OpenVPN
manage.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#ifdef ENABLE_MANAGEMENT
30
31#include "error.h"
32#include "fdmisc.h"
33#include "options.h"
34#include "sig.h"
35#include "event.h"
36#include "otime.h"
37#include "integer.h"
38#include "misc.h"
39#include "ssl.h"
40#include "common.h"
41#include "manage.h"
42#include "openvpn.h"
43#include "dco.h"
44#include "push.h"
45#include "multi.h"
46
47#include "memdbg.h"
48
49#ifdef ENABLE_PKCS11
50#include "pkcs11.h"
51#endif
52
53#define MANAGEMENT_ECHO_PULL_INFO 0
54
55#if MANAGEMENT_ECHO_PULL_INFO
56#define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
57#else
58#define MANAGEMENT_ECHO_FLAGS 0
59#endif
60
61/* tag for blank username/password */
62static const char blank_up[] = "[[BLANK]]";
63
64struct management *management; /* GLOBAL */
65
66/* static forward declarations */
67static void man_output_standalone(struct management *man, volatile int *signal_received);
68
69static void man_reset_client_socket(struct management *man, const bool exiting);
70
71static void
72man_help(void)
73{
74 msg(M_CLIENT, "Management Interface for %s", title_string);
75 msg(M_CLIENT, "Commands:");
76 msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
77 msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
78 msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
79 msg(M_CLIENT,
80 "cr-response response : Send a challenge response answer via CR_RESPONSE to server");
81 msg(M_CLIENT, "exit|quit : Close management session.");
82 msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
83 msg(M_CLIENT, "help : Print this message.");
84 msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
85 msg(M_CLIENT, " release current hold and start tunnel.");
86 msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
87 msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
88 msg(M_CLIENT, "load-stats : Show global server load stats.");
89 msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
90 msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
91 msg(M_CLIENT,
92 "mute [n] : Set log mute level to n, or show level if n is absent.");
93 msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
94 msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
95 msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
96 msg(M_CLIENT, " where action is reply string.");
97 msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
98 msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
99 msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
100 msg(M_CLIENT, "remote-entry-count : Get number of available remote entries.");
101 msg(M_CLIENT, "remote-entry-get i|all [j]: Get remote entry at index = i to to j-1 or all.");
102 msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
103 msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
104#ifdef ENABLE_PKCS11
105 msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
106 msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
107#endif
108 msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
109 msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
110 msg(M_CLIENT,
111 "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
112 msg(M_CLIENT, " text R and optional client reason text CR");
113 msg(M_CLIENT,
114 "client-pending-auth CID KID MSG timeout : Instruct OpenVPN to send AUTH_PENDING and INFO_PRE msg");
115 msg(M_CLIENT,
116 " to the client and wait for a final client-auth/client-deny");
117 msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
118 msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
119 msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
120 msg(M_CLIENT,
121 " Enter signature base64 on subsequent lines followed by END");
122 msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
123 msg(M_CLIENT,
124 " Enter signature base64 on subsequent lines followed by END");
125 msg(M_CLIENT,
126 "certificate : Enter a client certificate in response to >NEED-CERT challenge");
127 msg(M_CLIENT,
128 " Enter certificate base64 on subsequent lines followed by END");
129 msg(M_CLIENT, "signal s : Send signal s to daemon,");
130 msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
131 msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
132 msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
133 msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
134 msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
135 msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
136 msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
137 msg(M_CLIENT, "push-update-broad options : Broadcast a message to update the specified options.");
138 msg(M_CLIENT, " Ex. push-update-broad \"route something, -dns\"");
139 msg(M_CLIENT, "push-update-cid CID options : Send an update message to the client identified by CID.");
140 msg(M_CLIENT, "END");
141}
142
143static const char *
144man_state_name(const int state)
145{
146 switch (state)
147 {
148 case OPENVPN_STATE_INITIAL:
149 return "INITIAL";
150
151 case OPENVPN_STATE_CONNECTING:
152 return "CONNECTING";
153
154 case OPENVPN_STATE_WAIT:
155 return "WAIT";
156
157 case OPENVPN_STATE_AUTH:
158 return "AUTH";
159
160 case OPENVPN_STATE_GET_CONFIG:
161 return "GET_CONFIG";
162
163 case OPENVPN_STATE_ASSIGN_IP:
164 return "ASSIGN_IP";
165
166 case OPENVPN_STATE_ADD_ROUTES:
167 return "ADD_ROUTES";
168
169 case OPENVPN_STATE_CONNECTED:
170 return "CONNECTED";
171
172 case OPENVPN_STATE_RECONNECTING:
173 return "RECONNECTING";
174
175 case OPENVPN_STATE_EXITING:
176 return "EXITING";
177
178 case OPENVPN_STATE_RESOLVE:
179 return "RESOLVE";
180
181 case OPENVPN_STATE_TCP_CONNECT:
182 return "TCP_CONNECT";
183
184 case OPENVPN_STATE_AUTH_PENDING:
185 return "AUTH_PENDING";
186
187 default:
188 return "?";
189 }
190}
191
192static void
193man_welcome(struct management *man)
194{
195 msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
196 MANAGEMENT_VERSION);
197 if (man->persist.special_state_msg)
198 {
199 msg(M_CLIENT, "%s", man->persist.special_state_msg);
200 }
201}
202
203static inline bool
204man_password_needed(struct management *man)
205{
206 return man->settings.up.defined && !man->connection.password_verified;
207}
208
209static void
210man_check_password(struct management *man, const char *line)
211{
212 if (man_password_needed(man))
213 {
214 /* This comparison is not fixed time but since strlen(time) is based on
215 * the attacker choice, it should not give any indication of the real
216 * password length, use + 1 to include the NUL byte that terminates the
217 * string*/
218 size_t compare_len =
219 min_size(strlen(line) + 1, sizeof(man->settings.up.password));
220 if (memcmp_constant_time(line, man->settings.up.password, compare_len) == 0)
221 {
222 man->connection.password_verified = true;
223 msg(M_CLIENT, "SUCCESS: password is correct");
224 man_welcome(man);
225 }
226 else
227 {
228 man->connection.password_verified = false;
229 msg(M_CLIENT, "ERROR: bad password");
230 if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES)
231 {
232 msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
233 MANAGEMENT_N_PASSWORD_RETRIES);
234 man->connection.halt = true;
235 }
236 }
237 }
238}
239
240static void
241man_update_io_state(struct management *man)
242{
243 if (socket_defined(man->connection.sd_cli))
244 {
245 if (buffer_list_defined(man->connection.out))
246 {
247 man->connection.state = MS_CC_WAIT_WRITE;
248 }
249 else
250 {
251 man->connection.state = MS_CC_WAIT_READ;
252 }
253 }
254}
255
256static void
257man_output_list_push_finalize(struct management *man)
258{
259 if (management_connected(man))
260 {
261 man_update_io_state(man);
262 if (!man->persist.standalone_disabled)
263 {
264 volatile int signal_received = 0;
265 man_output_standalone(man, &signal_received);
266 }
267 }
268}
269
270static void
271man_output_list_push_str(struct management *man, const char *str)
272{
273 if (management_connected(man) && str)
274 {
275 buffer_list_push(man->connection.out, str);
276 }
277}
278
279static void
280man_output_list_push(struct management *man, const char *str)
281{
282 man_output_list_push_str(man, str);
283 man_output_list_push_finalize(man);
284}
285
286static void
287man_prompt(struct management *man)
288{
289 if (man_password_needed(man))
290 {
291 man_output_list_push(man, "ENTER PASSWORD:");
292 }
293#if 0 /* should we use prompt? */
294 else
295 {
296 man_output_list_push(man, ">");
297 }
298#endif
299}
300
301
306static void
307report_command_status(const bool status, const char *command)
308{
309 if (status)
310 {
311 msg(M_CLIENT, "SUCCESS: %s command succeeded", command);
312 }
313 else
314 {
315 msg(M_CLIENT, "ERROR: %s command failed", command);
316 }
317}
318
319static void
320man_delete_unix_socket(struct management *man)
321{
322#if UNIX_SOCK_SUPPORT
323 if ((man->settings.flags & (MF_UNIX_SOCK | MF_CONNECT_AS_CLIENT)) == MF_UNIX_SOCK)
324 {
325 socket_delete_unix(&man->settings.local_unix);
326 }
327#endif
328}
329
330static void
331man_close_socket(struct management *man, const socket_descriptor_t sd)
332{
333#ifndef _WIN32
334 /*
335 * Windows doesn't need this because the ne32 event is permanently
336 * enabled at struct management scope.
337 */
338 if (man->persist.callback.delete_event)
339 {
340 (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
341 }
342#endif
343 openvpn_close_socket(sd);
344}
345
346static void
347virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
348{
349 struct management *man = (struct management *)arg;
350 static int recursive_level = 0; /* GLOBAL */
351
352#define AF_DID_PUSH (1 << 0)
353#define AF_DID_RESET (1 << 1)
354 if (recursive_level < 5) /* limit recursion */
355 {
356 struct gc_arena gc = gc_new();
357 struct log_entry e;
358 const char *out = NULL;
359 unsigned int action_flags = 0;
360
361 ++recursive_level;
362
363 CLEAR(e);
364 update_time();
365 e.timestamp = now;
366 e.u.msg_flags = flags;
367 e.string = str;
368
369 if (flags & M_FATAL)
370 {
371 man->persist.standalone_disabled = false;
372 }
373
374 if (flags != M_CLIENT)
375 {
376 log_history_add(man->persist.log, &e);
377 }
378
379 if (!man_password_needed(man))
380 {
381 if (flags == M_CLIENT)
382 {
383 out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
384 }
385 else if (man->connection.log_realtime)
386 {
387 out = log_entry_print(&e,
388 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS
389 | LOG_PRINT_LOG_PREFIX | LOG_PRINT_CRLF,
390 &gc);
391 }
392 if (out)
393 {
394 man_output_list_push_str(man, out);
395 action_flags |= AF_DID_PUSH;
396 }
397 if (flags & M_FATAL)
398 {
399 out = log_entry_print(&e, LOG_FATAL_NOTIFY | LOG_PRINT_CRLF, &gc);
400 if (out)
401 {
402 man_output_list_push_str(man, out);
403 action_flags |= (AF_DID_PUSH | AF_DID_RESET);
404 }
405 }
406 }
407
408 gc_free(&gc);
409
410 if (action_flags & AF_DID_PUSH)
411 {
412 man_output_list_push_finalize(man);
413 }
414 if (action_flags & AF_DID_RESET)
415 {
416 man_reset_client_socket(man, true);
417 }
418
419 --recursive_level;
420 }
421 else
422 {
423 /* cannot use msg here */
424 printf("virtual_output: message to management interface "
425 "dropped due to recursion: <%s>\n",
426 str);
427 }
428}
429
430/*
431 * Given a signal, return the signal with possible remapping applied,
432 * or -1 if the signal should be ignored.
