 
347  ++recursive_level;
348 
349  CLEAR(e);
350  update_time();
351  e.timestamp = now;
352  e.u.msg_flags = flags;
353  e.string = str;
354 
355  if (flags & M_FATAL)
356  {
357  man->persist.standalone_disabled = false;
358  }
359 
360  if (flags != M_CLIENT)
361  {
362  log_history_add(man->persist.log, &e);
363  }
364 
365  if (!man_password_needed(man))
366  {
367  if (flags == M_CLIENT)
368  {
369  out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
370  }
371  else if (man->connection.log_realtime)
372  {
373  out = log_entry_print(&e, LOG_PRINT_INT_DATE
374  | LOG_PRINT_MSG_FLAGS
375  | LOG_PRINT_LOG_PREFIX
376  | LOG_PRINT_CRLF, &gc);
377  }
378  if (out)
379  {
380  man_output_list_push_str(man, out);
381  action_flags |= AF_DID_PUSH;
382  }
383  if (flags & M_FATAL)
384  {
385  out = log_entry_print(&e, LOG_FATAL_NOTIFY|LOG_PRINT_CRLF, &gc);
386  if (out)
387  {
388  man_output_list_push_str(man, out);
389  action_flags |= (AF_DID_PUSH|AF_DID_RESET);
390  }
391  }
392  }
393 
394  gc_free(&gc);
395 
396  if (action_flags & AF_DID_PUSH)
397  {
398  man_output_list_push_finalize(man);
399  }
400  if (action_flags & AF_DID_RESET)
401  {
402  man_reset_client_socket(man, true);
403  }
404 
405  --recursive_level;
406  }
407  else
408  {
409  /* cannot use msg here */
410  printf("virtual_output: message to management interface "
411  "dropped due to recursion: <%s>\n", str);
412  }
413 }
414 
415 /*
416  * Given a signal, return the signal with possible remapping applied,
417  * or -1 if the signal should be ignored.
418  */
419 static int
420 man_mod_signal(const struct management *man, const int signum)
421 {
422  const unsigned int flags = man->settings.mansig;
423  int s = signum;
424  if (s == SIGUSR1)
425  {
426  if (flags & MANSIG_MAP_USR1_TO_HUP)
427  {
428  s = SIGHUP;
429  }
430  if (flags & MANSIG_MAP_USR1_TO_TERM)
431  {
432  s = SIGTERM;
433  }
434  }
435  if (flags & MANSIG_IGNORE_USR1_HUP)
436  {
437  if (s == SIGHUP || s == SIGUSR1)
438  {
439  s = -1;
440  }
441  }
442  return s;
443 }
444 
445 static void
446 man_signal(struct management *man, const char *name)
447 {
448  const int sig = parse_signal(name);
449  if (sig >= 0)
450  {
451  const int sig_mod = man_mod_signal(man, sig);
452  if (sig_mod >= 0)
453  {
454  throw_signal(sig_mod);
455  msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
456  }
457  else
458  {
459  msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
460  if (man->persist.special_state_msg)
461  {
462  msg(M_CLIENT, "%s", man->persist.special_state_msg);
463  }
464  }
465  }
466  else
467  {
468  msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
469  }
470 }
471 
472 static void
473 man_command_unsupported(const char *command_name)
474 {
475  msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode", command_name);
476 }
477 
478 static void
479 man_status(struct management *man, const int version, struct status_output *so)
480 {
481  if (man->persist.callback.status)
482  {
483  (*man->persist.callback.status)(man->persist.callback.arg, version, so);
484  }
485  else
486  {
487  man_command_unsupported("status");
488  }
489 }
490 
491 static void
492 man_bytecount(struct management *man, const int update_seconds)
493 {
494  if (update_seconds > 0)
495  {
496  man->connection.bytecount_update_seconds = update_seconds;
497  event_timeout_init(&man->connection.bytecount_update_interval,
498  man->connection.bytecount_update_seconds,
499  now);
500  }
501  else
502  {
503  man->connection.bytecount_update_seconds = 0;
504  event_timeout_clear(&man->connection.bytecount_update_interval);
505  }
506  msg(M_CLIENT, "SUCCESS: bytecount interval changed");
507 }
508 
509 static void
510 man_bytecount_output_client(struct management *man,
511  counter_type dco_read_bytes,
512  counter_type dco_write_bytes)
513 {
514  char in[32];
515  char out[32];
516 
517  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
518  snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes);
519  snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes);
520  msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
521 }
522 
523 void
524 man_bytecount_output_server(const counter_type *bytes_in_total,
525  const counter_type *bytes_out_total,
526  struct man_def_auth_context *mdac)
527 {
528  char in[32];
529  char out[32];
530  /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
531  snprintf(in, sizeof(in), counter_format, *bytes_in_total);
532  snprintf(out, sizeof(out), counter_format, *bytes_out_total);
533  msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
534  mdac->bytecount_last_update = now;
535 }
536 
537 static void
538 man_kill(struct management *man, const char *victim)
539 {
540  struct gc_arena gc = gc_new();
541 
542  if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr)
543  {
544  struct buffer buf;
545  char p1[128];
546  char p2[128];
547  char p3[128];
548  int n_killed;
549 
550  buf_set_read(&buf, (uint8_t *) victim, strlen(victim) + 1);
551  buf_parse(&buf, ':', p1, sizeof(p1));
552  buf_parse(&buf, ':', p2, sizeof(p2));
553  buf_parse(&buf, ':', p3, sizeof(p3));
554 
555  if (strlen(p1) && strlen(p2) && strlen(p3))
556  {
557  /* IP:port specified */
558  bool status;
559  const in_addr_t addr = getaddr(GETADDR_HOST_ORDER|GETADDR_MSG_VIRT_OUT, p2, 0, &status, NULL);
560  if (status)
561  {
562  const int port = atoi(p3);
563  const int proto = (streq(p1, "tcp")) ? PROTO_TCP_SERVER :
564  (streq(p1, "udp")) ? PROTO_UDP : PROTO_NONE;
565 
566  if ((port > 0 && port < 65536) && (proto != PROTO_NONE))
567  {
568  n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg, addr, port, proto);
569  if (n_killed > 0)
570  {
571  msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%s:%d killed",
572  n_killed,
573  proto2ascii(proto, AF_UNSPEC, false),
574  print_in_addr_t(addr, 0, &gc),
575  port);
576  }
577  else
578  {
579  msg(M_CLIENT, "ERROR: client at address %s:%s:%d not found",
580  proto2ascii(proto, AF_UNSPEC, false),
581  print_in_addr_t(addr, 0, &gc),
582  port);
583  }
584  }
585  else
586  {
587  msg(M_CLIENT, "ERROR: port number or protocol out of range: %s %s", p3, p1);
588  }
589  }
590  else
591  {
592  msg(M_CLIENT, "ERROR: error parsing IP address: %s", p2);
593  }
594  }
595  else if (strlen(p1))
596  {
597  /* common name specified */
598  n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
599  if (n_killed > 0)
600  {
601  msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
602  }
603  else
604  {
605  msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
606  }
607  }
608  else
609  {
610  msg(M_CLIENT, "ERROR: kill parse");
611  }
612  }
613  else
614  {
615  man_command_unsupported("kill");
616  }
617 
618  gc_free(&gc);
619 }
620 
621 /*
622  * General-purpose history command handler
623  * for the log and echo commands.
624  */
625 static void
626 man_history(struct management *man,
627  const char *parm,
628  const char *type,
629  struct log_history *log,
630  bool *realtime,
631  const unsigned int lep_flags)
632 {
633  struct gc_arena gc = gc_new();
634  int n = 0;
635 
636  if (streq(parm, "on"))
637  {
638  *realtime = true;
639  msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
640  }
641  else if (streq(parm, "off"))
642  {
643  *realtime = false;
644  msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
645  }
646  else if (streq(parm, "all") || (n = atoi(parm)) > 0)
647  {
648  const int size = log_history_size(log);
649  const int start = (n ? n : size) - 1;
650  int i;
651 
652  for (i = start; i >= 0; --i)
653  {
654  const struct log_entry *e = log_history_ref(log, i);
655  if (e)
656  {
657  const char *out = log_entry_print(e, lep_flags, &gc);
658  virtual_output_callback_func(man, M_CLIENT, out);
659  }
660  }
661  msg(M_CLIENT, "END");
662  }
663  else
664  {
665  msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
666  }
667 
668  gc_free(&gc);
669 }
670 
671 static void
672 man_log(struct management *man, const char *parm)
673 {
674  man_history(man,
675  parm,
676  "log",
677  man->persist.log,
678  &man->connection.log_realtime,
679  LOG_PRINT_INT_DATE|LOG_PRINT_MSG_FLAGS);
680 }
681 
682 static void
683 man_echo(struct management *man, const char *parm)
684 {
685  man_history(man,
686  parm,
687  "echo",
688  man->persist.echo,
689  &man->connection.echo_realtime,
690  LOG_PRINT_INT_DATE|MANAGEMENT_ECHO_FLAGS);
691 }
692 
693 static void
694 man_state(struct management *man, const char *parm)
695 {
696  man_history(man,
697  parm,
698  "state",
699  man->persist.state,
700  &man->connection.state_realtime,
701  LOG_PRINT_INT_DATE|LOG_PRINT_STATE
702  |LOG_PRINT_LOCAL_IP|LOG_PRINT_REMOTE_IP);
703 }
704 
705 static void
706 man_up_finalize(struct management *man)
707 {
708  switch (man->connection.up_query_mode)
709  {
710  case UP_QUERY_USER_PASS:
711  if (!strlen(man->connection.up_query.username))
712  {
713  break;
714  }
715 
716  /* fall through */
717  case UP_QUERY_PASS:
718  case UP_QUERY_NEED_OK:
719  case UP_QUERY_NEED_STR:
720  if (strlen(man->connection.up_query.password))
721  {
722  man->connection.up_query.defined = true;
723  }
724  break;
725 
726  case UP_QUERY_DISABLED:
727  man->connection.up_query.defined = false;
728  break;
729 
730  default:
731  ASSERT(0);
732  }
733 }
734 
735 static void
736 man_query_user_pass(struct management *man,
737  const char *type,
738  const char *string,
739  const bool needed,
740  const char *prompt,
741  char *dest,
742  int len)
743 {
744  if (needed)
745  {
746  ASSERT(man->connection.up_query_type);
747  if (streq(man->connection.up_query_type, type))
748  {
749  strncpynt(dest, string, len);
750  man_up_finalize(man);
751  msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified",
752  type,
753  prompt);
754  }
755  else
756  {
757  msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'",
758  prompt,
759  type,
760  man->connection.up_query_type);
761  }
762  }
763  else
764  {
765  msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
766  }
767 }
768 
769 static void
770 man_query_username(struct management *man, const char *type, const char *string)
771 {
772  const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS
773  ) && man->connection.up_query_type);
774  man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username, USER_PASS_LEN);
775 }
776 
777 static void
778 man_query_password(struct management *man, const char *type, const char *string)
779 {
780  const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
781  || man->connection.up_query_mode == UP_QUERY_USER_PASS
782  ) && man->connection.up_query_type);
783  if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
784  {
785  string = blank_up;
786  }
787  man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN);
788 }
789 
790 static void
791 man_query_need_ok(struct management *man, const char *type, const char *action)
792 {
793  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
794  man_query_user_pass(man, type, action, needed, "needok-confirmation", man->connection.up_query.password, USER_PASS_LEN);
795 }
796 
797 static void
798 man_query_need_str(struct management *man, const char *type, const char *action)
799 {
800  const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
801  man_query_user_pass(man, type, action, needed, "needstr-string", man->connection.up_query.password, USER_PASS_LEN);
802 }
803 
804 static void
805 man_forget_passwords(struct management *man)
806 {
807  ssl_purge_auth(false);
808  (void)ssl_clean_auth_token();
809  msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
810 }
811 
812 static void
813 man_net(struct management *man)
814 {
815  if (man->persist.callback.show_net)
816  {
817  (*man->persist.callback.show_net)(man->persist.callback.arg, M_CLIENT);
818  }
819  else
820  {
821  man_command_unsupported("net");
822  }
823 }
824 
825 static void
826 man_send_cc_message(struct management *man, const char *message, const char *parameters)
827 {
828  if (man->persist.callback.send_cc_message)
829  {
830  const bool status = (*man->persist.callback.send_cc_message)
831  (man->persist.callback.arg, message, parameters);
832  if (status)
833  {
834  msg(M_CLIENT, "SUCCESS: command succeeded");
835  }
836  else
837  {
838  msg(M_CLIENT, "ERROR: command failed");
839  }
840  }
841  else
842  {
843  man_command_unsupported("cr-repsonse");
844  }
845 }
846 #ifdef ENABLE_PKCS11
847 
848 static void
849 man_pkcs11_id_count(struct management *man)
850 {
851  msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
852 }
853 
854 static void
855 man_pkcs11_id_get(struct management *man, const int index)
856 {
857  char *id = NULL;
858  char *base64 = NULL;
859 
860  if (pkcs11_management_id_get(index, &id, &base64))
861  {
862  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
863  }
864  else
865  {
866  msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
867  }
868 
869  free(id);
870  free(base64);
871 }
872 
873 #endif /* ifdef ENABLE_PKCS11 */
874 
875 static void
876 man_remote_entry_count(struct management *man)
877 {
878  unsigned count = 0;
879  if (man->persist.callback.remote_entry_count)
880  {
881  count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
882  msg(M_CLIENT, "%u", count);
883  msg(M_CLIENT, "END");
884  }
885  else
886  {
887  man_command_unsupported("remote-entry-count");
888  }
889 }
890 
891 static void
892 man_remote_entry_get(struct management *man, const char *p1, const char *p2)
893 {
894  ASSERT(p1);
895 
896  if (man->persist.callback.remote_entry_get
897  && man->persist.callback.remote_entry_count)
898  {
899  unsigned int count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
900 
901  unsigned int from = (unsigned int) atoi(p1);
902  unsigned int to = p2 ? (unsigned int) atoi(p2) : from + 1;
903 
904  if (!strcmp(p1, "all"))
905  {
906  from = 0;
907  to = count;
908  }
909 
910  for (unsigned int i = from; i < min_uint(to, count); i++)
911  {
912  char *remote = NULL;
913  bool res = (*man->persist.callback.remote_entry_get)(man->persist.callback.arg, i, &remote);
914  if (res && remote)
915  {
916  msg(M_CLIENT, "%u,%s", i, remote);
917  }
918  free(remote);
919  }
920  msg(M_CLIENT, "END");
921  }
922  else
923  {
924  man_command_unsupported("remote-entry-get");
925  }
926 }
927 
928 static void
929 man_hold(struct management *man, const char *cmd)
930 {
931  if (cmd)
932  {
933  if (streq(cmd, "on"))
934  {
935  man->settings.flags |= MF_HOLD;
936  msg(M_CLIENT, "SUCCESS: hold flag set to ON");
937  }
938  else if (streq(cmd, "off"))
939  {
940  man->settings.flags &= ~MF_HOLD;
941  msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
942  }
943  else if (streq(cmd, "release"))
944  {
945  man->persist.hold_release = true;
946  msg(M_CLIENT, "SUCCESS: hold release succeeded");
947  }
948  else
949  {
950  msg(M_CLIENT, "ERROR: bad hold command parameter");
951  }
952  }
953  else
954  {
955  msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
956  }
957 }
958 
959 #define IER_RESET 0
960 #define IER_NEW 1
961 
962 static void
963 in_extra_reset(struct man_connection *mc, const int mode)
964 {
965  if (mc)
966  {
967  if (mode != IER_NEW)
968  {
969  mc->in_extra_cmd = IEC_UNDEF;
970  mc->in_extra_cid = 0;
971  mc->in_extra_kid = 0;
972  }
973  if (mc->in_extra)
974  {
975  buffer_list_free(mc->in_extra);
976  mc->in_extra = NULL;
977  }
978  if (mode == IER_NEW)
979  {
980  mc->in_extra = buffer_list_new();
981  }
982  }
983 }
984 
985 static void
986 in_extra_dispatch(struct management *man)
987 {
988  switch (man->connection.in_extra_cmd)
989  {
990  case IEC_CLIENT_AUTH:
991  if (man->persist.callback.client_auth)
992  {
993  const bool status = (*man->persist.callback.client_auth)
994  (man->persist.callback.arg,
995  man->connection.in_extra_cid,
996  man->connection.in_extra_kid,
997  true,
998  NULL,
999  NULL,
1000  man->connection.in_extra);
1001  man->connection.in_extra = NULL;
1002  report_command_status(status, "client-auth");
1003  }
1004  else
1005  {
1006  man_command_unsupported("client-auth");
1007  }
1008  break;
1009 
1010  case IEC_PK_SIGN:
1011  man->connection.ext_key_state = EKS_READY;
1012  buffer_list_free(man->connection.ext_key_input);
1013  man->connection.ext_key_input = man->connection.in_extra;
1014  man->connection.in_extra = NULL;
1015  return;
1016 
1017  case IEC_CERTIFICATE:
1018  man->connection.ext_cert_state = EKS_READY;
1019  buffer_list_free(man->connection.ext_cert_input);
1020  man->connection.ext_cert_input = man->connection.in_extra;
1021  man->connection.in_extra = NULL;
1022  return;
1023  }
1024  in_extra_reset(&man->connection, IER_RESET);
1025 }
1026 
1027 static bool
1028 parse_cid(const char *str, unsigned long *cid)
1029 {
1030  if (sscanf(str, "%lu", cid) == 1)
1031  {
1032  return true;
1033  }
1034  else
1035  {
1036  msg(M_CLIENT, "ERROR: cannot parse CID");
1037  return false;
1038  }
1039 }
1040 
1041 static bool
1042 parse_uint(const char *str, const char *what, unsigned int *uint)
1043 {
1044  if (sscanf(str, "%u", uint) == 1)
1045  {
1046  return true;
1047  }
1048  else
1049  {
1050  msg(M_CLIENT, "ERROR: cannot parse %s", what);
1051  return false;
1052  }
1053 }
1054 
1065 static void
1066 man_client_pending_auth(struct management *man, const char *cid_str,
1067  const char *kid_str, const char *extra,
1068  const char *timeout_str)
1069 {
1070  unsigned long cid = 0;
1071  unsigned int kid = 0;
1072  unsigned int timeout = 0;
1073  if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid)
1074  && parse_uint(timeout_str, "TIMEOUT", &timeout))
1075  {
1076  if (man->persist.callback.client_pending_auth)
1077  {
1078  bool ret = (*man->persist.callback.client_pending_auth)
1079  (man->persist.callback.arg, cid, kid, extra, timeout);
1080 
1081  if (ret)
1082  {
1083  msg(M_CLIENT, "SUCCESS: client-pending-auth command succeeded");
1084  }
1085  else
1086  {
1087  msg(M_CLIENT, "ERROR: client-pending-auth command failed."