433 */
434static int
435man_mod_signal(const struct management *man, const int signum)
436{
437 const unsigned int flags = man->settings.mansig;
438 int s = signum;
439 if (s == SIGUSR1)
440 {
441 if (flags & MANSIG_MAP_USR1_TO_HUP)
442 {
443 s = SIGHUP;
444 }
445 if (flags & MANSIG_MAP_USR1_TO_TERM)
446 {
447 s = SIGTERM;
448 }
449 }
450 if (flags & MANSIG_IGNORE_USR1_HUP)
451 {
452 if (s == SIGHUP || s == SIGUSR1)
453 {
454 s = -1;
455 }
456 }
457 return s;
458}
459
460static void
461man_signal(struct management *man, const char *name)
462{
463 const int sig = parse_signal(name);
464 if (sig >= 0)
465 {
466 const int sig_mod = man_mod_signal(man, sig);
467 if (sig_mod >= 0)
468 {
469 throw_signal(sig_mod);
470 msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
471 }
472 else
473 {
474 msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
475 if (man->persist.special_state_msg)
476 {
477 msg(M_CLIENT, "%s", man->persist.special_state_msg);
478 }
479 }
480 }
481 else
482 {
483 msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
484 }
485}
486
487static void
488man_command_unsupported(const char *command_name)
489{
490 msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode",
491 command_name);
492}
493
494static void
495man_status(struct management *man, const int version, struct status_output *so)
496{
497 if (man->persist.callback.status)
498 {
499 (*man->persist.callback.status)(man->persist.callback.arg, version, so);
500 }
501 else
502 {
503 man_command_unsupported("status");
504 }
505}
506
507static void
513
514static void
515man_bytecount(struct management *man, const int update_seconds)
516{
517 if (update_seconds > 0)
518 {
519 man->connection.bytecount_update_seconds = update_seconds;
520 event_timeout_init(&man->connection.bytecount_update_interval,
521 man->connection.bytecount_update_seconds, now);
522 }
523 else
524 {
525 man_bytecount_stop(man);
526 }
527
528 /* The newly received bytecount interval may be sooner than the existing
529 * coarse timer wakeup. Reset the timer to ensure it fires at the correct,
530 * earlier time.
531 */
532 if (man->persist.callback.arg)
533 {
534 struct context *c;
535
536 if (man->settings.flags & MF_SERVER)
537 {
538 struct multi_context *m = man->persist.callback.arg;
539 c = &m->top;
540 }
541 else
542 {
543 c = man->persist.callback.arg;
544 }
545
546 reset_coarse_timers(c);
547 }
548
549 msg(M_CLIENT, "SUCCESS: bytecount interval changed");
550}
551
552static void
553man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
554{
555 char in[32];
556 char out[32];
557
558 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
559 snprintf(in, sizeof(in), counter_format, bytes_in_total);
560 snprintf(out, sizeof(out), counter_format, bytes_out_total);
561 msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
562}
563
564static void
565man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total,
566 struct man_def_auth_context *mdac)
567{
568 char in[32];
569 char out[32];
570 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
571 snprintf(in, sizeof(in), counter_format, bytes_in_total);
572 snprintf(out, sizeof(out), counter_format, bytes_out_total);
573 msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
574}
575
576static void
577man_kill(struct management *man, const char *victim)
578{
579 struct gc_arena gc = gc_new();
580
581 if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr)
582 {
583 struct buffer buf;
584 char p1[128];
585 char p2[128];
586 char p3[128];
587 int n_killed;
588
589 buf_set_read(&buf, (uint8_t *)victim, strlen(victim) + 1);
590 buf_parse(&buf, ':', p1, sizeof(p1));
591 buf_parse(&buf, ':', p2, sizeof(p2));
592 buf_parse(&buf, ':', p3, sizeof(p3));
593
594 if (strlen(p1) && strlen(p2) && strlen(p3))
595 {
596 /* IP:port specified */
597 bool status;
598 const in_addr_t addr =
599 getaddr(GETADDR_HOST_ORDER | GETADDR_MSG_VIRT_OUT, p2, 0, &status, NULL);
600 if (status)
601 {
602 const int port = atoi(p3);
603 const uint8_t proto = (streq(p1, "tcp")) ? PROTO_TCP_SERVER
604 : (streq(p1, "udp")) ? PROTO_UDP
605 : PROTO_NONE;
606
607 if ((port > 0 && port <= UINT16_MAX) && (proto != PROTO_NONE))
608 {
609 n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg,
610 addr, (uint16_t)port, proto);
611 if (n_killed > 0)
612 {
613 msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%s:%d killed", n_killed,
614 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
615 port);
616 }
617 else
618 {
619 msg(M_CLIENT, "ERROR: client at address %s:%s:%d not found",
620 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
621 port);
622 }
623 }
624 else
625 {
626 msg(M_CLIENT, "ERROR: port number or protocol out of range: %s %s", p3, p1);
627 }
628 }
629 else
630 {
631 msg(M_CLIENT, "ERROR: error parsing IP address: %s", p2);
632 }
633 }
634 else if (strlen(p1))
635 {
636 /* common name specified */
637 n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
638 if (n_killed > 0)
639 {
640 msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
641 }
642 else
643 {
644 msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
645 }
646 }
647 else
648 {
649 msg(M_CLIENT, "ERROR: kill parse");
650 }
651 }
652 else
653 {
654 man_command_unsupported("kill");
655 }
656
657 gc_free(&gc);
658}
659
660/*
661 * General-purpose history command handler
662 * for the log and echo commands.
663 */
664static void
665man_history(struct management *man, const char *parm, const char *type, struct log_history *log,
666 bool *realtime, const unsigned int lep_flags)
667{
668 struct gc_arena gc = gc_new();
669 int n = 0;
670
671 if (streq(parm, "on"))
672 {
673 *realtime = true;
674 msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
675 }
676 else if (streq(parm, "off"))
677 {
678 *realtime = false;
679 msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
680 }
681 else if (streq(parm, "all") || (n = atoi(parm)) > 0)
682 {
683 const int size = log_history_size(log);
684 const int start = (n ? n : size) - 1;
685 int i;
686
687 for (i = start; i >= 0; --i)
688 {
689 const struct log_entry *e = log_history_ref(log, i);
690 if (e)
691 {
692 const char *out = log_entry_print(e, lep_flags, &gc);
693 virtual_output_callback_func(man, M_CLIENT, out);
694 }
695 }
696 msg(M_CLIENT, "END");
697 }
698 else
699 {
700 msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
701 }
702
703 gc_free(&gc);
704}
705
706static void
707man_log(struct management *man, const char *parm)
708{
709 man_history(man, parm, "log", man->persist.log, &man->connection.log_realtime,
710 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS);
711}
712
713static void
714man_echo(struct management *man, const char *parm)
715{
716 man_history(man, parm, "echo", man->persist.echo, &man->connection.echo_realtime,
717 LOG_PRINT_INT_DATE | MANAGEMENT_ECHO_FLAGS);
718}
719
720static void
721man_state(struct management *man, const char *parm)
722{
723 man_history(man, parm, "state", man->persist.state, &man->connection.state_realtime,
724 LOG_PRINT_INT_DATE | LOG_PRINT_STATE | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP);
725}
726
727static void
728man_up_finalize(struct management *man)
729{
730 switch (man->connection.up_query_mode)
731 {
732 case UP_QUERY_USER_PASS:
733 if (!strlen(man->connection.up_query.username))
734 {
735 break;
736 }
737
738 /* fall through */
739 case UP_QUERY_PASS:
740 case UP_QUERY_NEED_OK:
741 case UP_QUERY_NEED_STR:
742 if (strlen(man->connection.up_query.password))
743 {
744 man->connection.up_query.defined = true;
745 }
746 break;
747
748 case UP_QUERY_DISABLED:
749 man->connection.up_query.defined = false;
750 break;
751
752 default:
753 ASSERT(0);
754 }
755}
756
757static void
758man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed,
759 const char *prompt, char *dest, int len)
760{
761 if (needed)
762 {
763 ASSERT(man->connection.up_query_type);
764 if (streq(man->connection.up_query_type, type))
765 {
766 strncpynt(dest, string, len);
767 man_up_finalize(man);
768 msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified", type, prompt);
769 }
770 else
771 {
772 msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'", prompt,
773 type, man->connection.up_query_type);
774 }
775 }
776 else
777 {
778 msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
779 }
780}
781
782static void
783man_query_username(struct management *man, const char *type, const char *string)
784{
785 const bool needed =
786 ((man->connection.up_query_mode == UP_QUERY_USER_PASS) && man->connection.up_query_type);
787 man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username,
788 USER_PASS_LEN);
789}
790
791static void
792man_query_password(struct management *man, const char *type, const char *string)
793{
794 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
795 || man->connection.up_query_mode == UP_QUERY_USER_PASS)
796 && man->connection.up_query_type);
797 if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
798 {
799 string = blank_up;
800 }
801 man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password,
802 USER_PASS_LEN);
803}
804
805static void
806man_query_need_ok(struct management *man, const char *type, const char *action)
807{
808 const bool needed =
809 ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
810 man_query_user_pass(man, type, action, needed, "needok-confirmation",
811 man->connection.up_query.password, USER_PASS_LEN);
812}
813
814static void
815man_query_need_str(struct management *man, const char *type, const char *action)
816{
817 const bool needed =
818 ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
819 man_query_user_pass(man, type, action, needed, "needstr-string",
820 man->connection.up_query.password, USER_PASS_LEN);
821}
822
823static void
824man_forget_passwords(struct management *man)
825{
826 ssl_purge_auth(false);
827 (void)ssl_clean_auth_token();
828 msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
829}
830
831static void
832man_net(struct management *man)
833{
834 if (man->persist.callback.show_net)
835 {
836 (*man->persist.callback.show_net)(man->persist.callback.arg, M_CLIENT);
837 }
838 else
839 {
840 man_command_unsupported("net");
841 }
842}
843
844static void
845man_send_cc_message(struct management *man, const char *message, const char *parameters)
846{
847 if (man->persist.callback.send_cc_message)
848 {
849 const bool status = (*man->persist.callback.send_cc_message)(man->persist.callback.arg,
850 message, parameters);
851 if (status)
852 {
853 msg(M_CLIENT, "SUCCESS: command succeeded");
854 }
855 else
856 {
857 msg(M_CLIENT, "ERROR: command failed");
858 }
859 }
860 else
861 {
862 man_command_unsupported("cr-repsonse");
863 }
864}
865#ifdef ENABLE_PKCS11
866
867static void
868man_pkcs11_id_count(struct management *man)
869{
870 msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
871}
872
873static void
874man_pkcs11_id_get(struct management *man, const int index)
875{
876 char *id = NULL;
877 char *base64 = NULL;
878
879 if (pkcs11_management_id_get(index, &id, &base64))
880 {
881 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
882 }
883 else
884 {
885 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
886 }
887
888 free(id);
889 free(base64);
890}
891
892#endif /* ifdef ENABLE_PKCS11 */
893
894static void
895man_remote_entry_count(struct management *man)
896{
897 unsigned count = 0;
898 if (man->persist.callback.remote_entry_count)
899 {
900 count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
901 msg(M_CLIENT, "%u", count);
902 msg(M_CLIENT, "END");
903 }
904 else
905 {
906 man_command_unsupported("remote-entry-count");
907 }
908}
909
910static void
911man_remote_entry_get(struct management *man, const char *p1, const char *p2)
912{
913 ASSERT(p1);
914
915 if (man->persist.callback.remote_entry_get && man->persist.callback.remote_entry_count)
916 {
917 unsigned int count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
918
919 unsigned int from = (unsigned int)atoi(p1);
920 unsigned int to = p2 ? (unsigned int)atoi(p2) : from + 1;
921
922 if (!strcmp(p1, "all"))
923 {
924 from = 0;
925 to = count;
926 }
927
928 for (unsigned int i = from; i < min_uint(to, count); i++)
929 {
930 char *remote = NULL;
931 bool res =
932 (*man->persist.callback.remote_entry_get)(man->persist.callback.arg, i, &remote);
933 if (res && remote)
934 {
935 msg(M_CLIENT, "%u,%s", i, remote);
936 }
937 free(remote);
938 }
939 msg(M_CLIENT, "END");
940 }
941 else
942 {
943 man_command_unsupported("remote-entry-get");
944 }
945}
946
947static void
948man_hold(struct management *man, const char *cmd)
949{
950 if (cmd)
951 {
952 if (streq(cmd, "on"))
953 {
954 man->settings.flags |= MF_HOLD;
955 msg(M_CLIENT, "SUCCESS: hold flag set to ON");
956 }
957 else if (streq(cmd, "off"))
958 {
959 man->settings.flags &= ~MF_HOLD;
960 msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
961 }
962 else if (streq(cmd, "release"))
963 {
964 man->persist.hold_release = true;
965 msg(M_CLIENT, "SUCCESS: hold release succeeded");
966 }
967 else
968 {
969 msg(M_CLIENT, "ERROR: bad hold command parameter");
970 }
971 }
972 else
973 {
974 msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
975 }
976}
977
978#define IER_RESET 0
979#define IER_NEW 1
980
981static void
982in_extra_reset(struct man_connection *mc, const int mode)
983{
984 if (mc)
985 {
986 if (mode != IER_NEW)
987 {
988 mc->in_extra_cmd = IEC_UNDEF;
989 mc->in_extra_cid = 0;
990 mc->in_extra_kid = 0;
991 }
992 if (mc->in_extra)
993 {
994 buffer_list_free(mc->in_extra);
995 mc->in_extra = NULL;
996 }
997 if (mode == IER_NEW)
998 {
999 mc->in_extra = buffer_list_new();
1000 }
1001 }
1002}
1003
1004static void
1005in_extra_dispatch(struct management *man)
1006{
1007 switch (man->connection.in_extra_cmd)
1008 {
1009 case IEC_CLIENT_AUTH:
1010 if (man->persist.callback.client_auth)
1011 {
1012 const bool status = (*man->persist.callback.client_auth)(
1013 man->persist.callback.arg, man->connection.in_extra_cid,
1014 man->connection.in_extra_kid, true, NULL, NULL, man->connection.in_extra);
1015 man->connection.in_extra = NULL;
1016 report_command_status(status, "client-auth");
1017 }
1018 else
1019 {
1020 man_command_unsupported("client-auth");
1021 }
1022 break;
1023
1024 case IEC_PK_SIGN:
1025 man->connection.ext_key_state = EKS_READY;
1026 buffer_list_free(man->connection.ext_key_input);
1027 man->connection.ext_key_input = man->connection.in_extra;
1028 man->connection.in_extra = NULL;
1029 return;
1030
1031 case IEC_CERTIFICATE:
1032 man->connection.ext_cert_state = EKS_READY;
1033 buffer_list_free(man->connection.ext_cert_input);
1034 man->connection.ext_cert_input = man->connection.in_extra;
1035 man->connection.in_extra = NULL;
1036 return;
1037 }
1038 in_extra_reset(&man->connection, IER_RESET);
1039}
1040
1041static bool
1042parse_cid(const char *str, unsigned long *cid)
1043{
1044 if (sscanf(str, "%lu", cid) == 1)
1045 {
1046 return true;
1047 }
1048 else
1049 {
1050 msg(M_CLIENT, "ERROR: cannot parse CID");
1051 return false;
1052 }
1053}
1054
1055static bool
1056parse_uint(const char *str, const char *what, unsigned int *uint)
1057{
1058 if (sscanf(str, "%u", uint) == 1)
1059 {
1060 return true;
1061 }
1062 else
1063 {
1064 msg(M_CLIENT, "ERROR: cannot parse %s", what);
1065 return false;
1066 }
1067}
1068
1080static void
1081man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str,
1082 const char *extra, const char *timeout_str)
1083{
1084 unsigned long cid = 0;
1085 unsigned int kid = 0;
1086 unsigned int timeout = 0;
1087 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid)
1088 && parse_uint(timeout_str, "TIMEOUT", &timeout))
1089 {
1090 if (man->persist.callback.client_pending_auth)
1091 {
1092 bool ret = (*man->persist.callback.client_pending_auth)(man->persist.callback.arg, cid,
1093 kid, extra, timeout);
1094
1095 if (ret)
1096 {
1097 msg(M_CLIENT, "SUCCESS: client-pending-auth command succeeded");
1098 }
1099 else
1100 {
1101 msg(M_CLIENT, "ERROR: client-pending-auth command failed."
1102 " Extra parameter might be too long");
1103 }
1104 }
1105 else
1106 {
1107 man_command_unsupported("client-pending-auth");
1108 }
1109 }
1110}
1111
1112static void
1113man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
1114{
1115 struct man_connection *mc = &man->connection;
1116 mc->in_extra_cid = 0;
1117 mc->in_extra_kid = 0;
1118 if (parse_cid(cid_str, &mc->in_extra_cid) && parse_uint(kid_str, "KID", &mc->in_extra_kid))
1119 {
1120 mc->in_extra_cmd = IEC_CLIENT_AUTH;
1121 in_extra_reset(mc, IER_NEW);
1122 if (!extra)
1123 {
1124 in_extra_dispatch(man);
1125 }
1126 }
1127}
1128
1129static void
1130man_client_deny(struct management *man, const char *cid_str, const char *kid_str,
1131 const char *reason, const char *client_reason)
1132{
1133 unsigned long cid = 0;
1134 unsigned int kid = 0;
1135 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid))
1136 {
1137 if (man->persist.callback.client_auth)
1138 {
1139 const bool status = (*man->persist.callback.client_auth)(
1140 man->persist.callback.arg, cid, kid, false, reason, client_reason, NULL);
1141 if (status)
1142 {
1143 msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1144 }
1145 else
1146 {
1147 msg(M_CLIENT, "ERROR: client-deny command failed");
1148 }
1149 }
1150 else
1151 {
1152 man_command_unsupported("client-deny");
1153 }
1154 }
1155}
1156
1157static void
1158man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1159{
1160 unsigned long cid = 0;
1161 if (parse_cid(cid_str, &cid))
1162 {
1163 if (man->persist.callback.kill_by_cid)
1164 {
1165 const bool status =
1166 (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1167 if (status)
1168 {
1169 msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1170 }
1171 else
1172 {
1173 msg(M_CLIENT, "ERROR: client-kill command failed");
1174 }
1175 }
1176 else
1177 {
1178 man_command_unsupported("client-kill");
1179 }
1180 }
1181}
1182
1183static void
1184man_client_n_clients(struct management *man)
1185{
1186 if (man->persist.callback.n_clients)
1187 {
1188 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1189 msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1190 }
1191 else
1192 {
1193 man_command_unsupported("nclients");
1194 }
1195}
1196
1197static void
1198man_env_filter(struct management *man, const int level)
1199{
1200 man->connection.env_filter_level = level;
1201 msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1202}
1203
1204
1205static void
1206man_pk_sig(struct management *man, const char *cmd_name)
1207{
1208 struct man_connection *mc = &man->connection;
1209 if (mc->ext_key_state == EKS_SOLICIT)
1210 {
1211 mc->ext_key_state = EKS_INPUT;
1212 mc->in_extra_cmd = IEC_PK_SIGN;
1213 in_extra_reset(mc, IER_NEW);
1214 }
1215 else
1216 {
1217 msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1218 }
1219}
1220
1221static void
1222man_certificate(struct management *man)
1223{
1224 struct man_connection *mc = &man->connection;
1225 if (mc->ext_cert_state == EKS_SOLICIT)
1226 {
1227 mc->ext_cert_state = EKS_INPUT;
1228 mc->in_extra_cmd = IEC_CERTIFICATE;
1229 in_extra_reset(mc, IER_NEW);
1230 }
1231 else
1232 {
1233 msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1234 }
1235}
1236
1237static void
1238man_load_stats(struct management *man)
1239{
1240 extern counter_type link_read_bytes_global;
1241 extern counter_type link_write_bytes_global;
1242 int nclients = 0;
1243
1244 if (man->persist.callback.n_clients)
1245 {
1246 nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1247 }
1248 msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1249 nclients, link_read_bytes_global, link_write_bytes_global);
1250}
1251
1252#define MN_AT_LEAST (1 << 0)
1263static bool
1264man_need(struct management *man, const char **p, const int n, unsigned int flags)
1265{
1266 int i;
1267 ASSERT(p[0]);
1268 for (i = 1; i <= n; ++i)
1269 {
1270 if (!p[i])
1271 {
1272 msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s", p[0],
1273 (flags & MN_AT_LEAST) ? "at least " : "", n, n > 1 ? "s" : "");
1274 return false;
1275 }
1276 }
1277 return true;
1278}
1279
1280static void
1281man_proxy(struct management *man, const char **p)
1282{
1283 if (man->persist.callback.proxy_cmd)
1284 {
1285 const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1286 report_command_status(status, "proxy");
1287 }
1288 else
1289 {
1290 man_command_unsupported("proxy");
1291 }
1292}
1293
1294static void
1295man_remote(struct management *man, const char **p)
1296{
1297 if (man->persist.callback.remote_cmd)
1298 {
1299 const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1300 report_command_status(status, "remote");
1301 }
1302 else
1303 {
1304 man_command_unsupported("remote");
1305 }
1306}
1307
1308#ifdef TARGET_ANDROID
1309static void
1310man_network_change(struct management *man, bool samenetwork)
1311{
1312 /* Called to signal the OpenVPN that the network configuration has changed and
1313 * the client should either float or reconnect.