1088  " Extra parameter might be too long");
1089  }
1090  }
1091  else
1092  {
1093  man_command_unsupported("client-pending-auth");
1094  }
1095  }
1096 }
1097 
1098 static void
1099 man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
1100 {
1101  struct man_connection *mc = &man->connection;
1102  mc->in_extra_cid = 0;
1103  mc->in_extra_kid = 0;
1104  if (parse_cid(cid_str, &mc->in_extra_cid)
1105  && parse_uint(kid_str, "KID", &mc->in_extra_kid))
1106  {
1107  mc->in_extra_cmd = IEC_CLIENT_AUTH;
1108  in_extra_reset(mc, IER_NEW);
1109  if (!extra)
1110  {
1111  in_extra_dispatch(man);
1112  }
1113  }
1114 }
1115 
1116 static void
1117 man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
1118 {
1119  unsigned long cid = 0;
1120  unsigned int kid = 0;
1121  if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid))
1122  {
1123  if (man->persist.callback.client_auth)
1124  {
1125  const bool status = (*man->persist.callback.client_auth)
1126  (man->persist.callback.arg,
1127  cid,
1128  kid,
1129  false,
1130  reason,
1131  client_reason,
1132  NULL);
1133  if (status)
1134  {
1135  msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1136  }
1137  else
1138  {
1139  msg(M_CLIENT, "ERROR: client-deny command failed");
1140  }
1141  }
1142  else
1143  {
1144  man_command_unsupported("client-deny");
1145  }
1146  }
1147 }
1148 
1149 static void
1150 man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1151 {
1152  unsigned long cid = 0;
1153  if (parse_cid(cid_str, &cid))
1154  {
1155  if (man->persist.callback.kill_by_cid)
1156  {
1157  const bool status = (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1158  if (status)
1159  {
1160  msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1161  }
1162  else
1163  {
1164  msg(M_CLIENT, "ERROR: client-kill command failed");
1165  }
1166  }
1167  else
1168  {
1169  man_command_unsupported("client-kill");
1170  }
1171  }
1172 }
1173 
1174 static void
1175 man_client_n_clients(struct management *man)
1176 {
1177  if (man->persist.callback.n_clients)
1178  {
1179  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1180  msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1181  }
1182  else
1183  {
1184  man_command_unsupported("nclients");
1185  }
1186 }
1187 
1188 static void
1189 man_env_filter(struct management *man, const int level)
1190 {
1191  man->connection.env_filter_level = level;
1192  msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1193 }
1194 
1195 
1196 static void
1197 man_pk_sig(struct management *man, const char *cmd_name)
1198 {
1199  struct man_connection *mc = &man->connection;
1200  if (mc->ext_key_state == EKS_SOLICIT)
1201  {
1202  mc->ext_key_state = EKS_INPUT;
1203  mc->in_extra_cmd = IEC_PK_SIGN;
1204  in_extra_reset(mc, IER_NEW);
1205  }
1206  else
1207  {
1208  msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1209  }
1210 }
1211 
1212 static void
1213 man_certificate(struct management *man)
1214 {
1215  struct man_connection *mc = &man->connection;
1216  if (mc->ext_cert_state == EKS_SOLICIT)
1217  {
1218  mc->ext_cert_state = EKS_INPUT;
1219  mc->in_extra_cmd = IEC_CERTIFICATE;
1220  in_extra_reset(mc, IER_NEW);
1221  }
1222  else
1223  {
1224  msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1225  }
1226 }
1227 
1228 static void
1229 man_load_stats(struct management *man)
1230 {
1231  extern counter_type link_read_bytes_global;
1232  extern counter_type link_write_bytes_global;
1233  int nclients = 0;
1234 
1235  if (man->persist.callback.n_clients)
1236  {
1237  nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1238  }
1239  msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1240  nclients,
1241  link_read_bytes_global,
1242  link_write_bytes_global);
1243 }
1244 
1245 #define MN_AT_LEAST (1<<0)
1246 
1256 static bool
1257 man_need(struct management *man, const char **p, const int n, unsigned int flags)
1258 {
1259  int i;
1260  ASSERT(p[0]);
1261  for (i = 1; i <= n; ++i)
1262  {
1263  if (!p[i])
1264  {
1265  msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s",
1266  p[0],
1267  (flags & MN_AT_LEAST) ? "at least " : "",
1268  n,
1269  n > 1 ? "s" : "");
1270  return false;
1271  }
1272  }
1273  return true;
1274 }
1275 
1276 static void
1277 man_proxy(struct management *man, const char **p)
1278 {
1279  if (man->persist.callback.proxy_cmd)
1280  {
1281  const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1282  report_command_status(status, "proxy");
1283  }
1284  else
1285  {
1286  man_command_unsupported("proxy");
1287  }
1288 }
1289 
1290 static void
1291 man_remote(struct management *man, const char **p)
1292 {
1293  if (man->persist.callback.remote_cmd)
1294  {
1295  const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1296  report_command_status(status, "remote");
1297  }
1298  else
1299  {
1300  man_command_unsupported("remote");
1301  }
1302 }
1303 
1304 #ifdef TARGET_ANDROID
1305 static void
1306 man_network_change(struct management *man, bool samenetwork)
1307 {
1308  /* Called to signal the OpenVPN that the network configuration has changed and
1309  * the client should either float or reconnect.
1310  *
1311  * The code is currently only used by ics-openvpn
1312  */
1313  if (man->persist.callback.network_change)
1314  {
1315  int fd = (*man->persist.callback.network_change)
1316  (man->persist.callback.arg, samenetwork);
1317  man->connection.fdtosend = fd;
1318  msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1319  if (fd == -2)
1320  {
1321  man_signal(man, "SIGUSR1");
1322  }
1323  }
1324 }
1325 #endif
1326 
1327 static void
1328 set_client_version(struct management *man, const char *version)
1329 {
1330  if (version)
1331  {
1332  man->connection.client_version = atoi(version);
1333  }
1334 }
1335 
1336 static void
1337 man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
1338 {
1339  struct gc_arena gc = gc_new();
1340 
1341  ASSERT(p[0]);
1342  if (streq(p[0], "exit") || streq(p[0], "quit"))
1343  {
1344  man->connection.halt = true;
1345  goto done;
1346  }
1347  else if (streq(p[0], "help"))
1348  {
1349  man_help();
1350  }
1351  else if (streq(p[0], "version") && p[1])
1352  {
1353  set_client_version(man, p[1]);
1354  }
1355  else if (streq(p[0], "version"))
1356  {
1357  msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1358  msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1359  msg(M_CLIENT, "END");
1360  }
1361  else if (streq(p[0], "pid"))
1362  {
1363  msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1364  }
1365  else if (streq(p[0], "nclients"))
1366  {
1367  man_client_n_clients(man);
1368  }
1369  else if (streq(p[0], "env-filter"))
1370  {
1371  int level = 0;
1372  if (p[1])
1373  {
1374  level = atoi(p[1]);
1375  }
1376  man_env_filter(man, level);
1377  }
1378  else if (streq(p[0], "signal"))
1379  {
1380  if (man_need(man, p, 1, 0))
1381  {
1382  man_signal(man, p[1]);
1383  }
1384  }
1385 #ifdef TARGET_ANDROID
1386  else if (streq(p[0], "network-change"))
1387  {
1388  bool samenetwork = false;
1389  if (p[1] && streq(p[1], "samenetwork"))
1390  {
1391  samenetwork = true;
1392  }
1393 
1394  man_network_change(man, samenetwork);
1395  }
1396 #endif
1397  else if (streq(p[0], "load-stats"))
1398  {
1399  man_load_stats(man);
1400  }
1401  else if (streq(p[0], "status"))
1402  {
1403  int version = 0;
1404  if (p[1])
1405  {
1406  version = atoi(p[1]);
1407  }
1408  man_status(man, version, so);
1409  }
1410  else if (streq(p[0], "kill"))
1411  {
1412  if (man_need(man, p, 1, 0))
1413  {
1414  man_kill(man, p[1]);
1415  }
1416  }
1417  else if (streq(p[0], "verb"))
1418  {
1419  if (p[1])
1420  {
1421  const int level = atoi(p[1]);
1422  if (set_debug_level(level, 0))
1423  {
1424  msg(M_CLIENT, "SUCCESS: verb level changed");
1425  }
1426  else
1427  {
1428  msg(M_CLIENT, "ERROR: verb level is out of range");
1429  }
1430  }
1431  else
1432  {
1433  msg(M_CLIENT, "SUCCESS: verb=%d", get_debug_level());
1434  }
1435  }
1436  else if (streq(p[0], "mute"))
1437  {
1438  if (p[1])
1439  {
1440  const int level = atoi(p[1]);
1441  if (set_mute_cutoff(level))
1442  {
1443  msg(M_CLIENT, "SUCCESS: mute level changed");
1444  }
1445  else
1446  {
1447  msg(M_CLIENT, "ERROR: mute level is out of range");
1448  }
1449  }
1450  else
1451  {
1452  msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1453  }
1454  }
1455  else if (streq(p[0], "auth-retry"))
1456  {
1457  if (p[1])
1458  {
1459  if (auth_retry_set(M_CLIENT, p[1]))
1460  {
1461  msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1462  }
1463  else
1464  {
1465  msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1466  }
1467  }
1468  else
1469  {
1470  msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1471  }
1472  }
1473  else if (streq(p[0], "state"))
1474  {
1475  if (!p[1])
1476  {
1477  man_state(man, "1");
1478  }
1479  else
1480  {
1481  if (p[1])
1482  {
1483  man_state(man, p[1]);
1484  }
1485  if (p[2])
1486  {
1487  man_state(man, p[2]);
1488  }
1489  }
1490  }
1491  else if (streq(p[0], "log"))
1492  {
1493  if (man_need(man, p, 1, MN_AT_LEAST))
1494  {
1495  if (p[1])
1496  {
1497  man_log(man, p[1]);
1498  }
1499  if (p[2])
1500  {
1501  man_log(man, p[2]);
1502  }
1503  }
1504  }
1505  else if (streq(p[0], "echo"))
1506  {
1507  if (man_need(man, p, 1, MN_AT_LEAST))
1508  {
1509  if (p[1])
1510  {
1511  man_echo(man, p[1]);
1512  }
1513  if (p[2])
1514  {
1515  man_echo(man, p[2]);
1516  }
1517  }
1518  }
1519  else if (streq(p[0], "username"))
1520  {
1521  if (man_need(man, p, 2, 0))
1522  {
1523  man_query_username(man, p[1], p[2]);
1524  }
1525  }
1526  else if (streq(p[0], "password"))
1527  {
1528  if (man_need(man, p, 2, 0))
1529  {
1530  man_query_password(man, p[1], p[2]);
1531  }
1532  }
1533  else if (streq(p[0], "forget-passwords"))
1534  {
1535  man_forget_passwords(man);
1536  }
1537  else if (streq(p[0], "needok"))
1538  {
1539  if (man_need(man, p, 2, 0))
1540  {
1541  man_query_need_ok(man, p[1], p[2]);
1542  }
1543  }
1544  else if (streq(p[0], "needstr"))
1545  {
1546  if (man_need(man, p, 2, 0))
1547  {
1548  man_query_need_str(man, p[1], p[2]);
1549  }
1550  }
1551  else if (streq(p[0], "cr-response"))
1552  {
1553  if (man_need(man, p, 1, 0))
1554  {
1555  man_send_cc_message(man, "CR_RESPONSE", p[1]);
1556  }
1557  }
1558  else if (streq(p[0], "net"))
1559  {
1560  man_net(man);
1561  }
1562  else if (streq(p[0], "hold"))
1563  {
1564  man_hold(man, p[1]);
1565  }
1566  else if (streq(p[0], "bytecount"))
1567  {
1568  if (man_need(man, p, 1, 0))
1569  {
1570  man_bytecount(man, atoi(p[1]));
1571  }
1572  }
1573  else if (streq(p[0], "client-kill"))
1574  {
1575  if (man_need(man, p, 1, MN_AT_LEAST))
1576  {
1577  man_client_kill(man, p[1], p[2]);
1578  }
1579  }
1580  else if (streq(p[0], "client-deny"))
1581  {
1582  if (man_need(man, p, 3, MN_AT_LEAST))
1583  {
1584  man_client_deny(man, p[1], p[2], p[3], p[4]);
1585  }
1586  }
1587  else if (streq(p[0], "client-auth-nt"))
1588  {
1589  if (man_need(man, p, 2, 0))
1590  {
1591  man_client_auth(man, p[1], p[2], false);
1592  }
1593  }
1594  else if (streq(p[0], "client-auth"))
1595  {
1596  if (man_need(man, p, 2, 0))
1597  {
1598  man_client_auth(man, p[1], p[2], true);
1599  }
1600  }
1601  else if (streq(p[0], "client-pending-auth"))
1602  {
1603  if (man_need(man, p, 4, 0))
1604  {
1605  man_client_pending_auth(man, p[1], p[2], p[3], p[4]);
1606  }
1607  }
1608  else if (streq(p[0], "rsa-sig"))
1609  {
1610  man_pk_sig(man, "rsa-sig");
1611  }
1612  else if (streq(p[0], "pk-sig"))
1613  {
1614  man_pk_sig(man, "pk-sig");
1615  }
1616  else if (streq(p[0], "certificate"))
1617  {
1618  man_certificate(man);
1619  }
1620 #ifdef ENABLE_PKCS11
1621  else if (streq(p[0], "pkcs11-id-count"))
1622  {
1623  man_pkcs11_id_count(man);
1624  }
1625  else if (streq(p[0], "pkcs11-id-get"))
1626  {
1627  if (man_need(man, p, 1, 0))
1628  {
1629  man_pkcs11_id_get(man, atoi(p[1]));
1630  }
1631  }
1632 #endif
1633  else if (streq(p[0], "remote-entry-count"))
1634  {
1635  man_remote_entry_count(man);
1636  }
1637  else if (streq(p[0], "remote-entry-get"))
1638  {
1639  if (man_need(man, p, 1, MN_AT_LEAST))
1640  {
1641  man_remote_entry_get(man, p[1], p[2]);
1642  }
1643  }
1644  else if (streq(p[0], "proxy"))
1645  {
1646  if (man_need(man, p, 1, MN_AT_LEAST))
1647  {
1648  man_proxy(man, p);
1649  }
1650  }
1651  else if (streq(p[0], "remote"))
1652  {
1653  if (man_need(man, p, 1, MN_AT_LEAST))
1654  {
1655  man_remote(man, p);
1656  }
1657  }
1658 #if 1
1659  else if (streq(p[0], "test"))
1660  {
1661  if (man_need(man, p, 1, 0))
1662  {
1663  int i;
1664  const int n = atoi(p[1]);
1665  for (i = 0; i < n; ++i)
1666  {
1667  msg(M_CLIENT, "[%d] The purpose of this command is to generate large amounts of output.", i);
1668  }
1669  }
1670  }
1671 #endif
1672  else
1673  {
1674  msg(M_CLIENT, "ERROR: unknown command [%s], enter 'help' for more options", p[0]);
1675  }
1676 
1677 done:
1678  gc_free(&gc);
1679 }
1680 
1681 #ifdef _WIN32
1682 
1683 static void
1684 man_start_ne32(struct management *man)
1685 {
1686  switch (man->connection.state)
1687  {
1688  case MS_LISTEN:
1689  net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1690  break;
1691 
1692  case MS_CC_WAIT_READ:
1693  case MS_CC_WAIT_WRITE:
1694  net_event_win32_start(&man->connection.ne32, FD_READ|FD_WRITE|FD_CLOSE, man->connection.sd_cli);
1695  break;
1696 
1697  default:
1698  ASSERT(0);
1699  }
1700 }
1701 
1702 static void
1703 man_stop_ne32(struct management *man)
1704 {
1705  net_event_win32_stop(&man->connection.ne32);
1706 }
1707 
1708 #endif /* ifdef _WIN32 */
1709 
1710 static void
1711 man_connection_settings_reset(struct management *man)
1712 {
1713  man->connection.state_realtime = false;
1714  man->connection.log_realtime = false;
1715  man->connection.echo_realtime = false;
1716  man->connection.bytecount_update_seconds = 0;
1717  man->connection.password_verified = false;
1718  man->connection.password_tries = 0;
1719  man->connection.halt = false;
1720  man->connection.state = MS_CC_WAIT_WRITE;
1721 }
1722 
1723 static void
1724 man_new_connection_post(struct management *man, const char *description)
1725 {
1726  struct gc_arena gc = gc_new();
1727 
1728  set_nonblock(man->connection.sd_cli);
1729 
1730  man_connection_settings_reset(man);
1731 
1732 #ifdef _WIN32
1733  man_start_ne32(man);
1734 #endif
1735 
1736 #if UNIX_SOCK_SUPPORT
1737  if (man->settings.flags & MF_UNIX_SOCK)
1738  {
1739  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1740  description,
1741  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1742  }
1743  else
1744 #endif
1745  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1746  {
1747  msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1748  description,
1749  print_sockaddr(man->settings.local->ai_addr, &gc));
1750  }
1751  else
1752  {
1753  struct sockaddr_storage addr;
1754  socklen_t addrlen = sizeof(addr);
1755  if (!getpeername(man->connection.sd_cli, (struct sockaddr *) &addr,
1756  &addrlen))
1757  {
1758  msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1759  print_sockaddr((struct sockaddr *) &addr, &gc));
1760  }
1761  else
1762  {
1763  msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description, "unknown");
1764  }
1765  }
1766 
1767  buffer_list_reset(man->connection.out);
1768 
1769  if (!man_password_needed(man))
1770  {
1771  man_welcome(man);
1772  }
1773  man_prompt(man);
1774  man_update_io_state(man);
1775 
1776  gc_free(&gc);
1777 }
1778 
1779 #if UNIX_SOCK_SUPPORT
1780 static bool
1781 man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1782 {
1783  if (socket_defined(sd) && (man->settings.client_uid != -1 || man->settings.client_gid != -1))
1784  {
1785  static const char err_prefix[] = "MANAGEMENT: unix domain socket client connection rejected --";
1786  int uid, gid;
1787  if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1788  {
1789  if (man->settings.client_uid != -1 && man->settings.client_uid != uid)
1790  {
1791  msg(D_MANAGEMENT, "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1792  err_prefix, uid, man->settings.client_uid);
1793  return false;
1794  }
1795  if (man->settings.client_gid != -1 && man->settings.client_gid != gid)
1796  {
1797  msg(D_MANAGEMENT, "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1798  err_prefix, gid, man->settings.client_gid);
1799  return false;
1800  }
1801  }
1802  else
1803  {
1804  msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1805  return false;
1806  }
1807  }
1808  return true;
1809 }
1810 #endif /* if UNIX_SOCK_SUPPORT */
1811 
1812 static void
1813 man_accept(struct management *man)
1814 {
1815  struct link_socket_actual act;
1816  CLEAR(act);
1817 
1818  /*
1819  * Accept the TCP or Unix domain socket client.