1314 *
1315 * The code is currently only used by ics-openvpn
1316 */
1317 if (man->persist.callback.network_change)
1318 {
1319 int fd = (*man->persist.callback.network_change)(man->persist.callback.arg, samenetwork);
1320 man->connection.fdtosend = fd;
1321 msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1322 if (fd == -2)
1323 {
1324 man_signal(man, "SIGUSR1");
1325 }
1326 }
1327}
1328#endif
1329
1330static void
1331set_client_version(struct management *man, const char *version)
1332{
1333 if (version)
1334 {
1335 man->connection.client_version = atoi(version);
1336 }
1337}
1338
1339static void
1340man_push_update(struct management *man, const char **p, const push_update_type type)
1341{
1342 bool status = false;
1343
1344 if (type == UPT_BROADCAST)
1345 {
1346 if (!man->persist.callback.push_update_broadcast)
1347 {
1348 man_command_unsupported("push-update-broad");
1349 return;
1350 }
1351
1352 status = (*man->persist.callback.push_update_broadcast)(man->persist.callback.arg, p[1]);
1353 }
1354 else if (type == UPT_BY_CID)
1355 {
1356 if (!man->persist.callback.push_update_by_cid)
1357 {
1358 man_command_unsupported("push-update-cid");
1359 return;
1360 }
1361
1362 unsigned long cid = 0;
1363
1364 if (!parse_cid(p[1], &cid))
1365 {
1366 msg(M_CLIENT, "ERROR: push-update-cid fail during cid parsing");
1367 return;
1368 }
1369
1370 status = (*man->persist.callback.push_update_by_cid)(man->persist.callback.arg, cid, p[2]);
1371 }
1372
1373 if (status)
1374 {
1375 msg(M_CLIENT, "SUCCESS: push-update command succeeded");
1376 return;
1377 }
1378 msg(M_CLIENT, "ERROR: push-update command failed");
1379}
1380
1381static void
1382man_dispatch_command(struct management *man, struct status_output *so, const char **p,
1383 const int nparms)
1384{
1385 struct gc_arena gc = gc_new();
1386
1387 ASSERT(p[0]);
1388 if (streq(p[0], "exit") || streq(p[0], "quit"))
1389 {
1390 man->connection.halt = true;
1391 goto done;
1392 }
1393 else if (streq(p[0], "help"))
1394 {
1395 man_help();
1396 }
1397 else if (streq(p[0], "version") && p[1])
1398 {
1399 set_client_version(man, p[1]);
1400 }
1401 else if (streq(p[0], "version"))
1402 {
1403 msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1404 msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1405 msg(M_CLIENT, "END");
1406 }
1407 else if (streq(p[0], "pid"))
1408 {
1409 msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1410 }
1411 else if (streq(p[0], "nclients"))
1412 {
1413 man_client_n_clients(man);
1414 }
1415 else if (streq(p[0], "env-filter"))
1416 {
1417 int level = 0;
1418 if (p[1])
1419 {
1420 level = atoi(p[1]);
1421 }
1422 man_env_filter(man, level);
1423 }
1424 else if (streq(p[0], "signal"))
1425 {
1426 if (man_need(man, p, 1, 0))
1427 {
1428 man_signal(man, p[1]);
1429 }
1430 }
1431#ifdef TARGET_ANDROID
1432 else if (streq(p[0], "network-change"))
1433 {
1434 bool samenetwork = false;
1435 if (p[1] && streq(p[1], "samenetwork"))
1436 {
1437 samenetwork = true;
1438 }
1439
1440 man_network_change(man, samenetwork);
1441 }
1442#endif
1443 else if (streq(p[0], "load-stats"))
1444 {
1445 man_load_stats(man);
1446 }
1447 else if (streq(p[0], "status"))
1448 {
1449 int version = 0;
1450 if (p[1])
1451 {
1452 version = atoi(p[1]);
1453 }
1454 man_status(man, version, so);
1455 }
1456 else if (streq(p[0], "kill"))
1457 {
1458 if (man_need(man, p, 1, 0))
1459 {
1460 man_kill(man, p[1]);
1461 }
1462 }
1463 else if (streq(p[0], "verb"))
1464 {
1465 if (p[1])
1466 {
1467 const int level = atoi(p[1]);
1468 if (set_debug_level(level, 0))
1469 {
1470 msg(M_CLIENT, "SUCCESS: verb level changed");
1471 }
1472 else
1473 {
1474 msg(M_CLIENT, "ERROR: verb level is out of range");
1475 }
1476 }
1477 else
1478 {
1479 msg(M_CLIENT, "SUCCESS: verb=%u", get_debug_level());
1480 }
1481 }
1482 else if (streq(p[0], "mute"))
1483 {
1484 if (p[1])
1485 {
1486 const int level = atoi(p[1]);
1487 if (set_mute_cutoff(level))
1488 {
1489 msg(M_CLIENT, "SUCCESS: mute level changed");
1490 }
1491 else
1492 {
1493 msg(M_CLIENT, "ERROR: mute level is out of range");
1494 }
1495 }
1496 else
1497 {
1498 msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1499 }
1500 }
1501 else if (streq(p[0], "auth-retry"))
1502 {
1503 if (p[1])
1504 {
1505 if (auth_retry_set(M_CLIENT, p[1]))
1506 {
1507 msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1508 }
1509 else
1510 {
1511 msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1512 }
1513 }
1514 else
1515 {
1516 msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1517 }
1518 }
1519 else if (streq(p[0], "state"))
1520 {
1521 if (!p[1])
1522 {
1523 man_state(man, "1");
1524 }
1525 else
1526 {
1527 if (p[1])
1528 {
1529 man_state(man, p[1]);
1530 }
1531 if (p[2])
1532 {
1533 man_state(man, p[2]);
1534 }
1535 }
1536 }
1537 else if (streq(p[0], "log"))
1538 {
1539 if (man_need(man, p, 1, MN_AT_LEAST))
1540 {
1541 if (p[1])
1542 {
1543 man_log(man, p[1]);
1544 }
1545 if (p[2])
1546 {
1547 man_log(man, p[2]);
1548 }
1549 }
1550 }
1551 else if (streq(p[0], "echo"))
1552 {
1553 if (man_need(man, p, 1, MN_AT_LEAST))
1554 {
1555 if (p[1])
1556 {
1557 man_echo(man, p[1]);
1558 }
1559 if (p[2])
1560 {
1561 man_echo(man, p[2]);
1562 }
1563 }
1564 }
1565 else if (streq(p[0], "username"))
1566 {
1567 if (man_need(man, p, 2, 0))
1568 {
1569 man_query_username(man, p[1], p[2]);
1570 }
1571 }
1572 else if (streq(p[0], "password"))
1573 {
1574 if (man_need(man, p, 2, 0))
1575 {
1576 man_query_password(man, p[1], p[2]);
1577 }
1578 }
1579 else if (streq(p[0], "forget-passwords"))
1580 {
1581 man_forget_passwords(man);
1582 }
1583 else if (streq(p[0], "needok"))
1584 {
1585 if (man_need(man, p, 2, 0))
1586 {
1587 man_query_need_ok(man, p[1], p[2]);
1588 }
1589 }
1590 else if (streq(p[0], "needstr"))
1591 {
1592 if (man_need(man, p, 2, 0))
1593 {
1594 man_query_need_str(man, p[1], p[2]);
1595 }
1596 }
1597 else if (streq(p[0], "cr-response"))
1598 {
1599 if (man_need(man, p, 1, 0))
1600 {
1601 man_send_cc_message(man, "CR_RESPONSE", p[1]);
1602 }
1603 }
1604 else if (streq(p[0], "net"))
1605 {
1606 man_net(man);
1607 }
1608 else if (streq(p[0], "hold"))
1609 {
1610 man_hold(man, p[1]);
1611 }
1612 else if (streq(p[0], "bytecount"))
1613 {
1614 if (man_need(man, p, 1, 0))
1615 {
1616 man_bytecount(man, atoi(p[1]));
1617 }
1618 }
1619 else if (streq(p[0], "client-kill"))
1620 {
1621 if (man_need(man, p, 1, MN_AT_LEAST))
1622 {
1623 man_client_kill(man, p[1], p[2]);
1624 }
1625 }
1626 else if (streq(p[0], "client-deny"))
1627 {
1628 if (man_need(man, p, 3, MN_AT_LEAST))
1629 {
1630 man_client_deny(man, p[1], p[2], p[3], p[4]);
1631 }
1632 }
1633 else if (streq(p[0], "client-auth-nt"))
1634 {
1635 if (man_need(man, p, 2, 0))
1636 {
1637 man_client_auth(man, p[1], p[2], false);
1638 }
1639 }
1640 else if (streq(p[0], "client-auth"))
1641 {
1642 if (man_need(man, p, 2, 0))
1643 {
1644 man_client_auth(man, p[1], p[2], true);
1645 }
1646 }
1647 else if (streq(p[0], "client-pending-auth"))
1648 {
1649 if (man_need(man, p, 4, 0))
1650 {
1651 man_client_pending_auth(man, p[1], p[2], p[3], p[4]);
1652 }
1653 }
1654 else if (streq(p[0], "rsa-sig"))
1655 {
1656 man_pk_sig(man, "rsa-sig");
1657 }
1658 else if (streq(p[0], "pk-sig"))
1659 {
1660 man_pk_sig(man, "pk-sig");
1661 }
1662 else if (streq(p[0], "certificate"))
1663 {
1664 man_certificate(man);
1665 }
1666#ifdef ENABLE_PKCS11
1667 else if (streq(p[0], "pkcs11-id-count"))
1668 {
1669 man_pkcs11_id_count(man);
1670 }
1671 else if (streq(p[0], "pkcs11-id-get"))
1672 {
1673 if (man_need(man, p, 1, 0))
1674 {
1675 man_pkcs11_id_get(man, atoi(p[1]));
1676 }
1677 }
1678#endif
1679 else if (streq(p[0], "remote-entry-count"))
1680 {
1681 man_remote_entry_count(man);
1682 }
1683 else if (streq(p[0], "remote-entry-get"))
1684 {
1685 if (man_need(man, p, 1, MN_AT_LEAST))
1686 {
1687 man_remote_entry_get(man, p[1], p[2]);
1688 }
1689 }
1690 else if (streq(p[0], "proxy"))
1691 {
1692 if (man_need(man, p, 1, MN_AT_LEAST))
1693 {
1694 man_proxy(man, p);
1695 }
1696 }
1697 else if (streq(p[0], "remote"))
1698 {
1699 if (man_need(man, p, 1, MN_AT_LEAST))
1700 {
1701 man_remote(man, p);
1702 }
1703 }
1704 else if (streq(p[0], "push-update-broad"))
1705 {
1706 if (man_need(man, p, 1, 0))
1707 {
1708 man_push_update(man, p, UPT_BROADCAST);
1709 }
1710 }
1711 else if (streq(p[0], "push-update-cid"))
1712 {
1713 if (man_need(man, p, 2, 0))
1714 {
1715 man_push_update(man, p, UPT_BY_CID);
1716 }
1717 }
1718#if 1
1719 else if (streq(p[0], "test"))
1720 {
1721 if (man_need(man, p, 1, 0))
1722 {
1723 int i;
1724 const int n = atoi(p[1]);
1725 for (i = 0; i < n; ++i)
1726 {
1727 msg(M_CLIENT,
1728 "[%d] The purpose of this command is to generate large amounts of output.", i);
1729 }
1730 }
1731 }
1732#endif
1733 else
1734 {
1735 msg(M_CLIENT, "ERROR: unknown command [%s], enter 'help' for more options", p[0]);
1736 }
1737
1738done:
1739 gc_free(&gc);
1740}
1741
1742#ifdef _WIN32
1743
1744static void
1745man_start_ne32(struct management *man)