1820  */
1821 #if UNIX_SOCK_SUPPORT
1822  if (man->settings.flags & MF_UNIX_SOCK)
1823  {
1824  struct sockaddr_un remote;
1825  man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1826  if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1827  {
1828  sd_close(&man->connection.sd_cli);
1829  }
1830  }
1831  else
1832 #endif
1833  {
1834  man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1835  }
1836 
1837  if (socket_defined(man->connection.sd_cli))
1838  {
1839  man->connection.remote = act.dest;
1840 
1841  if (socket_defined(man->connection.sd_top))
1842  {
1843 #ifdef _WIN32
1844  man_stop_ne32(man);
1845 #endif
1846  }
1847 
1848  man_new_connection_post(man, "Client connected from");
1849  }
1850 }
1851 
1852 static void
1853 man_listen(struct management *man)
1854 {
1855  struct gc_arena gc = gc_new();
1856 
1857  /*
1858  * Initialize state
1859  */
1860  man->connection.state = MS_LISTEN;
1861  man->connection.sd_cli = SOCKET_UNDEFINED;
1862 
1863  /*
1864  * Initialize listening socket
1865  */
1866  if (man->connection.sd_top == SOCKET_UNDEFINED)
1867  {
1868 #if UNIX_SOCK_SUPPORT
1869  if (man->settings.flags & MF_UNIX_SOCK)
1870  {
1871  man_delete_unix_socket(man);
1872  man->connection.sd_top = create_socket_unix();
1873  socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1874  }
1875  else
1876 #endif
1877  {
1878  man->connection.sd_top = create_socket_tcp(man->settings.local);
1879  socket_bind(man->connection.sd_top, man->settings.local,
1880  man->settings.local->ai_family, "MANAGEMENT", false);
1881  }
1882 
1883  /*
1884  * Listen for connection
1885  */
1886  if (listen(man->connection.sd_top, 1))
1887  {
1888  msg(M_ERR, "MANAGEMENT: listen() failed");
1889  }
1890 
1891  /*
1892  * Set misc socket properties
1893  */
1894  set_nonblock(man->connection.sd_top);
1895 
1896 #if UNIX_SOCK_SUPPORT
1897  if (man->settings.flags & MF_UNIX_SOCK)
1898  {
1899  msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1900  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1901  }
1902  else
1903 #endif
1904  {
1905  const struct sockaddr *man_addr = man->settings.local->ai_addr;
1906  struct sockaddr_storage addr;
1907  socklen_t addrlen = sizeof(addr);
1908  if (!getsockname(man->connection.sd_top, (struct sockaddr *) &addr, &addrlen))
1909  {
1910  man_addr = (struct sockaddr *) &addr;
1911  }
1912  else
1913  {
1914  msg(M_WARN|M_ERRNO,
1915  "Failed to get the management socket address");
1916  }
1917  msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1918  print_sockaddr(man_addr, &gc));
1919  }
1920  }
1921 
1922 #ifdef _WIN32
1923  man_start_ne32(man);
1924 #endif
1925 
1926  gc_free(&gc);
1927 }
1928 
1929 static void
1930 man_connect(struct management *man)
1931 {
1932  struct gc_arena gc = gc_new();
1933  int status;
1934  int signal_received = 0;
1935 
1936  /*
1937  * Initialize state
1938  */
1939  man->connection.state = MS_INITIAL;
1940  man->connection.sd_top = SOCKET_UNDEFINED;
1941 
1942 #if UNIX_SOCK_SUPPORT
1943  if (man->settings.flags & MF_UNIX_SOCK)
1944  {
1945  man->connection.sd_cli = create_socket_unix();
1946  status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
1947  if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1948  {
1949 #ifdef EPERM
1950  status = EPERM;
1951 #else
1952  status = 1;
1953 #endif
1954  sd_close(&man->connection.sd_cli);
1955  }
1956  }
1957  else
1958 #endif
1959  {
1960  man->connection.sd_cli = create_socket_tcp(man->settings.local);
1961  status = openvpn_connect(man->connection.sd_cli,
1962  man->settings.local->ai_addr,
1963  5,
1964  &signal_received);
1965  }
1966 
1967  if (signal_received)
1968  {
1969  throw_signal(signal_received);
1970  goto done;
1971  }
1972 
1973  if (status)
1974  {
1975 #if UNIX_SOCK_SUPPORT
1976  if (man->settings.flags & MF_UNIX_SOCK)
1977  {
1978  msg(D_LINK_ERRORS | M_ERRNO,
1979  "MANAGEMENT: connect to unix socket %s failed",
1980  sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1981  }
1982  else
1983 #endif
1984  {
1985  msg(D_LINK_ERRORS | M_ERRNO,
1986  "MANAGEMENT: connect to %s failed",
1987  print_sockaddr(man->settings.local->ai_addr, &gc));
1988  }
1989  throw_signal_soft(SIGTERM, "management-connect-failed");
1990  goto done;
1991  }
1992 
1993  man_new_connection_post(man, "Connected to management server at");
1994 
1995 done:
1996  gc_free(&gc);
1997 }
1998 
1999 static void
2000 man_reset_client_socket(struct management *man, const bool exiting)
2001 {
2002  if (socket_defined(man->connection.sd_cli))
2003  {
2004 #ifdef _WIN32
2005  man_stop_ne32(man);
2006 #endif
2007  man_close_socket(man, man->connection.sd_cli);
2008  man->connection.sd_cli = SOCKET_UNDEFINED;
2009  man->connection.state = MS_INITIAL;
2010  command_line_reset(man->connection.in);
2011  buffer_list_reset(man->connection.out);
2012  in_extra_reset(&man->connection, IER_RESET);
2013  msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
2014  }
2015  if (!exiting)
2016  {
2017  if (man->settings.flags & MF_FORGET_DISCONNECT)
2018  {
2019  ssl_purge_auth(false);
2020  (void)ssl_clean_auth_token();
2021  }
2022 
2023  if (man->settings.flags & MF_SIGNAL)
2024  {
2025  int mysig = man_mod_signal(man, SIGUSR1);
2026  if (mysig >= 0)
2027  {
2028  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
2029  throw_signal_soft(mysig, "management-disconnect");
2030  }
2031  }
2032 
2033  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2034  {
2035  msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
2036  throw_signal_soft(SIGTERM, "management-exit");
2037  }
2038  else
2039  {
2040  man_listen(man);
2041  }
2042  }
2043 }
2044 
2045 static void
2046 man_process_command(struct management *man, const char *line)
2047 {
2048  struct gc_arena gc = gc_new();
2049  struct status_output *so;
2050  int nparms;
2051  char *parms[MAX_PARMS+1];
2052 
2053  CLEAR(parms);
2054  so = status_open(NULL, 0, -1, &man->persist.vout, 0);
2055  in_extra_reset(&man->connection, IER_RESET);
2056 
2057  if (man_password_needed(man))
2058  {
2059  man_check_password(man, line);
2060  }
2061  else
2062  {
2063  nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
2064  if (parms[0] && streq(parms[0], "password"))
2065  {
2066  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
2067  }
2068  else if (!streq(line, "load-stats"))
2069  {
2070  msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
2071  }
2072 
2073 #if 0
2074  /* DEBUGGING -- print args */
2075  {
2076  int i;
2077  for (i = 0; i < nparms; ++i)
2078  {
2079  msg(M_INFO, "[%d] '%s'", i, parms[i]);
2080  }
2081  }
2082 #endif
2083 
2084  if (nparms > 0)
2085  {
2086  man_dispatch_command(man, so, (const char **)parms, nparms);
2087  }
2088  }
2089 
2090  CLEAR(parms);
2091  status_close(so);
2092  gc_free(&gc);
2093 }
2094 
2095 static bool
2096 man_io_error(struct management *man, const char *prefix)
2097 {
2098  bool crt_error = false;
2099  int err = openvpn_errno_maybe_crt(&crt_error);
2100 
2101  if (!ignore_sys_error(err, crt_error))
2102  {
2103  struct gc_arena gc = gc_new();
2104  msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix,
2105  strerror(err));
2106  gc_free(&gc);
2107  return true;
2108  }
2109  else
2110  {
2111  return false;
2112  }
2113 }
2114 
2115 #ifdef TARGET_ANDROID
2116 static ssize_t
2117 man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2118 {
2119  struct msghdr msg = { 0 };
2120  struct iovec iov[1];
2121 
2122  union {
2123  struct cmsghdr cm;
2124  char control[CMSG_SPACE(sizeof(int))];
2125  } control_un;
2126  struct cmsghdr *cmptr;
2127 
2128  msg.msg_control = control_un.control;
2129  msg.msg_controllen = sizeof(control_un.control);
2130 
2131  cmptr = CMSG_FIRSTHDR(&msg);
2132  cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2133  cmptr->cmsg_level = SOL_SOCKET;
2134  cmptr->cmsg_type = SCM_RIGHTS;
2135  *((int *) CMSG_DATA(cmptr)) = sendfd;
2136 
2137  msg.msg_name = NULL;
2138  msg.msg_namelen = 0;
2139 
2140  iov[0].iov_base = ptr;
2141  iov[0].iov_len = nbytes;
2142  msg.msg_iov = iov;
2143  msg.msg_iovlen = 1;
2144 
2145  return (sendmsg(fd, &msg, flags));
2146 }
2147 
2148 static ssize_t
2149 man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2150 {
2151  struct msghdr msghdr = { 0 };
2152  struct iovec iov[1];
2153  ssize_t n;
2154 
2155  union {
2156  struct cmsghdr cm;
2157  char control[CMSG_SPACE(sizeof(int))];
2158  } control_un;
2159  struct cmsghdr *cmptr;
2160 
2161  msghdr.msg_control = control_un.control;
2162  msghdr.msg_controllen = sizeof(control_un.control);
2163 
2164  msghdr.msg_name = NULL;
2165  msghdr.msg_namelen = 0;
2166 
2167  iov[0].iov_base = ptr;
2168  iov[0].iov_len = nbytes;
2169  msghdr.msg_iov = iov;
2170  msghdr.msg_iovlen = 1;
2171 
2172  if ( (n = recvmsg(fd, &msghdr, flags)) <= 0)
2173  {
2174  return (n);
2175  }
2176 
2177  if ( (cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL
2178  && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2179  {
2180  if (cmptr->cmsg_level != SOL_SOCKET)
2181  {
2182  msg(M_ERR, "control level != SOL_SOCKET");
2183  }
2184  if (cmptr->cmsg_type != SCM_RIGHTS)
2185  {
2186  msg(M_ERR, "control type != SCM_RIGHTS");
2187  }
2188  *recvfd = *((int *) CMSG_DATA(cmptr));
2189  }
2190  else
2191  {
2192  *recvfd = -1; /* descriptor was not passed */
2193 
2194  }
2195  return (n);
2196 }
2197 
2198 /*
2199  * The android control method will instruct the GUI part of openvpn to do
2200  * the route/ifconfig/open tun command. See doc/android.txt for details.
2201  */
2202 bool
2203 management_android_control(struct management *man, const char *command, const char *msg)
2204 {
2205  if (!man)
2206  {
2207  msg(M_FATAL, "Required management interface not available.");
2208  }
2209  struct user_pass up;
2210  CLEAR(up);
2211  strncpy(up.username, msg, sizeof(up.username)-1);
2212 
2213  management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK, (void *) 0);
2214  return strcmp("ok", up.password)==0;
2215 }
2216 
2217 /*
2218  * In Android 4.4 it is not possible to open a new tun device and then close the
2219  * old tun device without breaking the whole VPNService stack until the device
2220  * is rebooted. This management method ask the UI what method should be taken to
2221  * ensure the optimal solution for the situation
2222  */
2223 int
2224 managment_android_persisttun_action(struct management *man)
2225 {
2226  struct user_pass up;
2227  CLEAR(up);
2228  strcpy(up.username, "tunmethod");
2229  management_query_user_pass(management, &up, "PERSIST_TUN_ACTION",
2230  GET_USER_PASS_NEED_OK, (void *) 0);
2231  if (!strcmp("NOACTION", up.password))
2232  {
2233  return ANDROID_KEEP_OLD_TUN;
2234  }
2235  else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2236  {
2237  return ANDROID_OPEN_BEFORE_CLOSE;
2238  }
2239  else
2240  {
2241  msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query", up.password);
2242  }
2243 
2244  ASSERT(0);
2245  return ANDROID_OPEN_BEFORE_CLOSE;
2246 }
2247 
2248 
2249 #endif /* ifdef TARGET_ANDROID */
2250 
2251 static int
2252 man_read(struct management *man)
2253 {
2254  /*
2255  * read command line from socket
2256  */
2257  unsigned char buf[256];
2258  int len = 0;
2259 
2260 #ifdef TARGET_ANDROID
2261  int fd;
2262  len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2263  if (fd >= 0)
2264  {
2265  man->connection.lastfdreceived = fd;
2266  }
2267 #else /* ifdef TARGET_ANDROID */
2268  len = recv(man->connection.sd_cli, (void *)buf, sizeof(buf), MSG_NOSIGNAL);
2269 #endif
2270 
2271  if (len == 0)
2272  {
2273  man_reset_client_socket(man, false);
2274  }
2275  else if (len > 0)
2276  {
2277  bool processed_command = false;
2278 
2279  ASSERT(len <= (int) sizeof(buf));
2280  command_line_add(man->connection.in, buf, len);
2281 
2282  /*
2283  * Reset output object
2284  */
2285  buffer_list_reset(man->connection.out);
2286 
2287  /*
2288  * process command line if complete
2289  */
2290  {
2291  const char *line;
2292  while ((line = command_line_get(man->connection.in)))
2293  {
2294  if (man->connection.in_extra)
2295  {
2296  if (!strcmp(line, "END"))
2297  {
2298  in_extra_dispatch(man);
2299  }
2300  else
2301  {
2302  buffer_list_push(man->connection.in_extra, line);
2303  }
2304  }
2305  else
2306  {
2307  man_process_command(man, (char *) line);
2308  }
2309  if (man->connection.halt)
2310  {
2311  break;
2312  }
2313  command_line_next(man->connection.in);
2314  processed_command = true;
2315  }
2316  }
2317 
2318  /*
2319  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2320  */
2321  if (man->connection.halt)
2322  {
2323  man_reset_client_socket(man, false);
2324  len = 0;
2325  }
2326  else
2327  {
2328  if (processed_command)
2329  {
2330  man_prompt(man);
2331  }
2332  man_update_io_state(man);
2333  }
2334  }
2335  else /* len < 0 */
2336  {
2337  if (man_io_error(man, "recv"))
2338  {
2339  man_reset_client_socket(man, false);
2340  }
2341  }
2342  return len;
2343 }
2344 
2345 static int
2346 man_write(struct management *man)
2347 {
2348  const int size_hint = 1024;
2349  int sent = 0;
2350  const struct buffer *buf;
2351 
2352  buffer_list_aggregate(man->connection.out, size_hint);
2353  buf = buffer_list_peek(man->connection.out);
2354  if (buf && BLEN(buf))
2355  {
2356  const int len = min_int(size_hint, BLEN(buf));
2357 #ifdef TARGET_ANDROID
2358  if (man->connection.fdtosend > 0)
2359  {
2360  sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL, man->connection.fdtosend);
2361  man->connection.fdtosend = -1;
2362  }
2363  else
2364 #endif
2365  sent = send(man->connection.sd_cli, (const void *)BPTR(buf), len, MSG_NOSIGNAL);
2366  if (sent >= 0)
2367  {
2368  buffer_list_advance(man->connection.out, sent);
2369  }
2370  else if (sent < 0)
2371  {
2372  if (man_io_error(man, "send"))
2373  {
2374  man_reset_client_socket(man, false);
2375  }
2376  }
2377  }
2378 
2379  /*
2380  * Reset output state to MS_CC_WAIT_(READ|WRITE)
2381  */
2382  man_update_io_state(man);
2383 
2384  return sent;
2385 }
2386 
2387 static void
2388 man_connection_clear(struct man_connection *mc)
2389 {
2390  CLEAR(*mc);
2391 
2392  /* set initial state */
2393  mc->state = MS_INITIAL;
2394 
2395  /* clear socket descriptors */
2396  mc->sd_top = SOCKET_UNDEFINED;
2397  mc->sd_cli = SOCKET_UNDEFINED;
2398 }
2399 
2400 static void
2401 man_persist_init(struct management *man,
2402  const int log_history_cache,
2403  const int echo_buffer_size,
2404  const int state_buffer_size)
2405 {
2406  struct man_persist *mp = &man->persist;
2407  if (!mp->defined)
2408  {
2409  CLEAR(*mp);
2410 
2411  /* initialize log history store */
2412  mp->log = log_history_init(log_history_cache);
2413 
2414  /*
2415  * Initialize virtual output object, so that functions
2416  * which write to a virtual_output object can be redirected
2417  * here to the management object.
2418  */
2419  mp->vout.func = virtual_output_callback_func;
2420  mp->vout.arg = man;
2421  mp->vout.flags_default = M_CLIENT;
2422  msg_set_virtual_output(&mp->vout);
2423 
2424  /*
2425  * Initialize --echo list
2426  */
2427  man->persist.echo = log_history_init(echo_buffer_size);
2428 
2429  /*
2430  * Initialize --state list
2431  */
2432  man->persist.state = log_history_init(state_buffer_size);
2433 
2434  mp->defined = true;
2435  }
2436 }
2437 
2438 static void
2439 man_persist_close(struct man_persist *mp)
2440 {
2441  if (mp->log)
2442  {
2443  msg_set_virtual_output(NULL);
2444  log_history_close(mp->log);
2445  }
2446 
2447  if (mp->echo)
2448  {
2449  log_history_close(mp->echo);
2450  }
2451 
2452  if (mp->state)
2453  {
2454  log_history_close(mp->state);
2455  }
2456 
2457  CLEAR(*mp);
2458 }
2459 
2460 static void
2461 man_settings_init(struct man_settings *ms,
2462  const char *addr,
2463  const char *port,
2464  const char *pass_file,
2465  const char *client_user,
2466  const char *client_group,
2467  const int log_history_cache,
2468  const int echo_buffer_size,
2469  const int state_buffer_size,
2470  const int remap_sigusr1,
2471  const unsigned int flags)
2472 {
2473  if (!ms->defined)
2474  {
2475  CLEAR(*ms);
2476 
2477  ms->flags = flags;
2478  ms->client_uid = -1;
2479  ms->client_gid = -1;
2480 
2481  /*
2482  * Get username/password
2483  */
2484  if (pass_file)
2485  {
2486  get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2487  }
2488 
2489  /*
2490  * lookup client UID/GID if specified
2491  */
2492  if (client_user)
2493  {
2494  struct platform_state_user s;
2495  platform_user_get(client_user, &s);
2496  ms->client_uid = platform_state_user_uid(&s);
2497  msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->client_uid);
2498  ASSERT(ms->client_uid >= 0);
2499  }
2500  if (client_group)
2501  {
2502  struct platform_state_group s;
2503  platform_group_get(client_group, &s);
2504  ms->client_gid = platform_state_group_gid(&s);
2505  msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->client_gid);
2506  ASSERT(ms->client_gid >= 0);
2507  }
2508 
2509 #if UNIX_SOCK_SUPPORT
2510  if (ms->flags & MF_UNIX_SOCK)
2511  {
2512  sockaddr_unix_init(&ms->local_unix, addr);
2513  }
2514  else
2515 #endif
2516  {
2517 
2518  /*
2519  * Run management over tunnel, or
2520  * separate channel?
2521  */
2522  if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2523  {
2524  ms->management_over_tunnel = true;
2525  }
2526  else
2527  {
2528  int status;
2529  int resolve_flags = GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL;
2530 
2531  if (!(flags & MF_CONNECT_AS_CLIENT))
2532  {
2533  resolve_flags |= GETADDR_PASSIVE;
2534  }
2535 
2536  status = openvpn_getaddrinfo(resolve_flags, addr, port, 0,
2537  NULL, AF_UNSPEC, &ms->local);
2538  ASSERT(status==0);
2539  }
2540  }
2541 
2542  /*
2543  * Log history and echo buffer may need to be resized
2544  */
2545  ms->log_history_cache = log_history_cache;
2546  ms->echo_buffer_size = echo_buffer_size;
2547  ms->state_buffer_size = state_buffer_size;
2548 
2549  /*
2550  * Set remap sigusr1 flags
2551  */
2552  if (remap_sigusr1 == SIGHUP)
2553  {
2554  ms->mansig |= MANSIG_MAP_USR1_TO_HUP;
2555  }
2556  else if (remap_sigusr1 == SIGTERM)
2557  {
2558  ms->mansig |= MANSIG_MAP_USR1_TO_TERM;
2559  }
2560 
2561  ms->defined = true;
2562  }
2563 }
2564 
2565 static void
2566 man_settings_close(struct man_settings *ms)
2567 {
2568  if (ms->local)
2569  {
2570  freeaddrinfo(ms->local);
2571  }
2572  CLEAR(*ms);
2573 }
2574 
2575 
2576 static void
2577 man_connection_init(struct management *man)
2578 {
2579  if (man->connection.state == MS_INITIAL)
2580  {
2581 #ifdef _WIN32
2582  /*
2583  * This object is a sort of TCP/IP helper
2584  * for Windows.
2585  */
2586  net_event_win32_init(&man->connection.ne32);
2587 #endif
2588 
2589  /*
2590  * Allocate helper objects for command line input and
2591  * command output from/to the socket.
2592  */
2593  man->connection.in = command_line_new(1024);
2594  man->connection.out = buffer_list_new();
2595 
2596  /*
2597  * Initialize event set for standalone usage, when we are
2598  * running outside of the primary event loop.
2599  */
2600  {
2601  int maxevents = 1;
2602  man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2603  }
2604 
2605  man->connection.client_version = 1; /* default version */
2606 
2607  /*
2608  * Listen/connect socket
2609  */
2610  if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2611  {
2612  man_connect(man);
2613  }
2614  else
2615  {
2616  man_listen(man);
2617  }
2618  }
2619 }
2620 
2621 static void
2622 man_connection_close(struct management *man)
2623 {
2624  struct man_connection *mc = &man->connection;
2625 
2626  event_free(mc->es);
2627 #ifdef _WIN32
2628  net_event_win32_close(&mc->ne32);
2629 #endif
2630  if (socket_defined(mc->sd_top))
2631  {
2632  man_close_socket(man, mc->sd_top);
2633  man_delete_unix_socket(man);
2634  }
2635  if (socket_defined(mc->sd_cli))
2636  {
2637  man_close_socket(man, mc->sd_cli);
2638  }
2639 
2640  command_line_free(mc->in);
2641  buffer_list_free(mc->out);
2642 
2643  event_timeout_clear(&mc->bytecount_update_interval);
2644 
2645  in_extra_reset(&man->connection, IER_RESET);
2646  buffer_list_free(mc->ext_key_input);
2647  man_connection_clear(mc);
2648 }
2649 
2650 struct management *
2651 management_init(void)
2652 {
2653  struct management *man;
2654  ALLOC_OBJ_CLEAR(man, struct management);
2655 
2656  man_persist_init(man,
2657  MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2658  MANAGEMENT_ECHO_BUFFER_SIZE,
2659  MANAGEMENT_STATE_BUFFER_SIZE);
2660 
2661  man_connection_clear(&man->connection);
2662 
2663  return man;
2664 }
2665 
2666 bool
2667 management_open(struct management *man,
2668  const char *addr,
2669  const char *port,
2670  const char *pass_file,
2671  const char *client_user,
2672  const char *client_group,
2673  const int log_history_cache,
2674  const int echo_buffer_size,
2675  const int state_buffer_size,
2676  const int remap_sigusr1,
2677  const unsigned int flags)
2678 {
2679  bool ret = false;
2680 
2681  /*
2682  * Save the settings only if they have not
2683  * been saved before.
2684  */
2685  man_settings_init(&man->settings,
2686  addr,
2687  port,
2688  pass_file,
2689  client_user,
2690  client_group,
2691  log_history_cache,
2692  echo_buffer_size,
2693  state_buffer_size,
2694  remap_sigusr1,
2695  flags);
2696 
2697  /*
2698  * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2699  * but may be changed here. Ditto for echo and state buffers.
2700  */
2701  log_history_resize(man->persist.log, man->settings.log_history_cache);
2702  log_history_resize(man->persist.echo, man->settings.echo_buffer_size);
2703  log_history_resize(man->persist.state, man->settings.state_buffer_size);
2704 
2705  /*
2706  * If connection object is uninitialized and we are not doing
2707  * over-the-tunnel management, then open (listening) connection.
2708  */
2709  if (man->connection.state == MS_INITIAL)
2710  {
2711  if (!man->settings.management_over_tunnel)
2712  {
2713  man_connection_init(man);
2714  ret = true;
2715  }
2716  }
2717 
2718  return ret;
2719 }
2720 
2721 void
2722 management_close(struct management *man)
2723 {
2724  man_output_list_push_finalize(man); /* flush output queue */
2725  man_connection_close(man);
2726  man_settings_close(&man->settings);
2727  man_persist_close(&man->persist);
2728  free(man);
2729 }
2730 
2731 void
2732 management_set_callback(struct management *man,
2733  const struct management_callback *cb)
2734 {
2735  man->persist.standalone_disabled = true;
2736  man->persist.callback = *cb;
2737 }
2738 
2739 void
2740 management_clear_callback(struct management *man)
2741 {
2742  man->persist.standalone_disabled = false;
2743  man->persist.hold_release = false;
2744  CLEAR(man->persist.callback);
2745  man_output_list_push_finalize(man); /* flush output queue */
2746 }
2747 
2748 void
2749 management_set_state(struct management *man,
2750  const int state,
2751  const char *detail,
2752  const in_addr_t *tun_local_ip,
2753  const struct in6_addr *tun_local_ip6,
2754  const struct openvpn_sockaddr *local,
2755  const struct openvpn_sockaddr *remote)
2756 {
2757  if (man->persist.state && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2758  {
2759  struct gc_arena gc = gc_new();
2760  struct log_entry e;
2761  const char *out = NULL;
2762 
2763  update_time();
2764  CLEAR(e);
2765  e.timestamp = now;
2766  e.u.state = state;
2767  e.string = detail;
2768  if (tun_local_ip)
2769  {
2770  e.local_ip = *tun_local_ip;
2771  }
2772  if (tun_local_ip6)
2773  {
2774  e.local_ip6 = *tun_local_ip6;
2775  }
2776  if (local)
2777  {
2778  e.local_sock = *local;
2779  }
2780  if (remote)
2781  {
2782  e.remote_sock = *remote;
2783  }
2784 
2785  log_history_add(man->persist.state, &e);
2786 
2787  if (man->connection.state_realtime)
2788  {
2789  out = log_entry_print(&e, LOG_PRINT_STATE_PREFIX
2790  | LOG_PRINT_INT_DATE
2791  | LOG_PRINT_STATE
2792  | LOG_PRINT_LOCAL_IP
2793  | LOG_PRINT_REMOTE_IP
2794  | LOG_PRINT_CRLF
2795  | LOG_ECHO_TO_LOG, &gc);
2796  }
2797 
2798  if (out)
2799  {
2800  man_output_list_push(man, out);
2801  }
2802 
2803  gc_free(&gc);
2804  }
2805 }
2806 
2807 static bool
2808 env_filter_match(const char *env_str, const int env_filter_level)
2809 {
2810  static const char *env_names[] = {
2811  "username=",
2812  "password=",
2813  "X509_0_CN=",
2814  "tls_serial_",
2815  "untrusted_ip=",
2816  "ifconfig_local=",
2817  "ifconfig_netmask=",
2818  "daemon_start_time=",
2819  "daemon_pid=",
2820  "dev=",
2821  "ifconfig_pool_remote_ip=",
2822  "ifconfig_pool_netmask=",
2823  "time_duration=",
2824  "bytes_sent=",
2825  "bytes_received=",
2826  "session_id=",
2827  "session_state="
2828  };
2829 
2830  if (env_filter_level == 0)
2831  {
2832  return true;
2833  }
2834  else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2835  {
2836  return true;
2837  }
2838  else if (env_filter_level <= 2)
2839  {
2840  size_t i;
2841  for (i = 0; i < SIZE(env_names); ++i)
2842  {
2843  const char *en = env_names[i];
2844  const size_t len = strlen(en);
2845  if (!strncmp(env_str, en, len))
2846  {
2847  return true;
2848  }
2849  }
2850  return false;
2851  }
2852  return false;
2853 }
2854 
2855 static void
2856 man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
2857 {
2858  if (es)
2859  {
2860  struct env_item *e;
2861  for (e = es->list; e != NULL; e = e->next)
2862  {
2863  if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2864  {
2865  msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2866  }
2867  }
2868  }
2869  if (tail)
2870  {
2871  msg(M_CLIENT, ">%s:ENV,END", prefix);
2872  }
2873 }
2874 
2875 static void
2876 man_output_extra_env(struct management *man, const char *prefix)
2877 {
2878  struct gc_arena gc = gc_new();
2879  struct env_set *es = env_set_create(&gc);
2880  if (man->persist.callback.n_clients)
2881  {
2882  const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2883  setenv_int(es, "n_clients", nclients);
2884  }
2885  man_output_env(es, false, man->connection.env_filter_level, prefix);
2886  gc_free(&gc);
2887 }
2888 
2889 void
2890 management_up_down(struct management *man, const char *updown, const struct env_set *es)
2891 {
2892  if (man->settings.flags & MF_UP_DOWN)
2893  {
2894  msg(M_CLIENT, ">UPDOWN:%s", updown);
2895  man_output_env(es, true, 0, "UPDOWN");
2896  }
2897 }
2898 
2899 void
2900 management_notify(struct management *man, const char *severity, const char *type, const char *text)
2901 {
2902  msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2903 }
2904 
2905 void
2906 management_notify_generic(struct management *man, const char *str)
2907 {
2908  msg(M_CLIENT, "%s", str);
2909 }
2910 
2911 static void
2912 man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
2913 {
2914  char line[256];
2915  if (man->persist.callback.get_peer_info)
2916  {
2917  const char *peer_info = (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2918  if (peer_info)
2919  {
2920  struct buffer buf;
2921  buf_set_read(&buf, (const uint8_t *) peer_info, strlen(peer_info));
2922  while (buf_parse(&buf, '\n', line, sizeof(line)))
2923  {
2924  chomp(line);
2925  if (validate_peer_info_line(line))
2926  {
2927  msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2928  }
2929  else
2930  {
2931  msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2932  }
2933  }
2934  }
2935  }
2936 }
2937 
2938 void
2939 management_notify_client_needing_auth(struct management *management,
2940  const unsigned int mda_key_id,
2941  struct man_def_auth_context *mdac,
2942  const struct env_set *es)
2943 {
2944  if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2945  {
2946  const char *mode = "CONNECT";
2947  if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2948  {
2949  mode = "REAUTH";
2950  }
2951  msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2952  man_output_extra_env(management, "CLIENT");
2953  if (management->connection.env_filter_level>0)
2954  {
2955  man_output_peer_info_env(management, mdac);
2956  }
2957  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2958  mdac->flags |= DAF_INITIAL_AUTH;
2959  }
2960 }
2961 
2962 void
2963 management_notify_client_cr_response(unsigned mda_key_id,
2964  const struct man_def_auth_context *mdac,
2965  const struct env_set *es,
2966  const char *response)
2967 {
2968  struct gc_arena gc;
2969  if (management)
2970  {
2971  gc = gc_new();
2972 
2973  msg(M_CLIENT, ">CLIENT:CR_RESPONSE,%lu,%u,%s",
2974  mdac->cid, mda_key_id, response);
2975  man_output_extra_env(management, "CLIENT");
2976  if (management->connection.env_filter_level > 0)
2977  {
2978  man_output_peer_info_env(management, mdac);
2979  }
2980  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2981  gc_free(&gc);
2982  }
2983 }
2984 
2985 void
2986 management_connection_established(struct management *management,
2987  struct man_def_auth_context *mdac,
2988  const struct env_set *es)
2989 {
2990  mdac->flags |= DAF_CONNECTION_ESTABLISHED;
2991  msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
2992  man_output_extra_env(management, "CLIENT");
2993  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2994 }
2995 
2996 void
2997 management_notify_client_close(struct management *management,
2998  struct man_def_auth_context *mdac,
2999  const struct env_set *es)
3000 {
3001  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3002  {
3003  msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
3004  man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3005  mdac->flags |= DAF_CONNECTION_CLOSED;
3006  }
3007 }
3008 
3009 void
3010 management_learn_addr(struct management *management,
3011  struct man_def_auth_context *mdac,
3012  const struct mroute_addr *addr,
3013  const bool primary)
3014 {
3015  struct gc_arena gc = gc_new();
3016  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3017  {
3018  msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d",
3019  mdac->cid,
3020  mroute_addr_print_ex(addr, MAPF_SUBNET, &gc),
3021  BOOL_CAST(primary));
3022  }
3023  gc_free(&gc);
3024 }
3025 
3026 void
3027 management_echo(struct management *man, const char *string, const bool pull)
3028 {
3029  if (man->persist.echo)
3030  {
3031  struct gc_arena gc = gc_new();
3032  struct log_entry e;
3033  const char *out = NULL;
3034 
3035  update_time();
3036  CLEAR(e);
3037  e.timestamp = now;
3038  e.string = string;
3039  e.u.intval = BOOL_CAST(pull);
3040 
3041  log_history_add(man->persist.echo, &e);
3042 
3043  if (man->connection.echo_realtime)
3044  {
3045  out = log_entry_print(&e, LOG_PRINT_INT_DATE|LOG_PRINT_ECHO_PREFIX|LOG_PRINT_CRLF|MANAGEMENT_ECHO_FLAGS, &gc);
3046  }
3047 
3048  if (out)
3049  {
3050  man_output_list_push(man, out);
3051  }
3052 
3053  gc_free(&gc);
3054  }
3055 }
3056 
3057 void
3058 management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
3059 {
3060  /*
3061  * If we are running management over the tunnel,
3062  * this is the place to initialize the connection.