1746{
1747 switch (man->connection.state)
1748 {
1749 case MS_LISTEN:
1750 net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1751 break;
1752
1753 case MS_CC_WAIT_READ:
1754 case MS_CC_WAIT_WRITE:
1755 net_event_win32_start(&man->connection.ne32, FD_READ | FD_WRITE | FD_CLOSE,
1756 man->connection.sd_cli);
1757 break;
1758
1759 default:
1760 ASSERT(0);
1761 }
1762}
1763
1764static void
1765man_stop_ne32(struct management *man)
1766{
1767 net_event_win32_stop(&man->connection.ne32);
1768}
1769
1770#endif /* ifdef _WIN32 */
1771
1772static void
1773man_connection_settings_reset(struct management *man)
1774{
1775 man->connection.state_realtime = false;
1776 man->connection.log_realtime = false;
1777 man->connection.echo_realtime = false;
1778 man->connection.bytecount_update_seconds = 0;
1779 man->connection.password_verified = false;
1780 man->connection.password_tries = 0;
1781 man->connection.halt = false;
1782 man->connection.state = MS_CC_WAIT_WRITE;
1783}
1784
1785static void
1786man_new_connection_post(struct management *man, const char *description)
1787{
1788 struct gc_arena gc = gc_new();
1789
1790 set_nonblock(man->connection.sd_cli);
1791
1792 man_connection_settings_reset(man);
1793
1794#ifdef _WIN32
1795 man_start_ne32(man);
1796#endif
1797
1798#if UNIX_SOCK_SUPPORT
1799 if (man->settings.flags & MF_UNIX_SOCK)
1800 {
1801 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1802 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1803 }
1804 else
1805#endif
1806 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1807 {
1808 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1809 print_sockaddr(man->settings.local->ai_addr, &gc));
1810 }
1811 else
1812 {
1813 struct sockaddr_storage addr;
1814 socklen_t addrlen = sizeof(addr);
1815 if (!getpeername(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen))
1816 {
1817 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1818 print_sockaddr((struct sockaddr *)&addr, &gc));
1819 }
1820 else
1821 {
1822 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description, "unknown");
1823 }
1824 }
1825
1826 buffer_list_reset(man->connection.out);
1827
1828 if (!man_password_needed(man))
1829 {
1830 man_welcome(man);
1831 }
1832 man_prompt(man);
1833 man_update_io_state(man);
1834
1835 gc_free(&gc);
1836}
1837
1838#if UNIX_SOCK_SUPPORT
1839static bool
1840man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1841{
1842 if (socket_defined(sd) && (man->settings.user.user_valid || man->settings.group.group_valid))
1843 {
1844 static const char err_prefix[] =
1845 "MANAGEMENT: unix domain socket client connection rejected --";
1846 uid_t uid;
1847 gid_t gid;
1848 if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1849 {
1850 if (man->settings.user.user_valid && man->settings.user.uid != uid)
1851 {
1852 msg(D_MANAGEMENT,
1853 "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1854 err_prefix, uid, man->settings.user.uid);
1855 return false;
1856 }
1857 if (man->settings.group.group_valid && man->settings.group.gid != gid)
1858 {
1859 msg(D_MANAGEMENT,
1860 "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1861 err_prefix, gid, man->settings.group.gid);
1862 return false;
1863 }
1864 }
1865 else
1866 {
1867 msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1868 return false;
1869 }
1870 }
1871 return true;
1872}
1873#endif /* if UNIX_SOCK_SUPPORT */
1874
1875static void
1876man_accept(struct management *man)
1877{
1878 struct link_socket_actual act;
1879 CLEAR(act);
1880
1881 /*
1882 * Accept the TCP or Unix domain socket client.
1883 */
1884#if UNIX_SOCK_SUPPORT
1885 if (man->settings.flags & MF_UNIX_SOCK)
1886 {
1887 struct sockaddr_un remote;
1888 man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1889 if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1890 {
1891 sd_close(&man->connection.sd_cli);
1892 }
1893 }
1894 else
1895#endif
1896 {
1897 man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1898 }
1899
1900 if (socket_defined(man->connection.sd_cli))
1901 {
1902 man->connection.remote = act.dest;
1903
1904 if (socket_defined(man->connection.sd_top))
1905 {
1906#ifdef _WIN32
1907 man_stop_ne32(man);
1908#endif
1909 }
1910
1911 man_new_connection_post(man, "Client connected from");
1912 }
1913}
1914
1915static void
1916man_listen(struct management *man)
1917{
1918 struct gc_arena gc = gc_new();
1919
1920 /*
1921 * Initialize state
1922 */
1923 man->connection.state = MS_LISTEN;
1924 man->connection.sd_cli = SOCKET_UNDEFINED;
1925
1926 /*
1927 * Initialize listening socket
1928 */
1929 if (man->connection.sd_top == SOCKET_UNDEFINED)
1930 {
1931#if UNIX_SOCK_SUPPORT
1932 if (man->settings.flags & MF_UNIX_SOCK)
1933 {
1934 man_delete_unix_socket(man);
1935 man->connection.sd_top = create_socket_unix();
1936 socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1937 }
1938 else
1939#endif
1940 {
1941 man->connection.sd_top = create_socket_tcp(man->settings.local);
1942 socket_bind(man->connection.sd_top, man->settings.local, man->settings.local->ai_family,
1943 "MANAGEMENT", false);
1944 }
1945
1946 /*
1947 * Listen for connection
1948 */
1949 if (listen(man->connection.sd_top, 1))
1950 {
1951 msg(M_ERR, "MANAGEMENT: listen() failed");
1952 }
1953
1954 /*
1955 * Set misc socket properties
1956 */
1957 set_nonblock(man->connection.sd_top);
1958
1959#if UNIX_SOCK_SUPPORT
1960 if (man->settings.flags & MF_UNIX_SOCK)
1961 {
1962 msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1963 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1964 }
1965 else
1966#endif
1967 {
1968 const struct sockaddr *man_addr = man->settings.local->ai_addr;
1969 struct sockaddr_storage addr;
1970 socklen_t addrlen = sizeof(addr);
1971 if (!getsockname(man->connection.sd_top, (struct sockaddr *)&addr, &addrlen))
1972 {
1973 man_addr = (struct sockaddr *)&addr;
1974 }
1975 else
1976 {
1977 msg(M_WARN | M_ERRNO, "Failed to get the management socket address");
1978 }
1979 msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1980 print_sockaddr(man_addr, &gc));
1981 }
1982 }
1983
1984#ifdef _WIN32
1985 man_start_ne32(man);
1986#endif
1987
1988 gc_free(&gc);
1989}
1990
1991static void
1992man_connect(struct management *man)
1993{
1994 struct gc_arena gc = gc_new();
1995 int status;
1996 int signal_received = 0;
1997
1998 /*
1999 * Initialize state
2000 */
2001 man->connection.state = MS_INITIAL;
2002 man->connection.sd_top = SOCKET_UNDEFINED;
2003
2004#if UNIX_SOCK_SUPPORT
2005 if (man->settings.flags & MF_UNIX_SOCK)
2006 {
2007 man->connection.sd_cli = create_socket_unix();
2008 status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
2009 if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
2010 {
2011#ifdef EPERM
2012 status = EPERM;
2013#else
2014 status = 1;
2015#endif
2016 sd_close(&man->connection.sd_cli);
2017 }
2018 }
2019 else
2020#endif
2021 {
2022 man->connection.sd_cli = create_socket_tcp(man->settings.local);
2023 status = openvpn_connect(man->connection.sd_cli, man->settings.local->ai_addr, 5,
2024 &signal_received);
2025 }
2026
2027 if (signal_received)
2028 {
2029 throw_signal(signal_received);
2030 goto done;
2031 }
2032
2033 if (status)
2034 {
2035#if UNIX_SOCK_SUPPORT
2036 if (man->settings.flags & MF_UNIX_SOCK)
2037 {
2038 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to unix socket %s failed",
2039 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
2040 }
2041 else
2042#endif
2043 {
2044 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to %s failed",
2045 print_sockaddr(man->settings.local->ai_addr, &gc));
2046 }
2047 throw_signal_soft(SIGTERM, "management-connect-failed");
2048 goto done;
2049 }
2050
2051 man_new_connection_post(man, "Connected to management server at");
2052
2053done:
2054 gc_free(&gc);
2055}
2056
2057static void
2058man_reset_client_socket(struct management *man, const bool exiting)
2059{
2060 if (socket_defined(man->connection.sd_cli))
2061 {
2062 man_bytecount_stop(man);
2063#ifdef _WIN32
2064 man_stop_ne32(man);
2065#endif
2066 man_close_socket(man, man->connection.sd_cli);
2067 man->connection.sd_cli = SOCKET_UNDEFINED;
2068 man->connection.state = MS_INITIAL;
2069 command_line_reset(man->connection.in);
2070 buffer_list_reset(man->connection.out);
2071 in_extra_reset(&man->connection, IER_RESET);
2072 msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
2073 }
2074 if (!exiting)
2075 {
2076 if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man))
2077 {
2078 msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect");
2079 ssl_purge_auth(false);
2080 (void)ssl_clean_auth_token();
2081 }
2082
2083 if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
2084 {
2085 int mysig = man_mod_signal(man, SIGUSR1);
2086 if (mysig >= 0)
2087 {
2088 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
2089 throw_signal_soft(mysig, "management-disconnect");
2090 }
2091 }
2092
2093 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2094 {
2095 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
2096 throw_signal_soft(SIGTERM, "management-exit");
2097 }
2098 else
2099 {
2100 man_listen(man);
2101 }
2102 }
2103}
2104
2105static void
2106man_process_command(struct management *man, const char *line)
2107{
2108 struct gc_arena gc = gc_new();
2109 struct status_output *so;
2110 int nparms;
2111 char *parms[MAX_PARMS + 1];
2112
2113 CLEAR(parms);
2114 so = status_open(NULL, 0, -1, &man->persist.vout, 0);
2115 in_extra_reset(&man->connection, IER_RESET);
2116
2117 if (man_password_needed(man))
2118 {
2119 man_check_password(man, line);
2120 }
2121 else
2122 {
2123 nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
2124 if (parms[0] && streq(parms[0], "password"))
2125 {
2126 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
2127 }
2128 else if (!streq(line, "load-stats"))
2129 {
2130 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
2131 }
2132
2133#if 0
2134 /* DEBUGGING -- print args */
2135 {
2136 int i;
2137 for (i = 0; i < nparms; ++i)
2138 {
2139 msg(M_INFO, "[%d] '%s'", i, parms[i]);
2140 }
2141 }
2142#endif
2143
2144 if (nparms > 0)
2145 {
2146 man_dispatch_command(man, so, (const char **)parms, nparms);
2147 }
2148 }
2149
2150 CLEAR(parms);
2151 status_close(so);
2152 gc_free(&gc);
2153}
2154
2155static bool
2156man_io_error(struct management *man, const char *prefix)
2157{
2158 bool crt_error = false;
2159 int err = openvpn_errno_maybe_crt(&crt_error);
2160
2161 if (!ignore_sys_error(err, crt_error))
2162 {
2163 struct gc_arena gc = gc_new();
2164 msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix, strerror(err));
2165 gc_free(&gc);
2166 return true;
2167 }
2168 else
2169 {
2170 return false;
2171 }
2172}
2173
2174#ifdef TARGET_ANDROID
2175static ssize_t
2176man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2177{
2178 struct msghdr msg = { 0 };
2179 struct iovec iov[1];
2180
2181 union
2182 {
2183 struct cmsghdr cm;
2184 char control[CMSG_SPACE(sizeof(int))];
2185 } control_un;
2186 struct cmsghdr *cmptr;
2187
2188 msg.msg_control = control_un.control;
2189 msg.msg_controllen = sizeof(control_un.control);
2190
2191 cmptr = CMSG_FIRSTHDR(&msg);
2192 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2193 cmptr->cmsg_level = SOL_SOCKET;
2194 cmptr->cmsg_type = SCM_RIGHTS;
2195 *((int *)CMSG_DATA(cmptr)) = sendfd;
2196
2197 msg.msg_name = NULL;
2198 msg.msg_namelen = 0;
2199
2200 iov[0].iov_base = ptr;
2201 iov[0].iov_len = nbytes;
2202 msg.msg_iov = iov;
2203 msg.msg_iovlen = 1;
2204
2205 return (sendmsg(fd, &msg, flags));
2206}
2207
2208static ssize_t
2209man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2210{
2211 struct msghdr msghdr = { 0 };
2212 struct iovec iov[1];
2213 ssize_t n;
2214
2215 union
2216 {
2217 struct cmsghdr cm;
2218 char control[CMSG_SPACE(sizeof(int))];
2219 } control_un;
2220 struct cmsghdr *cmptr;
2221
2222 msghdr.msg_control = control_un.control;
2223 msghdr.msg_controllen = sizeof(control_un.control);
2224
2225 msghdr.msg_name = NULL;
2226 msghdr.msg_namelen = 0;
2227
2228 iov[0].iov_base = ptr;
2229 iov[0].iov_len = nbytes;
2230 msghdr.msg_iov = iov;
2231 msghdr.msg_iovlen = 1;
2232
2233 if ((n = recvmsg(fd, &msghdr, flags)) <= 0)
2234 {
2235 return (n);
2236 }
2237
2238 if ((cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2239 {
2240 if (cmptr->cmsg_level != SOL_SOCKET)
2241 {
2242 msg(M_ERR, "control level != SOL_SOCKET");
2243 }
2244 if (cmptr->cmsg_type != SCM_RIGHTS)
2245 {
2246 msg(M_ERR, "control type != SCM_RIGHTS");
2247 }
2248 *recvfd = *((int *)CMSG_DATA(cmptr));
2249 }
2250 else
2251 {
2252 *recvfd = -1; /* descriptor was not passed */
2253 }
2254 return (n);
2255}
2256
2257/*
2258 * The android control method will instruct the GUI part of openvpn to do
2259 * the route/ifconfig/open tun command. See doc/android.txt for details.
2260 */
2261bool
2262management_android_control(struct management *man, const char *command, const char *msg)
2263{
2264 if (!man)
2265 {
2266 msg(M_FATAL, "Required management interface not available.");
2267 }
2268 struct user_pass up;
2269 CLEAR(up);
2270 strncpy(up.username, msg, sizeof(up.username) - 1);
2271
2272 management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK, (void *)0);
2273 return strcmp("ok", up.password) == 0;
2274}
2275
2276/*
2277 * In Android 4.4 it is not possible to open a new tun device and then close the
2278 * old tun device without breaking the whole VPNService stack until the device
2279 * is rebooted. This management method ask the UI what method should be taken to
2280 * ensure the optimal solution for the situation
2281 */
2282int
2283managment_android_persisttun_action(struct management *man)
2284{
2285 struct user_pass up;
2286 CLEAR(up);
2287 strcpy(up.username, "tunmethod");
2288 management_query_user_pass(management, &up, "PERSIST_TUN_ACTION", GET_USER_PASS_NEED_OK,
2289 (void *)0);
2290 if (!strcmp("NOACTION", up.password))
2291 {
2292 return ANDROID_KEEP_OLD_TUN;
2293 }
2294 else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2295 {
2296 return ANDROID_OPEN_BEFORE_CLOSE;
2297 }
2298 else
2299 {
2300 msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query",
2301 up.password);
2302 }
2303
2304 ASSERT(0);
2305 return ANDROID_OPEN_BEFORE_CLOSE;
2306}
2307
2308
2309#endif /* ifdef TARGET_ANDROID */
2310
2311static ssize_t
2312man_read(struct management *man)
2313{
2314 /*
2315 * read command line from socket
2316 */
2317 unsigned char buf[256];
2318 ssize_t len = 0;
2319
2320#ifdef TARGET_ANDROID
2321 int fd;
2322 len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2323 if (fd >= 0)
2324 {
2325 man->connection.lastfdreceived = fd;
2326 }
2327#else /* ifdef TARGET_ANDROID */
2328 len = recv(man->connection.sd_cli, (void *)buf, sizeof(buf), MSG_NOSIGNAL);
2329#endif
2330
2331 if (len == 0)
2332 {
2333 man_reset_client_socket(man, false);
2334 }
2335 else if (len > 0)
2336 {
2337 bool processed_command = false;
2338
2339 ASSERT(len <= (ssize_t)sizeof(buf));
2340 command_line_add(man->connection.in, buf, (size_t)len);
2341
2342 /*
2343 * Reset output object
2344 */
2345 buffer_list_reset(man->connection.out);
2346
2347 /*
2348 * process command line if complete
2349 */
2350 {
2351 const char *line;
2352 while ((line = command_line_get(man->connection.in)))
2353 {
2354 if (man->connection.in_extra)
2355 {
2356 if (!strcmp(line, "END"))
2357 {
2358 in_extra_dispatch(man);
2359 }
2360 else
2361 {
2362 buffer_list_push(man->connection.in_extra, line);
2363 }
2364 }
2365 else
2366 {
2367 man_process_command(man, (char *)line);
2368 }
2369 if (man->connection.halt)
2370 {
2371 break;
2372 }
2373 command_line_next(man->connection.in);
2374 processed_command = true;
2375 }
2376 }
2377
2378 /*
2379 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2380 */
2381 if (man->connection.halt)
2382 {
2383 man_reset_client_socket(man, false);
2384 len = 0;
2385 }
2386 else
2387 {
2388 if (processed_command)
2389 {
2390 man_prompt(man);
2391 }
2392 man_update_io_state(man);
2393 }
2394 }
2395 else /* len < 0 */
2396 {
2397 if (man_io_error(man, "recv"))
2398 {
2399 man_reset_client_socket(man, false);
2400 }
2401 }
2402 return len;
2403}
2404
2405static ssize_t
2406man_write(struct management *man)
2407{
2408 const int size_hint = 1024;
2409 ssize_t sent = 0;
2410 const struct buffer *buf;
2411
2412 buffer_list_aggregate(man->connection.out, size_hint);
2413 buf = buffer_list_peek(man->connection.out);
2414 if (buf && BLEN(buf))
2415 {
2416 const int len = min_int(size_hint, BLEN(buf));
2417#ifdef TARGET_ANDROID
2418 if (man->connection.fdtosend > 0)
2419 {
2420 sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,
2421 man->connection.fdtosend);
2422 man->connection.fdtosend = -1;
2423 }
2424 else
2425#endif
2426 {
2427 sent = send(man->connection.sd_cli, (const void *)BPTR(buf), len, MSG_NOSIGNAL);
2428 }
2429 if (sent >= 0)
2430 {
2431 buffer_list_advance(man->connection.out, sent);
2432 }
2433 else if (sent < 0)
2434 {
2435 if (man_io_error(man, "send"))
2436 {
2437 man_reset_client_socket(man, false);
2438 }
2439 }
2440 }
2441
2442 /*
2443 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2444 */
2445 man_update_io_state(man);
2446
2447 return sent;
2448}
2449
2450static void
2451man_connection_clear(struct man_connection *mc)
2452{
2453 CLEAR(*mc);
2454
2455 /* set initial state */
2456 mc->state = MS_INITIAL;
2457
2458 /* clear socket descriptors */
2459 mc->sd_top = SOCKET_UNDEFINED;
2460 mc->sd_cli = SOCKET_UNDEFINED;
2461}
2462
2463static void
2464man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size,
2465 const int state_buffer_size)
2466{
2467 struct man_persist *mp = &man->persist;
2468 if (!mp->defined)
2469 {
2470 CLEAR(*mp);
2471
2472 /* initialize log history store */
2473 mp->log = log_history_init(log_history_cache);
2474
2475 /*
2476 * Initialize virtual output object, so that functions
2477 * which write to a virtual_output object can be redirected
2478 * here to the management object.