3063  */
3064  if (man->settings.management_over_tunnel
3065  && man->connection.state == MS_INITIAL)
3066  {
3067  /* listen on our local TUN/TAP IP address */
3068  struct in_addr ia;
3069  int ret;
3070  char buf[INET_ADDRSTRLEN];
3071 
3072  ia.s_addr = htonl(tun_local_ip);
3073  inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3074  ret = openvpn_getaddrinfo(GETADDR_PASSIVE, buf, NULL, 0, NULL,
3075  AF_INET, &man->settings.local);
3076  ASSERT(ret==0);
3077  man_connection_init(man);
3078  }
3079 
3080 }
3081 
3082 void
3083 management_pre_tunnel_close(struct management *man)
3084 {
3085  if (man->settings.management_over_tunnel)
3086  {
3087  man_connection_close(man);
3088  }
3089 }
3090 
3091 void
3092 management_auth_failure(struct management *man, const char *type, const char *reason)
3093 {
3094  if (reason)
3095  {
3096  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3097  }
3098  else
3099  {
3100  msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3101  }
3102 }
3103 
3104 void
3105 management_auth_token(struct management *man, const char *token)
3106 {
3107  msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3108 }
3109 
3110 static inline bool
3111 man_persist_state(unsigned int *persistent, const int n)
3112 {
3113  if (persistent)
3114  {
3115  if (*persistent == (unsigned int)n)
3116  {
3117  return false;
3118  }
3119  *persistent = n;
3120  }
3121  return true;
3122 }
3123 
3124 #ifdef _WIN32
3125 
3126 void
3127 management_socket_set(struct management *man,
3128  struct event_set *es,
3129  void *arg,
3130  unsigned int *persistent)
3131 {
3132  if (man->connection.state != MS_INITIAL)
3133  {
3134  event_t ev = net_event_win32_get_event(&man->connection.ne32);
3135  net_event_win32_reset_write(&man->connection.ne32);
3136 
3137  switch (man->connection.state)
3138  {
3139  case MS_LISTEN:
3140  if (man_persist_state(persistent, 1))
3141  {
3142  event_ctl(es, ev, EVENT_READ, arg);
3143  }
3144  break;
3145 
3146  case MS_CC_WAIT_READ:
3147  if (man_persist_state(persistent, 2))
3148  {
3149  event_ctl(es, ev, EVENT_READ, arg);
3150  }
3151  break;
3152 
3153  case MS_CC_WAIT_WRITE:
3154  if (man_persist_state(persistent, 3))
3155  {
3156  event_ctl(es, ev, EVENT_READ|EVENT_WRITE, arg);
3157  }
3158  break;
3159 
3160  default:
3161  ASSERT(0);
3162  }
3163  }
3164 }
3165 
3166 void
3167 management_io(struct management *man)
3168 {
3169  if (man->connection.state != MS_INITIAL)
3170  {
3171  long net_events;
3172  net_event_win32_reset(&man->connection.ne32);
3173  net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3174 
3175  if (net_events & FD_CLOSE)
3176  {
3177  man_reset_client_socket(man, false);
3178  }
3179  else
3180  {
3181  if (man->connection.state == MS_LISTEN)
3182  {
3183  if (net_events & FD_ACCEPT)
3184  {
3185  man_accept(man);
3186  net_event_win32_clear_selected_events(&man->connection.ne32, FD_ACCEPT);
3187  }
3188  }
3189  else if (man->connection.state == MS_CC_WAIT_READ || man->connection.state == MS_CC_WAIT_WRITE)
3190  {
3191  if (net_events & FD_READ)
3192  {
3193  while (man_read(man) > 0)
3194  {
3195  }
3196  net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
3197  }
3198 
3199  if (net_events & FD_WRITE)
3200  {
3201  int status;
3202  status = man_write(man);
3203  if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3204  {
3205  net_event_win32_clear_selected_events(&man->connection.ne32, FD_WRITE);
3206  }
3207  }
3208  }
3209  }
3210  }
3211 }
3212 
3213 #else /* ifdef _WIN32 */
3214 
3215 void
3216 management_socket_set(struct management *man,
3217  struct event_set *es,
3218  void *arg,
3219  unsigned int *persistent)
3220 {
3221  switch (man->connection.state)
3222  {
3223  case MS_LISTEN:
3224  if (man_persist_state(persistent, 1))
3225  {
3226  event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3227  }
3228  break;
3229 
3230  case MS_CC_WAIT_READ:
3231  if (man_persist_state(persistent, 2))
3232  {
3233  event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3234  }
3235  break;
3236 
3237  case MS_CC_WAIT_WRITE:
3238  if (man_persist_state(persistent, 3))
3239  {
3240  event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3241  }
3242  break;
3243 
3244  case MS_INITIAL:
3245  break;
3246 
3247  default:
3248  ASSERT(0);
3249  }
3250 }
3251 
3252 void
3253 management_io(struct management *man)
3254 {
3255  switch (man->connection.state)
3256  {
3257  case MS_LISTEN:
3258  man_accept(man);
3259  break;
3260 
3261  case MS_CC_WAIT_READ:
3262  man_read(man);
3263  break;
3264 
3265  case MS_CC_WAIT_WRITE:
3266  man_write(man);
3267  break;
3268 
3269  case MS_INITIAL:
3270  break;
3271 
3272  default:
3273  ASSERT(0);
3274  }
3275 }
3276 
3277 #endif /* ifdef _WIN32 */
3278 
3279 static inline bool
3280 man_standalone_ok(const struct management *man)
3281 {
3282  return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3283 }
3284 
3285 static bool
3286 man_check_for_signals(volatile int *signal_received)
3287 {
3288  if (signal_received)
3289  {
3290  get_signal(signal_received);
3291  if (*signal_received)
3292  {
3293  return true;
3294  }
3295  }
3296  return false;
3297 }
3298 
3299 /*
3300  * Wait for socket I/O when outside primary event loop
3301  */
3302 static int
3303 man_block(struct management *man, volatile int *signal_received, const time_t expire)
3304 {
3305  struct timeval tv;
3306  struct event_set_return esr;
3307  int status = -1;
3308 
3309  if (man_standalone_ok(man))
3310  {
3311  /* expire time can be already overdue, for this case init zero
3312  * timeout to avoid waiting first time and exit loop early with
3313  * either obtained event or timeout.
3314  */
3315  tv.tv_usec = 0;
3316  tv.tv_sec = 0;
3317 
3318  while (true)
3319  {
3320  event_reset(man->connection.es);
3321  management_socket_set(man, man->connection.es, NULL, NULL);
3322  if (man_check_for_signals(signal_received))
3323  {
3324  status = -1;
3325  break;
3326  }
3327  status = event_wait(man->connection.es, &tv, &esr, 1);
3328  update_time();
3329  if (man_check_for_signals(signal_received))
3330  {
3331  status = -1;
3332  break;
3333  }
3334 
3335  if (status > 0)
3336  {
3337  break;
3338  }
3339  else if (expire && now >= expire)
3340  {
3341  /* set SIGINT signal if expiration time exceeded */
3342  status = 0;
3343  if (signal_received)
3344  {
3345  *signal_received = SIGINT;
3346  }
3347  break;
3348  }
3349 
3350  /* wait one second more */
3351  tv.tv_sec = 1;
3352  tv.tv_usec = 0;
3353  }
3354  }
3355  return status;
3356 }
3357 
3358 /*
3359  * Perform management socket output outside primary event loop
3360  */
3361 static void
3362 man_output_standalone(struct management *man, volatile int *signal_received)
3363 {
3364  if (man_standalone_ok(man))
3365  {
3366  while (man->connection.state == MS_CC_WAIT_WRITE)
3367  {
3368  management_io(man);
3369  if (man->connection.state == MS_CC_WAIT_WRITE)
3370  {
3371  man_block(man, signal_received, 0);
3372  }
3373  if (signal_received && *signal_received)
3374  {
3375  break;
3376  }
3377  }
3378  }
3379 }
3380 
3381 /*
3382  * Process management event loop outside primary event loop
3383  */
3384 static int
3385 man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
3386 {
3387  int status = -1;
3388  if (man_standalone_ok(man))
3389  {
3390  status = man_block(man, signal_received, expire);
3391  if (status > 0)
3392  {
3393  management_io(man);
3394  }
3395  }
3396  return status;
3397 }
3398 
3399 #define MWCC_PASSWORD_WAIT (1<<0)
3400 #define MWCC_HOLD_WAIT (1<<1)
3401 #define MWCC_OTHER_WAIT (1<<2)
3402 
3403 /*
3404  * Block until client connects
3405  */
3406 static void
3407 man_wait_for_client_connection(struct management *man,
3408  volatile int *signal_received,
3409  const time_t expire,
3410  unsigned int flags)
3411 {
3412  ASSERT(man_standalone_ok(man));
3413  if (man->connection.state == MS_LISTEN)
3414  {
3415  if (flags & MWCC_PASSWORD_WAIT)
3416  {
3417  msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3418  }
3419  if (flags & MWCC_HOLD_WAIT)
3420  {
3421  msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3422  }
3423  if (flags & MWCC_OTHER_WAIT)
3424  {
3425  msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3426  }
3427  do
3428  {
3429  man_standalone_event_loop(man, signal_received, expire);
3430  if (signal_received && *signal_received)
3431  {
3432  break;
3433  }
3434  } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3435  }
3436 }
3437 
3438 /*
3439  * Process the management event loop for sec seconds
3440  */
3441 void
3442 management_event_loop_n_seconds(struct management *man, int sec)
3443 {
3444  if (man_standalone_ok(man))
3445  {
3446  volatile int signal_received = 0;
3447  const bool standalone_disabled_save = man->persist.standalone_disabled;
3448  time_t expire = 0;
3449 
3450  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3451 
3452  /* set expire time */
3453  update_time();
3454  if (sec >= 0)
3455  {
3456  expire = now + sec;
3457  }
3458 
3459  /* if no client connection, wait for one */
3460  man_wait_for_client_connection(man, &signal_received, expire, 0);
3461  if (signal_received)
3462  {
3463  return;
3464  }
3465 
3466  /* run command processing event loop */
3467  do
3468  {
3469  man_standalone_event_loop(man, &signal_received, expire);
3470  if (!signal_received)
3471  {
3472  man_check_for_signals(&signal_received);
3473  }
3474  if (signal_received)
3475  {
3476  return;
3477  }
3478  update_time();
3479  } while (expire && expire > now);
3480 
3481  /* revert state */
3482  man->persist.standalone_disabled = standalone_disabled_save;
3483  }
3484  else if (sec > 0)
3485  {
3486  sleep(sec);
3487  }
3488 }
3489 
3490 /*
3491  * Get a username/password from management channel in standalone mode.
3492  */
3493 bool
3494 management_query_user_pass(struct management *man,
3495  struct user_pass *up,
3496  const char *type,
3497  const unsigned int flags,
3498  const char *static_challenge)
3499 {
3500  struct gc_arena gc = gc_new();
3501  bool ret = false;
3502 
3503  if (man_standalone_ok(man))
3504  {
3505  volatile int signal_received = 0;
3506  const bool standalone_disabled_save = man->persist.standalone_disabled;
3507  struct buffer alert_msg = alloc_buf_gc(128, &gc);
3508  const char *alert_type = NULL;
3509  const char *prefix = NULL;
3510  unsigned int up_query_mode = 0;
3511  const char *sc = NULL;
3512  ret = true;
3513  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3514  man->persist.special_state_msg = NULL;
3515 
3516  CLEAR(man->connection.up_query);
3517 
3518  if (flags & GET_USER_PASS_NEED_OK)
3519  {
3520  up_query_mode = UP_QUERY_NEED_OK;
3521  prefix = "NEED-OK";
3522  alert_type = "confirmation";
3523  }
3524  else if (flags & GET_USER_PASS_NEED_STR)
3525  {
3526  up_query_mode = UP_QUERY_NEED_STR;
3527  prefix = "NEED-STR";
3528  alert_type = "string";
3529  }
3530  else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3531  {
3532  up_query_mode = UP_QUERY_PASS;
3533  prefix = "PASSWORD";
3534  alert_type = "password";
3535  }
3536  else
3537  {
3538  up_query_mode = UP_QUERY_USER_PASS;
3539  prefix = "PASSWORD";
3540  alert_type = "username/password";
3541  if (static_challenge)
3542  {
3543  sc = static_challenge;
3544  }
3545  }
3546  buf_printf(&alert_msg, ">%s:Need '%s' %s",
3547  prefix,
3548  type,
3549  alert_type);
3550 
3551  if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3552  {
3553  buf_printf(&alert_msg, " MSG:%s", up->username);
3554  }
3555 
3556  if (sc)
3557  {
3558  buf_printf(&alert_msg, " SC:%d,%s",
3559  BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO)
3560  |(BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT) << 1),
3561  sc);
3562  }
3563 
3564  man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3565  if (signal_received)
3566  {
3567  ret = false;
3568  }
3569 
3570  if (ret)
3571  {
3572  man->persist.special_state_msg = BSTR(&alert_msg);
3573  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3574 
3575  /* tell command line parser which info we need */
3576  man->connection.up_query_mode = up_query_mode;
3577  man->connection.up_query_type = type;
3578 
3579  /* run command processing event loop until we get our username/password/response */
3580  do
3581  {
3582  man_standalone_event_loop(man, &signal_received, 0);
3583  if (!signal_received)
3584  {
3585  man_check_for_signals(&signal_received);
3586  }
3587  if (signal_received)
3588  {
3589  ret = false;
3590  break;
3591  }
3592  } while (!man->connection.up_query.defined);
3593  }
3594 
3595  /* revert state */
3596  man->connection.up_query_mode = UP_QUERY_DISABLED;
3597  man->connection.up_query_type = NULL;
3598  man->persist.standalone_disabled = standalone_disabled_save;
3599  man->persist.special_state_msg = NULL;
3600 
3601  /* pass through blank passwords */
3602  if (!strcmp(man->connection.up_query.password, blank_up))
3603  {
3604  CLEAR(man->connection.up_query.password);
3605  }
3606 
3607  /*
3608  * Transfer u/p to return object, zero any record
3609  * we hold in the management object.