2479 */
2480 mp->vout.func = virtual_output_callback_func;
2481 mp->vout.arg = man;
2482 mp->vout.flags_default = M_CLIENT;
2483 msg_set_virtual_output(&mp->vout);
2484
2485 /*
2486 * Initialize --echo list
2487 */
2488 man->persist.echo = log_history_init(echo_buffer_size);
2489
2490 /*
2491 * Initialize --state list
2492 */
2493 man->persist.state = log_history_init(state_buffer_size);
2494
2495 mp->defined = true;
2496 }
2497}
2498
2499static void
2500man_persist_close(struct man_persist *mp)
2501{
2502 if (mp->log)
2503 {
2504 msg_set_virtual_output(NULL);
2505 log_history_close(mp->log);
2506 }
2507
2508 if (mp->echo)
2509 {
2510 log_history_close(mp->echo);
2511 }
2512
2513 if (mp->state)
2514 {
2515 log_history_close(mp->state);
2516 }
2517
2518 CLEAR(*mp);
2519}
2520
2521static void
2522man_settings_init(struct man_settings *ms, const char *addr, const char *port,
2523 const char *pass_file, const char *client_user, const char *client_group,
2524 const int log_history_cache, const int echo_buffer_size,
2525 const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
2526{
2527 if (!ms->defined)
2528 {
2529 CLEAR(*ms);
2530
2531 ms->flags = flags;
2532
2533 /*
2534 * Get username/password
2535 */
2536 if (pass_file)
2537 {
2538 get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2539 }
2540
2541#if UNIX_SOCK_SUPPORT
2542 /*
2543 * lookup client UID/GID if specified
2544 */
2545 if (client_user)
2546 {
2547 ASSERT(platform_user_get(client_user, &ms->user));
2548 msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->user.uid);
2549 }
2550 if (client_group)
2551 {
2552 ASSERT(platform_group_get(client_group, &ms->group));
2553 msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->group.gid);
2554 }
2555
2556 if (ms->flags & MF_UNIX_SOCK)
2557 {
2558 sockaddr_unix_init(&ms->local_unix, addr);
2559 }
2560 else
2561#endif
2562 {
2563 /*
2564 * Run management over tunnel, or
2565 * separate channel?
2566 */
2567 if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2568 {
2569 ms->management_over_tunnel = true;
2570 }
2571 else
2572 {
2573 int status;
2574 int resolve_flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL;
2575
2576 if (!(flags & MF_CONNECT_AS_CLIENT))
2577 {
2578 resolve_flags |= GETADDR_PASSIVE;
2579 }
2580
2581 status =
2582 openvpn_getaddrinfo(resolve_flags, addr, port, 0, NULL, AF_UNSPEC, &ms->local);
2583 ASSERT(status == 0);
2584 }
2585 }
2586
2587 /*
2588 * Log history and echo buffer may need to be resized
2589 */
2590 ms->log_history_cache = log_history_cache;
2591 ms->echo_buffer_size = echo_buffer_size;
2592 ms->state_buffer_size = state_buffer_size;
2593
2594 /*
2595 * Set remap sigusr1 flags
2596 */
2597 if (remap_sigusr1 == SIGHUP)
2598 {
2599 ms->mansig |= MANSIG_MAP_USR1_TO_HUP;
2600 }
2601 else if (remap_sigusr1 == SIGTERM)
2602 {
2603 ms->mansig |= MANSIG_MAP_USR1_TO_TERM;
2604 }
2605
2606 ms->defined = true;
2607 }
2608}
2609
2610static void
2611man_settings_close(struct man_settings *ms)
2612{
2613 if (ms->local)
2614 {
2615 freeaddrinfo(ms->local);
2616 }
2617 CLEAR(*ms);
2618}
2619
2620
2621static void
2622man_connection_init(struct management *man)
2623{
2624 if (man->connection.state == MS_INITIAL)
2625 {
2626#ifdef _WIN32
2627 /*
2628 * This object is a sort of TCP/IP helper
2629 * for Windows.
2630 */
2631 net_event_win32_init(&man->connection.ne32);
2632#endif
2633
2634 /*
2635 * Allocate helper objects for command line input and
2636 * command output from/to the socket.
2637 */
2638 man->connection.in = command_line_new(1024);
2639 man->connection.out = buffer_list_new();
2640
2641 /*
2642 * Initialize event set for standalone usage, when we are
2643 * running outside of the primary event loop.
2644 */
2645 {
2646 int maxevents = 1;
2647 man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2648 }
2649
2650 man->connection.client_version = 1; /* default version */
2651
2652 /*
2653 * Listen/connect socket
2654 */
2655 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2656 {
2657 man_connect(man);
2658 }
2659 else
2660 {
2661 man_listen(man);
2662 }
2663 }
2664}
2665
2666static void
2667man_connection_close(struct management *man)
2668{
2669 struct man_connection *mc = &man->connection;
2670
2671 event_free(mc->es);
2672#ifdef _WIN32
2673 net_event_win32_close(&mc->ne32);
2674#endif
2675 if (socket_defined(mc->sd_top))
2676 {
2677 man_close_socket(man, mc->sd_top);
2678 man_delete_unix_socket(man);
2679 }
2680 if (socket_defined(mc->sd_cli))
2681 {
2682 man_close_socket(man, mc->sd_cli);
2683 }
2684
2685 command_line_free(mc->in);
2686 buffer_list_free(mc->out);
2687
2688 event_timeout_clear(&mc->bytecount_update_interval);
2689
2690 in_extra_reset(&man->connection, IER_RESET);
2691 buffer_list_free(mc->ext_key_input);
2692 man_connection_clear(mc);
2693}
2694
2695struct management *
2696management_init(void)
2697{
2698 struct management *man;
2699 ALLOC_OBJ_CLEAR(man, struct management);
2700
2701 man_persist_init(man, MANAGEMENT_LOG_HISTORY_INITIAL_SIZE, MANAGEMENT_ECHO_BUFFER_SIZE,
2702 MANAGEMENT_STATE_BUFFER_SIZE);
2703
2704 man_connection_clear(&man->connection);
2705
2706 return man;
2707}
2708
2709bool
2710management_open(struct management *man, const char *addr, const char *port, const char *pass_file,
2711 const char *client_user, const char *client_group, const int log_history_cache,
2712 const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1,
2713 const unsigned int flags)
2714{
2715 bool ret = false;
2716
2717 /*
2718 * Save the settings only if they have not
2719 * been saved before.
2720 */
2721 man_settings_init(&man->settings, addr, port, pass_file, client_user, client_group,
2722 log_history_cache, echo_buffer_size, state_buffer_size, remap_sigusr1, flags);
2723
2724 /*
2725 * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2726 * but may be changed here. Ditto for echo and state buffers.
2727 */
2728 log_history_resize(man->persist.log, man->settings.log_history_cache);
2729 log_history_resize(man->persist.echo, man->settings.echo_buffer_size);
2730 log_history_resize(man->persist.state, man->settings.state_buffer_size);
2731
2732 /*
2733 * If connection object is uninitialized and we are not doing
2734 * over-the-tunnel management, then open (listening) connection.