3610  */
3611  if (ret)
3612  {
3613  /* preserve caller's settings */
3614  man->connection.up_query.nocache = up->nocache;
3615  *up = man->connection.up_query;
3616  }
3617  secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3618  }
3619 
3620  gc_free(&gc);
3621  return ret;
3622 }
3623 
3624 static int
3625 management_query_multiline(struct management *man,
3626  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3627 {
3628  struct gc_arena gc = gc_new();
3629  int ret = 0;
3630  volatile int signal_received = 0;
3631  struct buffer alert_msg = clear_buf();
3632  const bool standalone_disabled_save = man->persist.standalone_disabled;
3633  struct man_connection *mc = &man->connection;
3634 
3635  if (man_standalone_ok(man))
3636  {
3637  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3638  man->persist.special_state_msg = NULL;
3639 
3640  *state = EKS_SOLICIT;
3641 
3642  if (b64_data)
3643  {
3644  alert_msg = alloc_buf_gc(strlen(b64_data)+strlen(prompt)+3, &gc);
3645  buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3646  }
3647  else
3648  {
3649  alert_msg = alloc_buf_gc(strlen(prompt)+3, &gc);
3650  buf_printf(&alert_msg, ">%s", prompt);
3651  }
3652 
3653  man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3654 
3655  if (signal_received)
3656  {
3657  goto done;
3658  }
3659 
3660  man->persist.special_state_msg = BSTR(&alert_msg);
3661  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3662 
3663  /* run command processing event loop until we get our signature */
3664  do
3665  {
3666  man_standalone_event_loop(man, &signal_received, 0);
3667  if (!signal_received)
3668  {
3669  man_check_for_signals(&signal_received);
3670  }
3671  if (signal_received)
3672  {
3673  goto done;
3674  }
3675  } while (*state != EKS_READY);
3676 
3677  ret = 1;
3678  }
3679 
3680 done:
3681  if (*state == EKS_READY && ret)
3682  {
3683  msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3684  }
3685  else if (*state == EKS_INPUT || *state == EKS_READY)
3686  {
3687  msg(M_CLIENT, "ERROR: %s command failed", cmd);
3688  }
3689 
3690  /* revert state */
3691  man->persist.standalone_disabled = standalone_disabled_save;
3692  man->persist.special_state_msg = NULL;
3693  in_extra_reset(mc, IER_RESET);
3694  *state = EKS_UNDEF;
3695 
3696  gc_free(&gc);
3697  return ret;
3698 }
3699 
3700 static char *
3701 /* returns allocated base64 signature */
3702 management_query_multiline_flatten_newline(struct management *man,
3703  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3704 {
3705  int ok;
3706  char *result = NULL;
3707  struct buffer *buf;
3708 
3709  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3710  if (ok && buffer_list_defined(*input))
3711  {
3712  buffer_list_aggregate_separator(*input, 10000, "\n");
3713  buf = buffer_list_peek(*input);
3714  if (buf && BLEN(buf) > 0)
3715  {
3716  result = (char *) malloc(BLEN(buf)+1);
3717  check_malloc_return(result);
3718  memcpy(result, buf->data, BLEN(buf));
3719  result[BLEN(buf)] = '\0';
3720  }
3721  }
3722 
3723  buffer_list_free(*input);
3724  *input = NULL;
3725 
3726  return result;
3727 }
3728 
3729 static char *
3730 /* returns allocated base64 signature */
3731 management_query_multiline_flatten(struct management *man,
3732  const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3733 {
3734  int ok;
3735  char *result = NULL;
3736  struct buffer *buf;
3737 
3738  ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3739  if (ok && buffer_list_defined(*input))
3740  {
3741  buffer_list_aggregate(*input, 2048);
3742  buf = buffer_list_peek(*input);
3743  if (buf && BLEN(buf) > 0)
3744  {
3745  result = (char *) malloc(BLEN(buf)+1);
3746  check_malloc_return(result);
3747  memcpy(result, buf->data, BLEN(buf));
3748  result[BLEN(buf)] = '\0';
3749  }
3750  }
3751 
3752  buffer_list_free(*input);
3753  *input = NULL;
3754 
3755  return result;
3756 }
3757 
3758 char *
3759 /* returns allocated base64 signature */
3760 management_query_pk_sig(struct management *man, const char *b64_data,
3761  const char *algorithm)
3762 {
3763  const char *prompt = "PK_SIGN";
3764  const char *desc = "pk-sign";
3765  struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
3766 
3767  if (man->connection.client_version <= 1)
3768  {
3769  prompt = "RSA_SIGN";
3770  desc = "rsa-sign";
3771  }
3772 
3773  buf_write(&buf_data, b64_data, (int) strlen(b64_data));
3774  if (man->connection.client_version > 2)
3775  {
3776  buf_write(&buf_data, ",", (int) strlen(","));
3777  buf_write(&buf_data, algorithm, (int) strlen(algorithm));
3778  }
3779  char *ret = management_query_multiline_flatten(man,
3780  (char *)buf_bptr(&buf_data), prompt, desc,
3781  &man->connection.ext_key_state, &man->connection.ext_key_input);
3782  free_buf(&buf_data);
3783  return ret;
3784 }
3785 
3786 char *
3787 management_query_cert(struct management *man, const char *cert_name)
3788 {
3789  const char prompt_1[] = "NEED-CERTIFICATE:";
3790  struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3791  buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3792  buf_write(&buf_prompt, cert_name, strlen(cert_name)+1); /* +1 for \0 */
3793 
3794  char *result;
3795  result = management_query_multiline_flatten_newline(management,
3796  NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3797  &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3798  free_buf(&buf_prompt);
3799  return result;
3800 }
3801 
3802 /*
3803  * Return true if management_hold() would block
3804  */
3805 bool
3806 management_would_hold(struct management *man)
3807 {
3808  return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3809 }
3810 
3811 /*
3812  * If the hold flag is enabled, hibernate until a management client releases the hold.
3813  * Return true if the caller should not sleep for an additional time interval.
3814  */
3815 bool
3816 management_hold(struct management *man, int holdtime)
3817 {
3818  if (management_would_hold(man))
3819  {
3820  volatile int signal_received = 0;
3821  const bool standalone_disabled_save = man->persist.standalone_disabled;
3822  struct gc_arena gc = gc_new();
3823 
3824  man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3825  man->persist.special_state_msg = NULL;
3826  man->settings.mansig |= MANSIG_IGNORE_USR1_HUP;
3827 
3828  man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3829 
3830  if (!signal_received)
3831  {
3832  struct buffer out = alloc_buf_gc(128, &gc);
3833  buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3834  man->persist.special_state_msg = BSTR(&out);
3835  msg(M_CLIENT, "%s", man->persist.special_state_msg);
3836 
3837  /* run command processing event loop until we get our username/password */
3838  do
3839  {
3840  man_standalone_event_loop(man, &signal_received, 0);
3841  if (!signal_received)
3842  {
3843  man_check_for_signals(&signal_received);
3844  }
3845  if (signal_received)
3846  {
3847  break;
3848  }
3849  } while (!man->persist.hold_release);
3850  }
3851 
3852  /* revert state */
3853  man->persist.standalone_disabled = standalone_disabled_save;
3854  man->persist.special_state_msg = NULL;
3855  man->settings.mansig &= ~MANSIG_IGNORE_USR1_HUP;
3856 
3857  gc_free(&gc);
3858  return true;
3859  }
3860  return false;
3861 }
3862 
3863 /*
3864  * struct command_line
3865  */
3866 
3867 struct command_line *
3868 command_line_new(const int buf_len)
3869 {
3870  struct command_line *cl;
3871  ALLOC_OBJ_CLEAR(cl, struct command_line);
3872  cl->buf = alloc_buf(buf_len);
3873  cl->residual = alloc_buf(buf_len);
3874  return cl;
3875 }
3876 
3877 void
3878 command_line_reset(struct command_line *cl)
3879 {
3880  buf_clear(&cl->buf);
3881  buf_clear(&cl->residual);
3882 }
3883 
3884 void
3885 command_line_free(struct command_line *cl)
3886 {
3887  if (!cl)
3888  {
3889  return;
3890  }
3891  command_line_reset(cl);
3892  free_buf(&cl->buf);
3893  free_buf(&cl->residual);
3894  free(cl);
3895 }
3896 
3897 void
3898 command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
3899 {
3900  int i;
3901  for (i = 0; i < len; ++i)
3902  {
3903  if (buf[i] && char_class(buf[i], (CC_PRINT|CC_NEWLINE)))
3904  {
3905  if (!buf_write_u8(&cl->buf, buf[i]))
3906  {
3907  buf_clear(&cl->buf);
3908  }
3909  }
3910  }
3911 }
3912 
3913 const char *
3914 command_line_get(struct command_line *cl)
3915 {
3916  int i;
3917  const char *ret = NULL;
3918 
3919  i = buf_substring_len(&cl->buf, '\n');
3920  if (i >= 0)
3921  {
3922  buf_copy_excess(&cl->residual, &cl->buf, i);
3923  buf_chomp(&cl->buf);
3924  ret = BSTR(&cl->buf);
3925  }
3926  return ret;
3927 }
3928 
3929 void
3930 command_line_next(struct command_line *cl)
3931 {
3932  buf_clear(&cl->buf);
3933  buf_copy(&cl->buf, &cl->residual);
3934  buf_clear(&cl->residual);
3935 }
3936 
3937 /*
3938  * struct log_entry
3939  */
3940 
3941 const char *
3942 log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3943 {
3944  struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3945  if (flags & LOG_FATAL_NOTIFY)
3946  {
3947  buf_printf(&out, ">FATAL:");
3948  }
3949  if (flags & LOG_PRINT_LOG_PREFIX)
3950  {
3951  buf_printf(&out, ">LOG:");
3952  }
3953  if (flags & LOG_PRINT_ECHO_PREFIX)
3954  {
3955  buf_printf(&out, ">ECHO:");
3956  }
3957  if (flags & LOG_PRINT_STATE_PREFIX)
3958  {
3959  buf_printf(&out, ">STATE:");
3960  }
3961  if (flags & LOG_PRINT_INT_DATE)
3962  {
3963  buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3964  }
3965  if (flags & LOG_PRINT_MSG_FLAGS)
3966  {
3967  buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3968  }
3969  if (flags & LOG_PRINT_STATE)
3970  {
3971  buf_printf(&out, "%s,", man_state_name(e->u.state));
3972  }
3973  if (flags & LOG_PRINT_INTVAL)
3974  {
3975  buf_printf(&out, "%d,", e->u.intval);
3976  }
3977  if (e->string)
3978  {
3979  buf_printf(&out, "%s", e->string);
3980  }
3981  if (flags & LOG_PRINT_LOCAL_IP)
3982  {
3983  buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
3984  }
3985  if (flags & LOG_PRINT_REMOTE_IP)
3986  {
3987  buf_printf(&out, ",%s", (!addr_defined(&e->remote_sock) ? "," :
3988  print_sockaddr_ex(&e->remote_sock.addr.sa, ",", PS_DONT_SHOW_FAMILY|PS_SHOW_PORT, gc)));
3989  buf_printf(&out, ",%s", (!addr_defined(&e->local_sock) ? "," :
3990  print_sockaddr_ex(&e->local_sock.addr.sa, ",", PS_DONT_SHOW_FAMILY|PS_SHOW_PORT, gc)));
3991  }
3992  if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
3993  {
3994  buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
3995  }
3996  if (flags & LOG_ECHO_TO_LOG)
3997  {
3998  msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
3999  }
4000  if (flags & LOG_PRINT_CRLF)
4001  {
4002  buf_printf(&out, "\r\n");
4003  }
4004  return BSTR(&out);
4005 }
4006 
4007 static void
4008 log_entry_free_contents(struct log_entry *e)
4009 {
4010  /* Cast away constness of const char* */
4011  free((char *)e->string);
4012  CLEAR(*e);
4013 }
4014 
4015 /*
4016  * struct log_history
4017  */
4018 
4019 static inline int
4020 log_index(const struct log_history *h, int i)
4021 {
4022  return modulo_add(h->base, i, h->capacity);
4023 }
4024 
4025 static void
4026 log_history_obj_init(struct log_history *h, int capacity)
4027 {
4028  CLEAR(*h);
4029  h->capacity = capacity;
4030  ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
4031 }
4032 
4033 struct log_history *
4034 log_history_init(const int capacity)
4035 {
4036  struct log_history *h;
4037  ASSERT(capacity > 0);
4038  ALLOC_OBJ(h, struct log_history);
4039  log_history_obj_init(h, capacity);
4040  return h;
4041 }
4042 
4043 static void
4044 log_history_free_contents(struct log_history *h)
4045 {
4046  int i;
4047  for (i = 0; i < h->size; ++i)
4048  {
4049  log_entry_free_contents(&h->array[log_index(h, i)]);
4050  }
4051  free(h->array);
4052 }
4053 
4054 void
4055 log_history_close(struct log_history *h)
4056 {
4057  log_history_free_contents(h);
4058  free(h);
4059 }
4060 
4061 void
4062 log_history_add(struct log_history *h, const struct log_entry *le)
4063 {
4064  struct log_entry *e;
4065  ASSERT(h->size >= 0 && h->size <= h->capacity);
4066  if (h->size == h->capacity)
4067  {
4068  e = &h->array[h->base];
4069  log_entry_free_contents(e);
4070  h->base = log_index(h, 1);
4071  }
4072  else
4073  {
4074  e = &h->array[log_index(h, h->size)];
4075  ++h->size;
4076  }
4077 
4078  *e = *le;
4079  e->string = string_alloc(le->string, NULL);
4080 }
4081 
4082 void
4083 log_history_resize(struct log_history *h, const int capacity)
4084 {
4085  if (capacity != h->capacity)
4086  {
4087  struct log_history newlog;
4088  int i;
4089 
4090  ASSERT(capacity > 0);
4091  log_history_obj_init(&newlog, capacity);
4092 
4093  for (i = 0; i < h->size; ++i)
4094  {
4095  log_history_add(&newlog, &h->array[log_index(h, i)]);
4096  }
4097 
4098  log_history_free_contents(h);
4099  *h = newlog;
4100  }
4101 }
4102 
4103 const struct log_entry *
4104 log_history_ref(const struct log_history *h, const int index)
4105 {
4106  if (index >= 0 && index < h->size)
4107  {
4108  return &h->array[log_index(h, (h->size - 1) - index)];
4109  }
4110  else
4111  {
4112  return NULL;
4113  }
4114 }
4115 
4116 void
4117 management_sleep(const int n)
4118 {
4119  if (n < 0)
4120  {
4121  return;
4122  }
4123  else if (management)
4124  {
4125  management_event_loop_n_seconds(management, n);
4126  }
4127  else
4128  {
4129 #ifdef _WIN32
4130  win32_sleep(n);
4131 #else
4132  if (n > 0)
4133  {
4134  sleep(n);
4135  }
4136 #endif
4137  }
4138 }
4139 
4140 void
4141 management_check_bytecount(struct context *c, struct management *man, struct timeval *timeval)
4142 {
4143  if (event_timeout_trigger(&man->connection.bytecount_update_interval,
4144  timeval, ETT_DEFAULT))
4145  {
4146  counter_type dco_read_bytes = 0;
4147  counter_type dco_write_bytes = 0;
4148 
4149  if (dco_enabled(&c->options))
4150  {
4151  if (dco_get_peer_stats(c, true) < 0)
4152  {
4153  return;
4154  }
4155 
4156  dco_read_bytes = c->c2.dco_read_bytes;
4157  dco_write_bytes = c->c2.dco_write_bytes;
4158  }
4159 
4160  if (!(man->persist.callback.flags & MCF_SERVER))
4161  {
4162  man_bytecount_output_client(man, dco_read_bytes, dco_write_bytes);
4163  }
4164  }
4165 }
4166 
4167 /* DCO resets stats on reconnect. Since client expects stats
4168  * to be preserved across reconnects, we need to save DCO
4169  * stats before tearing the tunnel down.
4170  */
4171 void
4172 man_persist_client_stats(struct management *man, struct context *c)
4173 {
4174  /* no need to raise SIGUSR1 since we are already closing the instance */
4175  if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
4176  {
4177  management_bytes_client(man, c->c2.dco_read_bytes, c->c2.dco_write_bytes);
4178  }
4179 }
4180 
4181 #else /* ifdef ENABLE_MANAGEMENT */
4182 
4183 #include "win32.h"
4184 void
4185 management_sleep(const int n)
4186 {
4187 #ifdef _WIN32
4188  win32_sleep(n);
4189 #else
4190  if (n > 0)
4191  {
4192  sleep(n);
4193  }
4194 #endif /* ifdef _WIN32 */
4195 }
4196 
4197 #endif /* ENABLE_MANAGEMENT */
status_open
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition: status.c:61
UP_QUERY_USER_PASS
#define UP_QUERY_USER_PASS
Definition: manage.h:268
management_callback::client_auth
bool(* client_auth)(void *arg, const unsigned long cid, const unsigned int mda_key_id, const bool auth, const char *reason, const char *client_reason, struct buffer_list *cc_config)
Definition: manage.h:188
log_history
Definition: manage.h:139
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2749
man_connection::echo_realtime
bool echo_realtime
Definition: manage.h:320
UP_QUERY_NEED_OK
#define UP_QUERY_NEED_OK
Definition: manage.h:270
management::settings
struct man_settings settings
Definition: manage.h:338
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:522
man_signal
static void man_signal(struct management *man, const char *name)
Definition: manage.c:446
log_history::base
int base
Definition: manage.h:141
man_proxy
static void man_proxy(struct management *man, const char **p)
Definition: manage.c:1277
man_persist
Definition: manage.h:224
min_uint
static unsigned int min_uint(unsigned int x, unsigned int y)
Definition: integer.h:63
M_INFO
#define M_INFO
Definition: errlevel.h:55
management_auth_token
void management_auth_token(struct management *man, const char *token)
Definition: manage.c:3105
man_query_password
static void man_query_password(struct management *man, const char *type, const char *string)
Definition: manage.c:778
management_callback::kill_by_addr
int(* kill_by_addr)(void *arg, const in_addr_t addr, const int port, const int proto)
Definition: manage.h:183
env_item::next
struct env_item * next
Definition: env_set.h:39
management_post_tunnel_open
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition: manage.c:3058
man_connection::up_query_mode
int up_query_mode
Definition: manage.h:325
UP_QUERY_DISABLED
#define UP_QUERY_DISABLED
Definition: manage.h:267
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition: buffer.h:1076
error.h
in_extra_dispatch
static void in_extra_dispatch(struct management *man)
Definition: manage.c:986
GET_USER_PASS_STATIC_CHALLENGE_CONCAT
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
Definition: misc.h:122
man_query_username
static void man_query_username(struct management *man, const char *type, const char *string)
Definition: manage.c:770
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1025
man_command_unsupported
static void man_command_unsupported(const char *command_name)
Definition: manage.c:473
M_ERRNO
#define M_ERRNO
Definition: error.h:94
LOG_PRINT_MSG_FLAGS
#define LOG_PRINT_MSG_FLAGS
Definition: manage.h:124
log_entry_union::state
int state
Definition: manage.h:104
MANAGEMENT_ECHO_FLAGS
#define MANAGEMENT_ECHO_FLAGS
Definition: manage.c:57
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:384
log_entry::remote_sock
struct openvpn_sockaddr remote_sock
Definition: manage.h:115
env_item::string
char * string
Definition: env_set.h:38
OPENVPN_STATE_EXITING
#define OPENVPN_STATE_EXITING
Definition: manage.h:475
management_query_multiline
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3625
D_MANAGEMENT
#define D_MANAGEMENT
Definition: errlevel.h:88
management_socket_set
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition: manage.c:3127
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
AF_DID_PUSH
#define AF_DID_PUSH
man_settings::mansig
unsigned int mansig
Definition: manage.h:263
GET_USER_PASS_STATIC_CHALLENGE_ECHO
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
Definition: misc.h:119
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition: errlevel.h:57
management_hold
bool management_hold(struct management *man, int holdtime)
Definition: manage.c:3816
M_FATAL
#define M_FATAL
Definition: error.h:89
win32.h
man_client_deny
static void man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
Definition: manage.c:1117
sd_close
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:4054
DAF_INITIAL_AUTH
#define DAF_INITIAL_AUTH
Definition: manage.h:69
LOG_PRINT_STATE_PREFIX
#define LOG_PRINT_STATE_PREFIX
Definition: manage.h:121
man_check_password
static void man_check_password(struct management *man, const char *line)
Definition: manage.c:197
man_connection::out
struct buffer_list * out
Definition: manage.h:295
streq
#define streq(x, y)
Definition: options.h:726
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3213
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition: manage.c:3092
manage.h
management_callback::get_peer_info
char *(* get_peer_info)(void *arg, const unsigned long cid)
Definition: manage.h:200
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition: manage.c:4117
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:753
context
Contains all state information for one tunnel.
Definition: openvpn.h:473
management_open
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2667
es
struct env_set * es
Definition: test_pkcs11.c:141
man_connection::sd_top
socket_descriptor_t sd_top
Definition: manage.h:282
M_CLIENT
#define M_CLIENT
Definition: error.h:107
MS_INITIAL
#define MS_INITIAL
Definition: manage.h:274
man_log
static void man_log(struct management *man, const char *parm)
Definition: manage.c:672
BSTR
#define BSTR(buf)
Definition: buffer.h:129
MS_LISTEN
#define MS_LISTEN
Definition: manage.h:275
management_callback::flags
unsigned int flags
Definition: manage.h:178
man_connection::in_extra_cmd
int in_extra_cmd
Definition: manage.h:303
user_pass::username
char username[USER_PASS_LEN]
Definition: misc.h:72
management_query_user_pass
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition: manage.c:3494
man_close_socket
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition: manage.c:317
man_query_need_str
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition: manage.c:798
platform_getpid
unsigned int platform_getpid(void)
Definition: platform.c:333
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:367
buffer::capacity
int capacity
Size in bytes of memory allocated by malloc().
Definition: buffer.h:62
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
command_line_add
void command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
Definition: manage.c:3898
man_connection::log_realtime
bool log_realtime
Definition: manage.h:319
set_debug_level
bool set_debug_level(const int level, const unsigned int flags)
Definition: error.c:105
man_persist::special_state_msg
const char * special_state_msg
Definition: manage.h:238
man_persist::state
struct log_history * state
Definition: manage.h:234
user_pass::defined
bool defined
Definition: misc.h:58
log_entry::u
union log_entry_union u
Definition: manage.h:116
openvpn.h
man_connection::ne32
struct net_event_win32 ne32
Definition: manage.h:287
D_MANAGEMENT_DEBUG
#define D_MANAGEMENT_DEBUG
Definition: errlevel.h:138
management_callback::remote_cmd
bool(* remote_cmd)(void *arg, const char **p)
Definition: manage.h:202
man_client_pending_auth
static void man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str, const char *extra, const char *timeout_str)
Will send a notification to the client that succesful authentication will require an additional step ...
Definition: manage.c:1066
net_event_win32_reset
void net_event_win32_reset(struct net_event_win32 *ne)
Definition: win32.c:358
buf_bptr
static uint8_t * buf_bptr(const struct buffer *buf)
Definition: buffer.h:240
platform_group_get
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition: platform.c:123
buffer_list_peek
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition: buffer.c:1239
parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: options.c:4948
MF_HOLD
#define MF_HOLD
Definition: manage.h:30
buffer_list_aggregate_separator
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition: buffer.c:1252
MF_SERVER
#define MF_SERVER
Definition: manage.h:28
MAX_PARMS
#define MAX_PARMS
Definition: options.h:52
buf_clear
void buf_clear(struct buffer *buf)
Definition: buffer.c:162
management_callback::kill_by_cn
int(* kill_by_cn)(void *arg, const char *common_name)
Definition: manage.h:182
man_wait_for_client_connection
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition: manage.c:3407
man_connection::remote
struct openvpn_sockaddr remote
Definition: manage.h:284
net_event_win32_start
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition: win32.c:331
OPENVPN_STATE_ASSIGN_IP
#define OPENVPN_STATE_ASSIGN_IP
Definition: manage.h:471
man_connection::sd_cli
socket_descriptor_t sd_cli
Definition: manage.h:283
fdmisc.h
DAF_CONNECTION_CLOSED
#define DAF_CONNECTION_CLOSED
Definition: manage.h:68
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:712
man_settings::state_buffer_size
int state_buffer_size
Definition: manage.h:255
openvpn_sockaddr
Definition: socket.h:65
man_certificate
static void man_certificate(struct management *man)
Definition: manage.c:1213
clear_buf
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition: buffer.h:222
event_timeout_init
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t last)
Initialises a timer struct.
Definition: interval.h:174
EVENT_READ
#define EVENT_READ
Definition: event.h:39
command_line::buf
struct buffer buf
Definition: manage.h:82
man_connection_settings_reset
static void man_connection_settings_reset(struct management *man)
Definition: manage.c:1711
platform_state_group
Definition: platform.h:74
man_connection::in
struct command_line * in
Definition: manage.h:294
man_io_error
static bool man_io_error(struct management *man, const char *prefix)
Definition: manage.c:2096
MCF_SERVER
#define MCF_SERVER
Definition: manage.h:177
options.h
MANAGEMENT_N_PASSWORD_RETRIES
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition: manage.h:56
management_notify_client_cr_response
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
Definition: manage.c:2963
man_connection::in_extra_kid
unsigned int in_extra_kid
Definition: manage.h:306
man_settings::client_uid
int client_uid
Definition: manage.h:256
EKS_UNDEF
#define EKS_UNDEF
Definition: manage.h:307
man_history
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition: manage.c:626
man_connection::password_verified
bool password_verified
Definition: manage.h:291
modulo_add
static int modulo_add(int x, int y, int mod)
Definition: integer.h:161
man_persist::defined
bool defined
Definition: manage.h:225
man_env_filter
static void man_env_filter(struct management *man, const int level)
Definition: manage.c:1189
man_listen
static void man_listen(struct management *man)
Definition: manage.c:1853
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition: socket.h:570
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:267
man_hold
static void man_hold(struct management *man, const char *cmd)
Definition: manage.c:929
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition: socket.c:469
man_persist::bytes_out
counter_type bytes_out
Definition: manage.h:241
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition: sig.c:206
management_check_bytecount
void management_check_bytecount(struct context *c, struct management *man, struct timeval *timeval)
Definition: manage.c:4141
man_state_name
static const char * man_state_name(const int state)
Definition: manage.c:131
log_entry_free_contents
static void log_entry_free_contents(struct log_entry *e)
Definition: manage.c:4008
man_forget_passwords
static void man_forget_passwords(struct management *man)
Definition: manage.c:805
log_entry::timestamp
time_t timestamp
Definition: manage.h:110
management_notify_generic
void management_notify_generic(struct management *man, const char *str)
Definition: manage.c:2906
command_line_get
const char * command_line_get(struct command_line *cl)
Definition: manage.c:3914
log_entry_print
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition: manage.c:3942
man_pk_sig
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition: manage.c:1197
sleep
#define sleep(x)
Definition: syshead.h:43
management_echo
void management_echo(struct management *man, const char *string, const bool pull)
Definition: manage.c:3027
man_help
static void man_help(void)
Definition: manage.c:71
OPENVPN_STATE_INITIAL
#define OPENVPN_STATE_INITIAL
Definition: manage.h:469
man_check_for_signals
static bool man_check_for_signals(volatile int *signal_received)
Definition: manage.c:3286
log_entry::local_ip6
struct in6_addr local_ip6
Definition: manage.h:113
man_prompt
static void man_prompt(struct management *man)
Definition: manage.c:273
CLEAR
#define CLEAR(x)
Definition: basic.h:33
net_event_win32_stop
void net_event_win32_stop(struct net_event_win32 *ne)
Definition: win32.c:364
man_persist_client_stats
void man_persist_client_stats(struct management *man, struct context *c)
Definition: manage.c:4172
CC_NEWLINE
#define CC_NEWLINE
newline
Definition: buffer.h:897
man_connection
Definition: manage.h:279
man_def_auth_context
Definition: manage.h:64
IEC_CERTIFICATE
#define IEC_CERTIFICATE
Definition: manage.h:301
man_persist::log
struct log_history * log
Definition: manage.h:227
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:181
context::c2
struct context_2 c2
Level 2 context.
Definition: openvpn.h:514
OPENVPN_STATE_AUTH
#define OPENVPN_STATE_AUTH
Definition: manage.h:479
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:195
env_set::list
struct env_item * list
Definition: env_set.h:44
MS_CC_WAIT_READ
#define MS_CC_WAIT_READ
Definition: manage.h:276
log_history::capacity
int capacity
Definition: manage.h:143
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:649
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:414
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition: socket.h:364
ERR_BUF_SIZE
#define ERR_BUF_SIZE
Definition: error.h:35
ASSERT
#define ASSERT(x)
Definition: error.h:195
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:3011
MN_AT_LEAST
#define MN_AT_LEAST
Definition: manage.c:1245
buf_chomp
void buf_chomp(struct buffer *buf)
Definition: buffer.c:554
link_read_bytes_global
counter_type link_read_bytes_global
Definition: forward.c:50
log_entry::local_ip
in_addr_t local_ip
Definition: manage.h:112
counter_type
uint64_t counter_type
Definition: common.h:30
link_socket_actual
Definition: socket.h:86
parse_signal
int parse_signal(const char *signame)
Definition: sig.c:66
management_notify
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition: manage.c:2900
man_connection::client_version
int client_version
Definition: manage.h:332
man_query_need_ok
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition: manage.c:791
command_line_reset
void command_line_reset(struct command_line *cl)
Definition: manage.c:3878
ignore_sys_error
static bool ignore_sys_error(const int err, bool crt_error)
Definition: error.h:337
UP_QUERY_PASS
#define UP_QUERY_PASS
Definition: manage.h:269
ssl_clean_auth_token
bool ssl_clean_auth_token(void)
Definition: ssl.c:381
man_state
static void man_state(struct management *man, const char *parm)
Definition: manage.c:694
man_settings
Definition: manage.h:244
man_def_auth_context::flags
unsigned int flags
Definition: manage.h:70
openvpn_sockaddr::sa
struct sockaddr sa
Definition: socket.h:69
BLEN
#define BLEN(buf)
Definition: buffer.h:127
management_callback::kill_by_cid
bool(* kill_by_cid)(void *arg, const unsigned long cid, const char *kill_msg)
Definition: manage.h:187
net_event_win32_get_event_mask
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition: win32.h:139
report_command_status
static void report_command_status(const bool status, const char *command)
Small function to report the success or failure of a command to the management interface.
Definition: manage.c:293
man_settings::client_gid
int client_gid
Definition: manage.h:257
management_notify_client_close
void management_notify_client_close(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition: manage.c:2997
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition: buffer.h:1055
get_mute_cutoff
int get_mute_cutoff(void)
Definition: error.c:143
signal_name
const char * signal_name(const int sig, const bool upper)
Definition: sig.c:93
buf_write_u8
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition: buffer.h:692
OPENVPN_STATE_WAIT
#define OPENVPN_STATE_WAIT
Definition: manage.h:478
man_connection::ext_cert_input
struct buffer_list * ext_cert_input
Definition: manage.h:314
man_up_finalize
static void man_up_finalize(struct management *man)
Definition: manage.c:706
virtual_output::func
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition: status.h:35
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition: buffer.h:891
LOG_PRINT_INTVAL
#define LOG_PRINT_INTVAL
Definition: manage.h:131
man_persist::standalone_disabled
bool standalone_disabled
Definition: manage.h:230
update_time
static void update_time(void)
Definition: otime.h:77
man_block
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3303
log_history_ref
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition: manage.c:4104
LOG_FATAL_NOTIFY
#define LOG_FATAL_NOTIFY
Definition: manage.h:129
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:482
misc.h
buffer_list_push
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition: buffer.c:1198
management_notify_client_needing_auth
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition: manage.c:2939
get_debug_level
int get_debug_level(void)
Definition: error.c:137
context_2::dco_write_bytes
counter_type dco_write_bytes
Definition: openvpn.h:270
M_WARN
#define M_WARN
Definition: error.h:91
log_history_close
void log_history_close(struct log_history *h)
Definition: manage.c:4055
man_settings::management_over_tunnel
bool management_over_tunnel
Definition: manage.h:251
man_connection::in_extra
struct buffer_list * in_extra
Definition: manage.h:304
management_init
struct management * management_init(void)
Definition: manage.c:2651
man_connection::env_filter_level
int env_filter_level
Definition: manage.h:316
context::options
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:475
parse_uint
static bool parse_uint(const char *str, const char *what, unsigned int *uint)
Definition: manage.c:1042
IEC_PK_SIGN
#define IEC_PK_SIGN
Definition: manage.h:302
man_remote_entry_get
static void man_remote_entry_get(struct management *man, const char *p1, const char *p2)
Definition: manage.c:892
management_connected
static bool management_connected(const struct management *man)
Definition: manage.h:434
man_output_env
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition: manage.c:2856
OPENVPN_STATE_CONNECTING
#define OPENVPN_STATE_CONNECTING
Definition: manage.h:470
man_dispatch_command
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition: manage.c:1337
char_class
bool char_class(const unsigned char c, const unsigned int flags)
Definition: buffer.c:877
EKS_SOLICIT
#define EKS_SOLICIT
Definition: manage.h:308
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition: socket.h:517
man_connection::state
int state
Definition: manage.h:280
man_remote_entry_count
static void man_remote_entry_count(struct management *man)
Definition: manage.c:876
man_net
static void man_net(struct management *man)
Definition: manage.c:813
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition: sig.c:177
man_client_n_clients
static void man_client_n_clients(struct management *man)
Definition: manage.c:1175
management_callback::remote_entry_count
unsigned int(* remote_entry_count)(void *arg)
Definition: manage.h:206
man_welcome
static void man_welcome(struct management *man)
Definition: manage.c:180
log_history_add
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition: manage.c:4062
MANAGEMENT_VERSION
#define MANAGEMENT_VERSION
Definition: manage.h:55
man_remote
static void man_remote(struct management *man, const char **p)
Definition: manage.c:1291
M_ERR
#define M_ERR
Definition: error.h:105
man_standalone_event_loop
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition: manage.c:3385
log_history::size
int size
Definition: manage.h:142
man_output_extra_env
static void man_output_extra_env(struct management *man, const char *prefix)
Definition: manage.c:2876
man_bytecount_output_server
void man_bytecount_output_server(const counter_type *bytes_in_total, const counter_type *bytes_out_total, struct man_def_auth_context *mdac)
Definition: manage.c:524
status_output
Definition: status.h:48
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition: misc.h:150
management_callback::show_net
void(* show_net)(void *arg, const int msglevel)
Definition: manage.h:181
MF_FORGET_DISCONNECT
#define MF_FORGET_DISCONNECT
Definition: manage.h:32
management_callback::arg
void * arg
Definition: manage.h:175
user_pass::nocache
bool nocache
Definition: misc.h:62
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition: manage.c:3760
blank_up
static const char blank_up[]
Definition: manage.c:61
win32_sleep
void win32_sleep(const int n)
Definition: win32.c:1563
msg_set_virtual_output
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition: error.h:321
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition: fdmisc.c:69
man_output_list_push_finalize
static void man_output_list_push_finalize(struct management *man)
Definition: manage.c:243
command_line_new
struct command_line * command_line_new(const int buf_len)
Definition: manage.c:3868
management_up_down
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition: manage.c:2890
SIZE
#define SIZE(x)
Definition: basic.h:30
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
platform_state_group_gid
static int platform_state_group_gid(const struct platform_state_group *s)
Definition: platform.h:106
management_query_multiline_flatten_newline
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3702
man_connect
static void man_connect(struct management *man)
Definition: manage.c:1930
dco_get_peer_stats
int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
Definition: dco_win.c:723
man_settings::local
struct addrinfo * local
Definition: manage.h:247
log_history_free_contents
static void log_history_free_contents(struct log_history *h)
Definition: manage.c:4044
man_output_standalone
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition: manage.c:3362
man_connection::bytecount_update_seconds
int bytecount_update_seconds
Definition: manage.h:321
LOG_PRINT_INT_DATE
#define LOG_PRINT_INT_DATE
Definition: manage.h:123
event_reset
static void event_reset(struct event_set *es)
Definition: event.h:169
log_history_init
struct log_history * log_history_init(const int capacity)
Definition: manage.c:4034
man_output_list_push
static void man_output_list_push(struct management *man, const char *str)
Definition: manage.c:266
event.h
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2829
man_delete_unix_socket
static void man_delete_unix_socket(struct management *man)
Definition: manage.c:306
buffer_list_new
struct buffer_list * buffer_list_new(void)
Allocate an empty buffer list of capacity max_size.
Definition: buffer.c:1158
set_mute_cutoff
bool set_mute_cutoff(const int cutoff)
Definition: error.c:123
IER_RESET
#define IER_RESET
Definition: manage.c:959
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:447
in_extra_reset
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition: manage.c:963
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2991
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:668
man_send_cc_message
static void man_send_cc_message(struct management *man, const char *message, const char *parameters)
Definition: manage.c:826
management_callback::client_pending_auth
bool(* client_pending_auth)(void *arg, const unsigned long cid, const unsigned int kid, const char *extra, unsigned int timeout)
Definition: manage.h:195
log_history::array
struct log_entry * array
Definition: manage.h:144
IEC_UNDEF
#define IEC_UNDEF
Definition: manage.h:297
ssl.h
LOG_PRINT_LOG_PREFIX
#define LOG_PRINT_LOG_PREFIX
Definition: manage.h:119
MWCC_HOLD_WAIT
#define MWCC_HOLD_WAIT
Definition: manage.c:3400
PROTO_NONE
@ PROTO_NONE
Definition: socket.h:567
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition: env_set.c:156
management_callback::status
void(* status)(void *arg, const int version, struct status_output *so)
Definition: manage.h:180
MANSIG_IGNORE_USR1_HUP
#define MANSIG_IGNORE_USR1_HUP
Definition: manage.h:260
EVENT_METHOD_FAST
#define EVENT_METHOD_FAST
Definition: event.h:83
log_entry_union::intval
int intval
Definition: manage.h:105
management_event_loop_n_seconds
void management_event_loop_n_seconds(struct management *man, int sec)
Definition: manage.c:3442
OPENVPN_STATE_GET_CONFIG
#define OPENVPN_STATE_GET_CONFIG
Definition: manage.h:480
command_line_free
void command_line_free(struct command_line *cl)
Definition: manage.c:3885
man_persist::bytes_in
counter_type bytes_in
Definition: manage.h:240
man_stop_ne32
static void man_stop_ne32(struct management *man)
Definition: manage.c:1703
status_close
bool status_close(struct status_output *so)
Definition: status.c:188
mroute_addr
Definition: mroute.h:78
management_connection_established
void management_connection_established(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition: manage.c:2986
LOG_PRINT_ECHO_PREFIX
#define LOG_PRINT_ECHO_PREFIX
Definition: manage.h:120
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
pkcs11.h
man_connection::ext_key_state
int ext_key_state
Definition: manage.h:311
DAF_CONNECTION_ESTABLISHED
#define DAF_CONNECTION_ESTABLISHED
Definition: manage.h:67
man_settings::up
struct user_pass up
Definition: manage.h:252
auth_retry_print
const char * auth_retry_print(void)
Definition: options.c:4784
LOG_PRINT_REMOTE_IP
#define LOG_PRINT_REMOTE_IP
Definition: manage.h:133
man_connection::ext_key_input
struct buffer_list * ext_key_input
Definition: manage.h:312
platform_state_user_uid
static int platform_state_user_uid(const struct platform_state_user *s)
Definition: platform.h:97
OPENVPN_STATE_RECONNECTING
#define OPENVPN_STATE_RECONNECTING
Definition: manage.h:474
log_history_obj_init
static void log_history_obj_init(struct log_history *h, int capacity)
Definition: manage.c:4026
virtual_output::arg
void * arg
Definition: status.h:33
MWCC_OTHER_WAIT
#define MWCC_OTHER_WAIT
Definition: manage.c:3401
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
openvpn_errno_maybe_crt
static int openvpn_errno_maybe_crt(bool *crt_error)
Definition: error.h:375
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:523
management_callback::remote_entry_get
bool(* remote_entry_get)(void *arg, unsigned int index, char **remote)
Definition: manage.h:207
man_bytecount
static void man_bytecount(struct management *man, const int update_seconds)
Definition: manage.c:492
log_index
static int log_index(const struct log_history *h, int i)
Definition: manage.c:4020
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition: syshead.h:437
man_reset_client_socket
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition: manage.c:2000
MWCC_PASSWORD_WAIT
#define MWCC_PASSWORD_WAIT
Definition: manage.c:3399
log_entry
Definition: manage.h:108
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:361
env_set
Definition: env_set.h:42
man_read
static int man_read(struct management *man)
Definition: manage.c:2252
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition: mroute.c:391
msg_flags_string
const char * msg_flags_string(const unsigned int flags, struct gc_arena *gc)
Definition: error.c:783
man_accept
static void man_accept(struct management *man)
Definition: manage.c:1813
man_update_io_state
static void man_update_io_state(struct management *man)
Definition: manage.c:227
MF_SIGNAL
#define MF_SIGNAL
Definition: manage.h:31
set_client_version
static void set_client_version(struct management *man, const char *version)
Definition: manage.c:1328
man_connection_init
static void man_connection_init(struct management *man)
Definition: manage.c:2577
counter_format
#define counter_format
Definition: common.h:31
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition: options.h:930
man_settings::log_history_cache
int log_history_cache
Definition: manage.h:253
free_buf
void free_buf(struct buffer *buf)
Definition: buffer.c:183
net_event_win32_clear_selected_events
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition: win32.h:145
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition: crypto_openssl.c:1346
socket_descriptor_t
SOCKET socket_descriptor_t
Definition: syshead.h:439
dco.h
man_echo
static void man_echo(struct management *man, const char *parm)
Definition: manage.c:683
common.h
net_event_win32_reset_write
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition: win32.c:340
man_def_auth_context::cid
unsigned long cid
Definition: manage.h:65
MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition: manage.h:57
LOG_PRINT_STATE
#define LOG_PRINT_STATE
Definition: manage.h:125
man_connection::es
struct event_set * es
Definition: manage.h:315
man_output_peer_info_env
static void man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
Definition: manage.c:2912
management_pre_tunnel_close
void management_pre_tunnel_close(struct management *man)
Definition: manage.c:3083
event_free
static void event_free(struct event_set *es)
Definition: event.h:160
ETT_DEFAULT
#define ETT_DEFAULT
Definition: interval.h:224
chomp
void chomp(char *str)
Definition: buffer.c:614
management_callback::send_cc_message
bool(* send_cc_message)(void *arg, const char *message, const char *parameter)
Definition: manage.h:186
event_set
Definition: event.h:130
management_query_multiline_flatten
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition: manage.c:3731
management_bytes_client
static void management_bytes_client(struct management *man, const int size_in, const int size_out)
Definition: manage.h:522
man_persist::callback
struct management_callback callback
Definition: manage.h:231
OPENVPN_STATE_AUTH_PENDING
#define OPENVPN_STATE_AUTH_PENDING
Definition: manage.h:483
buf_len
static int buf_len(const struct buffer *buf)
Definition: buffer.h:253
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition: socket.h:519
man_persist_close
static void man_persist_close(struct man_persist *mp)
Definition: manage.c:2439
man_start_ne32
static void man_start_ne32(struct management *man)
Definition: manage.c:1684
platform_state_user
Definition: platform.h:63
event_timeout_trigger
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition: interval.c:43
man_settings::echo_buffer_size
int echo_buffer_size
Definition: manage.h:254
virtual_output_callback_func
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition: manage.c:333
addr_defined
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition: socket.h:661
management_callback::proxy_cmd
bool(* proxy_cmd)(void *arg, const char **p)
Definition: manage.h:201
link_write_bytes_global
counter_type link_write_bytes_global
Definition: forward.c:51
MF_CONNECT_AS_CLIENT
#define MF_CONNECT_AS_CLIENT
Definition: manage.h:33
buffer_list_advance
void buffer_list_advance(struct buffer_list *ol, int n)
Definition: buffer.c:1321
man_standalone_ok
static bool man_standalone_ok(const struct management *man)
Definition: manage.c:3280
man_connection::ext_cert_state
int ext_cert_state
Definition: manage.h:313
man_need
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Checks if the correct number of arguments to a management command are present and otherwise prints an...
Definition: manage.c:1257
otime.h
ssl_purge_auth
void ssl_purge_auth(const bool auth_user_pass_only)
Definition: ssl.c:392
man_process_command
static void man_process_command(struct management *man, const char *line)
Definition: manage.c:2046
MF_UNIX_SOCK
#define MF_UNIX_SOCK
Definition: manage.h:36
net_event_win32_get_event
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition: win32.h:133
man_connection::halt
bool halt
Definition: manage.h:290
context_2::dco_read_bytes
counter_type dco_read_bytes
Definition: openvpn.h:267
status
static SERVICE_STATUS status
Definition: interactive.c:53
MANAGEMENT_STATE_BUFFER_SIZE
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition: manage.h:59
man_settings_close
static void man_settings_close(struct man_settings *ms)
Definition: manage.c:2566
man_connection::up_query
struct user_pass up_query
Definition: manage.h:326
OPENVPN_STATE_CONNECTED
#define OPENVPN_STATE_CONNECTED
Definition: manage.h:473
management
Definition: manage.h:335
management
struct management * management
Definition: manage.c:63
min_int
static int min_int(int x, int y)
Definition: integer.h:102
man_write
static int man_write(struct management *man)
Definition: manage.c:2346
IER_NEW
#define IER_NEW
Definition: manage.c:960
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1033
event_set_init
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition: event.c:1186
env_filter_match
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition: manage.c:2808
event_set_return
Definition: event.h:124
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition: misc.h:111
EKS_INPUT
#define EKS_INPUT
Definition: manage.h:309
MS_CC_WAIT_WRITE
#define MS_CC_WAIT_WRITE
Definition: manage.h:277
USER_PASS_LEN
#define USER_PASS_LEN
Definition: misc.h:69
GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NEED_OK
Definition: misc.h:112
man_settings::defined
bool defined
Definition: manage.h:245
rw_handle
Definition: win32.h:79
management_close
void management_close(struct management *man)
Definition: manage.c:2722
buffer_list_defined
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition: buffer.c:1177
MANSIG_MAP_USR1_TO_HUP
#define MANSIG_MAP_USR1_TO_HUP
Definition: manage.h:261
man_persist::hold_release
bool hold_release
Definition: manage.h:236
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1060
man_bytecount_output_client
static void man_bytecount_output_client(struct management *man, counter_type dco_read_bytes, counter_type dco_write_bytes)
Definition: manage.c:510
man_mod_signal
static int man_mod_signal(const struct management *man, const int signum)
Definition: manage.c:420
now
time_t now
Definition: otime.c:34
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:481
man_connection::password_tries
int password_tries
Definition: manage.h:292
log_entry::local_sock
struct openvpn_sockaddr local_sock
Definition: manage.h:114
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1268
man_settings_init
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition: manage.c:2461
man_persist::echo
struct log_history * echo
Definition: manage.h:233
parse_cid
static bool parse_cid(const char *str, unsigned long *cid)
Definition: manage.c:1028
IEC_CLIENT_AUTH
#define IEC_CLIENT_AUTH
Definition: manage.h:298
openvpn_close_socket
#define openvpn_close_socket(s)
Definition: socket.h:277
man_connection_clear
static void man_connection_clear(struct man_connection *mc)
Definition: manage.c:2388
env_item
Definition: env_set.h:37
man_load_stats
static void man_load_stats(struct management *man)
Definition: manage.c:1229
man_status
static void man_status(struct management *man, const int version, struct status_output *so)
Definition: manage.c:479
config.h
MAPF_SUBNET
#define MAPF_SUBNET
Definition: mroute.h:150
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition: misc.c:733
OPENVPN_STATE_ADD_ROUTES
#define OPENVPN_STATE_ADD_ROUTES
Definition: manage.h:472
MANAGEMENT_ECHO_BUFFER_SIZE
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition: manage.h:58
buffer_list_free
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition: buffer.c:1167
platform_user_get
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition: platform.c:79
buffer_list_aggregate
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition: buffer.c:1298
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1488
man_persist::vout
struct virtual_output vout
Definition: manage.h:228
man_client_kill
static void man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
Definition: manage.c:1150
EVENT_WRITE
#define EVENT_WRITE
Definition: event.h:40
command_line_next
void command_line_next(struct command_line *cl)
Definition: manage.c:3930
EKS_READY
#define EKS_READY
Definition: manage.h:310
management_set_callback
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition: manage.c:2732
management_would_hold
bool management_would_hold(struct management *man)
Definition: manage.c:3806
management_clear_callback
void management_clear_callback(struct management *man)
Definition: manage.c:2740
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:401
net_event_win32_close
void net_event_win32_close(struct net_event_win32 *ne)
Definition: win32.c:375
man_persist_init
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition: manage.c:2401
management_learn_addr
void management_learn_addr(struct management *management, struct man_def_auth_context *mdac, const struct mroute_addr *addr, const bool primary)
Definition: manage.c:3010
check_malloc_return
static void check_malloc_return(void *p)
Definition: buffer.h:1103
user_pass::password
char password[USER_PASS_LEN]
Definition: misc.h:73
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition: sig.h:110
man_connection::in_extra_cid
unsigned long in_extra_cid
Definition: manage.h:305
buf_substring_len
int buf_substring_len(const struct buffer *buf, int delim)
Definition: buffer.c:803
LOG_PRINT_CRLF
#define LOG_PRINT_CRLF
Definition: manage.h:128
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition: socket.h:272
man_connection::state_realtime
bool state_realtime
Definition: manage.h:318
man_connection::up_query_type
const char * up_query_type
Definition: manage.h:324
log_entry::string
const char * string
Definition: manage.h:111
management_query_cert
char * management_query_cert(struct management *man, const char *cert_name)
Definition: manage.c:3787
man_def_auth_context::bytecount_last_update
time_t bytecount_last_update
Definition: manage.h:74
sig.h
net_event_win32_init
void net_event_win32_init(struct net_event_win32 *ne)
Definition: win32.c:324
log_history_resize
void log_history_resize(struct log_history *h, const int capacity)
Definition: manage.c:4083
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition: socket.h:90
LOG_PRINT_LOCAL_IP
#define LOG_PRINT_LOCAL_IP
Definition: manage.h:126
event_timeout_clear
static void event_timeout_clear(struct event_timeout *et)
Clears the timeout and reset all values to 0.
Definition: interval.h:155
man_output_list_push_str
static void man_output_list_push_str(struct management *man, const char *str)
Definition: manage.c:257
log_history_size
static int log_history_size(const struct log_history *h)
Definition: manage.h:158
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:1053
user_pass
Definition: misc.h:56
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition: misc.h:114
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1434
virtual_output::flags_default
unsigned int flags_default
Definition: status.h:34
alloc_buf
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
management_callback::delete_event
void(* delete_event)(void *arg, event_t event)
Definition: manage.h:184
OPENVPN_STATE_CLIENT_BASE
#define OPENVPN_STATE_CLIENT_BASE
Definition: manage.h:485
memdbg.h
man_new_connection_post
static void man_new_connection_post(struct management *man, const char *description)
Definition: manage.c:1724
command_line::residual
struct buffer residual
Definition: manage.h:83
LOG_ECHO_TO_LOG
#define LOG_ECHO_TO_LOG
Definition: manage.h:135
auth_retry_set
bool auth_retry_set(const int msglevel, const char *option)
Definition: options.c:4761
management_callback
Definition: manage.h:173
buffer_list_reset
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition: buffer.c:1183
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition: socket.h:527
title_string
const char title_string[]
Definition: options.c:69
buffer_list
Definition: buffer.h:1120
man_connection::bytecount_update_interval
struct event_timeout bytecount_update_interval
Definition: manage.h:322
msg
#define msg(flags,...)
Definition: error.h:144
man_query_user_pass
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition: manage.c:736
man_kill
static void man_kill(struct management *man, const char *victim)
Definition: manage.c:538
AF_DID_RESET
#define AF_DID_RESET
integer.h
MF_UP_DOWN
#define MF_UP_DOWN
Definition: manage.h:40
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:240
man_password_needed
static bool man_password_needed(struct management *man)
Definition: manage.c:191
man_persist_state
static bool man_persist_state(unsigned int *persistent, const int n)
Definition: manage.c:3111
management_io
void management_io(struct management *man)
Definition: manage.c:3167
MANSIG_MAP_USR1_TO_TERM
#define MANSIG_MAP_USR1_TO_TERM
Definition: manage.h:262
UP_QUERY_NEED_STR
#define UP_QUERY_NEED_STR
Definition: manage.h:271
BOOL_CAST
#define BOOL_CAST(x)
Definition: basic.h:27
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition: buffer.h:348
man_settings::flags
unsigned int flags
Definition: manage.h:246
man_client_auth
static void man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
Definition: manage.c:1099
openvpn_sockaddr::addr
union openvpn_sockaddr::@20 addr
event_wait
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition: event.h:187
PROTO_UDP
@ PROTO_UDP
Definition: socket.h:568
GETADDR_FATAL
#define GETADDR_FATAL
Definition: socket.h:518
management_callback::n_clients
int(* n_clients)(void *arg)
Definition: manage.h:185
log_entry_union::msg_flags
unsigned int msg_flags
Definition: manage.h:103
management::persist
struct man_persist persist
Definition: manage.h:337
management::connection
struct man_connection connection
Definition: manage.h:339
gc
struct gc_arena gc
Definition: test_ssl.c:155
man_connection_close
static void man_connection_close(struct management *man)
Definition: manage.c:2622
command_line
Definition: manage.h:80
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
buf_parse
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition: buffer.c:825
Generated by   doxygen 1.8.17