2735 */
2736 if (man->connection.state == MS_INITIAL)
2737 {
2738 if (!man->settings.management_over_tunnel)
2739 {
2740 man_connection_init(man);
2741 ret = true;
2742 }
2743 }
2744
2745 return ret;
2746}
2747
2748void
2749management_close(struct management *man)
2750{
2751 man_output_list_push_finalize(man); /* flush output queue */
2752 man_connection_close(man);
2753 man_settings_close(&man->settings);
2754 man_persist_close(&man->persist);
2755 free(man);
2756}
2757
2758void
2759management_set_callback(struct management *man, const struct management_callback *cb)
2760{
2761 man->persist.standalone_disabled = true;
2762 man->persist.callback = *cb;
2763}
2764
2765void
2766management_clear_callback(struct management *man)
2767{
2768 man->persist.standalone_disabled = false;
2769 man->persist.hold_release = false;
2770 CLEAR(man->persist.callback);
2771 man_output_list_push_finalize(man); /* flush output queue */
2772}
2773
2774void
2775management_set_state(struct management *man, const int state, const char *detail,
2776 const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6,
2777 const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
2778{
2779 if (man->persist.state
2780 && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2781 {
2782 struct gc_arena gc = gc_new();
2783 struct log_entry e;
2784 const char *out = NULL;
2785
2786 update_time();
2787 CLEAR(e);
2788 e.timestamp = now;
2789 e.u.state = state;
2790 e.string = detail;
2791 if (tun_local_ip)
2792 {
2793 e.local_ip = *tun_local_ip;
2794 }
2795 if (tun_local_ip6)
2796 {
2797 e.local_ip6 = *tun_local_ip6;
2798 }
2799 if (local)
2800 {
2801 e.local_sock = *local;
2802 }
2803 if (remote)
2804 {
2805 e.remote_sock = *remote;
2806 }
2807
2808 log_history_add(man->persist.state, &e);
2809
2810 if (man->connection.state_realtime)
2811 {
2812 out = log_entry_print(&e,
2813 LOG_PRINT_STATE_PREFIX | LOG_PRINT_INT_DATE | LOG_PRINT_STATE
2814 | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP | LOG_PRINT_CRLF
2815 | LOG_ECHO_TO_LOG,
2816 &gc);
2817 }
2818
2819 if (out)
2820 {
2821 man_output_list_push(man, out);
2822 }
2823
2824 gc_free(&gc);
2825 }
2826}
2827
2828static bool
2829env_filter_match(const char *env_str, const int env_filter_level)
2830{
2831 static const char *env_names[] = { "username=",
2832 "password=",
2833 "X509_0_CN=",
2834 "tls_serial_",
2835 "untrusted_ip=",
2836 "ifconfig_local=",
2837 "ifconfig_netmask=",
2838 "daemon_start_time=",
2839 "daemon_pid=",
2840 "dev=",
2841 "ifconfig_pool_remote_ip=",
2842 "ifconfig_pool_netmask=",
2843 "time_duration=",
2844 "bytes_sent=",
2845 "bytes_received=",
2846 "session_id=",
2847 "session_state=" };
2848
2849 if (env_filter_level == 0)
2850 {
2851 return true;
2852 }
2853 else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2854 {
2855 return true;
2856 }
2857 else if (env_filter_level <= 2)
2858 {
2859 size_t i;
2860 for (i = 0; i < SIZE(env_names); ++i)
2861 {
2862 const char *en = env_names[i];
2863 const size_t len = strlen(en);
2864 if (!strncmp(env_str, en, len))
2865 {
2866 return true;
2867 }
2868 }
2869 return false;
2870 }
2871 return false;
2872}
2873
2874static void
2875man_output_env(const struct env_set *es, const bool tail, const int env_filter_level,
2876 const char *prefix)
2877{
2878 if (es)
2879 {
2880 struct env_item *e;
2881 for (e = es->list; e != NULL; e = e->next)
2882 {
2883 if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2884 {
2885 msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2886 }
2887 }
2888 }
2889 if (tail)
2890 {
2891 msg(M_CLIENT, ">%s:ENV,END", prefix);
2892 }
2893}
2894
2895static void
2896man_output_extra_env(struct management *man, const char *prefix)
2897{
2898 struct gc_arena gc = gc_new();
2899 struct env_set *es = env_set_create(&gc);
2900 if (man->persist.callback.n_clients)
2901 {
2902 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2903 setenv_int(es, "n_clients", nclients);
2904 }
2905 man_output_env(es, false, man->connection.env_filter_level, prefix);
2906 gc_free(&gc);
2907}
2908
2909void
2910management_up_down(struct management *man, const char *updown, const struct env_set *es)
2911{
2912 if (man->settings.flags & MF_UP_DOWN)
2913 {
2914 msg(M_CLIENT, ">UPDOWN:%s", updown);
2915 man_output_env(es, true, 0, "UPDOWN");
2916 }
2917}
2918
2919void
2920management_notify(struct management *man, const char *severity, const char *type, const char *text)
2921{
2922 msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2923}
2924
2925void
2926management_notify_generic(struct management *man, const char *str)
2927{
2928 msg(M_CLIENT, "%s", str);
2929}
2930
2931static void
2932man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
2933{
2934 char line[256];
2935 if (man->persist.callback.get_peer_info)
2936 {
2937 const char *peer_info =
2938 (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2939 if (peer_info)
2940 {
2941 struct buffer buf;
2942 buf_set_read(&buf, (const uint8_t *)peer_info, strlen(peer_info));
2943 while (buf_parse(&buf, '\n', line, sizeof(line)))
2944 {
2945 chomp(line);
2946 if (validate_peer_info_line(line))
2947 {
2948 msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2949 }
2950 else
2951 {
2952 msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2953 }
2954 }
2955 }
2956 }
2957}
2958
2959void
2960management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id,
2961 struct man_def_auth_context *mdac, const struct env_set *es)
2962{
2963 if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2964 {
2965 const char *mode = "CONNECT";
2966 if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2967 {
2968 mode = "REAUTH";
2969 }
2970 msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2971 man_output_extra_env(management, "CLIENT");
2972 if (management->connection.env_filter_level > 0)
2973 {
2974 man_output_peer_info_env(management, mdac);
2975 }
2976 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2977 mdac->flags |= DAF_INITIAL_AUTH;
2978 }
2979}
2980
2981void
2982management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac,
2983 const struct env_set *es, const char *response)
2984{
2985 struct gc_arena gc;
2986 if (management)
2987 {
2988 gc = gc_new();
2989
2990 msg(M_CLIENT, ">CLIENT:CR_RESPONSE,%lu,%u,%s", mdac->cid, mda_key_id, response);
2991 man_output_extra_env(management, "CLIENT");
2992 if (management->connection.env_filter_level > 0)
2993 {
2994 man_output_peer_info_env(management, mdac);
2995 }
2996 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2997 gc_free(&gc);
2998 }
2999}
3000
3001void
3002management_connection_established(struct management *management, struct man_def_auth_context *mdac,
3003 const struct env_set *es)
3004{
3005 mdac->flags |= DAF_CONNECTION_ESTABLISHED;
3006 msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
3007 man_output_extra_env(management, "CLIENT");
3008 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3009}
3010
3011void
3012management_notify_client_close(struct management *management, struct man_def_auth_context *mdac,
3013 const struct env_set *es)
3014{
3015 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3016 {
3017 msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
3018 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3019 mdac->flags |= DAF_CONNECTION_CLOSED;
3020 }
3021}
3022
3023void
3024management_learn_addr(struct management *management, struct man_def_auth_context *mdac,
3025 const struct mroute_addr *addr, const bool primary)
3026{
3027 struct gc_arena gc = gc_new();
3028 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3029 {
3030 msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d", mdac->cid,
3031 mroute_addr_print_ex(addr, MAPF_SUBNET, &gc), BOOL_CAST(primary));
3032 }
3033 gc_free(&gc);
3034}
3035
3036void
3037management_echo(struct management *man, const char *string, const bool pull)
3038{
3039 if (man->persist.echo)
3040 {
3041 struct gc_arena gc = gc_new();
3042 struct log_entry e;
3043 const char *out = NULL;
3044
3045 update_time();
3046 CLEAR(e);
3047 e.timestamp = now;
3048 e.string = string;
3049 e.u.intval = BOOL_CAST(pull);
3050
3051 log_history_add(man->persist.echo, &e);
3052
3053 if (man->connection.echo_realtime)
3054 {
3055 out = log_entry_print(&e,
3056 LOG_PRINT_INT_DATE | LOG_PRINT_ECHO_PREFIX | LOG_PRINT_CRLF
3057 | MANAGEMENT_ECHO_FLAGS,
3058 &gc);
3059 }
3060
3061 if (out)
3062 {
3063 man_output_list_push(man, out);
3064 }
3065
3066 gc_free(&gc);
3067 }
3068}
3069
3070void
3071management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
3072{
3073 /*
3074 * If we are running management over the tunnel,
3075 * this is the place to initialize the connection.
3076 */
3077 if (man->settings.management_over_tunnel && man->connection.state == MS_INITIAL)
3078 {
3079 /* listen on our local TUN/TAP IP address */
3080 struct in_addr ia;
3081 int ret;
3082 char buf[INET_ADDRSTRLEN];
3083
3084 ia.s_addr = htonl(tun_local_ip);
3085 inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3086 ret =
3087 openvpn_getaddrinfo(GETADDR_PASSIVE, buf, NULL, 0, NULL, AF_INET, &man->settings.local);
3088 ASSERT(ret == 0);
3089 man_connection_init(man);
3090 }
3091}
3092
3093void
3094management_pre_tunnel_close(struct management *man)
3095{
3096 if (man->settings.management_over_tunnel)
3097 {
3098 man_connection_close(man);
3099 }
3100}
3101
3102void
3103management_auth_failure(struct management *man, const char *type, const char *reason)
3104{
3105 if (reason)
3106 {
3107 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3108 }
3109 else
3110 {
3111 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3112 }
3113}
3114
3115void
3116management_auth_token(struct management *man, const char *token)
3117{
3118 msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3119}
3120
3121static inline bool
3122man_persist_state(unsigned int *persistent, const int n)
3123{
3124 if (persistent)
3125 {
3126 if (*persistent == (unsigned int)n)
3127 {
3128 return false;
3129 }
3130 *persistent = n;
3131 }
3132 return true;
3133}
3134
3135#ifdef _WIN32
3136
3137void
3138management_socket_set(struct management *man, struct event_set *es, void *arg,
3139 unsigned int *persistent)
3140{
3141 if (man->connection.state != MS_INITIAL)
3142 {
3143 event_t ev = net_event_win32_get_event(&man->connection.ne32);
3144 net_event_win32_reset_write(&man->connection.ne32);
3145
3146 switch (man->connection.state)
3147 {
3148 case MS_LISTEN:
3149 if (man_persist_state(persistent, 1))
3150 {
3151 event_ctl(es, ev, EVENT_READ, arg);
3152 }
3153 break;
3154
3155 case MS_CC_WAIT_READ:
3156 if (man_persist_state(persistent, 2))
3157 {
3158 event_ctl(es, ev, EVENT_READ, arg);
3159 }
3160 break;
3161
3162 case MS_CC_WAIT_WRITE:
3163 if (man_persist_state(persistent, 3))
3164 {
3165 event_ctl(es, ev, EVENT_READ | EVENT_WRITE, arg);
3166 }
3167 break;
3168
3169 default:
3170 ASSERT(0);
3171 }
3172 }
3173}
3174
3175void
3176management_io(struct management *man)
3177{
3178 if (man->connection.state != MS_INITIAL)
3179 {
3180 long net_events;
3181 net_event_win32_reset(&man->connection.ne32);
3182 net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3183
3184 if (net_events & FD_CLOSE)
3185 {
3186 man_reset_client_socket(man, false);
3187 }
3188 else
3189 {
3190 if (man->connection.state == MS_LISTEN)
3191 {
3192 if (net_events & FD_ACCEPT)
3193 {
3194 man_accept(man);
3195 net_event_win32_clear_selected_events(&man->connection.ne32, FD_ACCEPT);
3196 }
3197 }
3198 else if (man->connection.state == MS_CC_WAIT_READ
3199 || man->connection.state == MS_CC_WAIT_WRITE)
3200 {
3201 if (net_events & FD_READ)
3202 {
3203 while (man_read(man) > 0)
3204 {
3205 }
3206 net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
3207 }
3208
3209 if (net_events & FD_WRITE)
3210 {
3211 ssize_t status = man_write(man);
3212 if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3213 {
3214 net_event_win32_clear_selected_events(&man->connection.ne32, FD_WRITE);
3215 }
3216 }
3217 }
3218 }
3219 }
3220}
3221
3222#else /* ifdef _WIN32 */
3223
3224void
3225management_socket_set(struct management *man, struct event_set *es, void *arg,
3226 unsigned int *persistent)
3227{
3228 switch (man->connection.state)
3229 {
3230 case MS_LISTEN:
3231 if (man_persist_state(persistent, 1))
3232 {
3233 event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3234 }
3235 break;
3236
3237 case MS_CC_WAIT_READ:
3238 if (man_persist_state(persistent, 2))
3239 {
3240 event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3241 }
3242 break;
3243
3244 case MS_CC_WAIT_WRITE:
3245 if (man_persist_state(persistent, 3))
3246 {
3247 event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3248 }
3249 break;
3250
3251 case MS_INITIAL:
3252 break;
3253
3254 default:
3255 ASSERT(0);
3256 }
3257}
3258
3259void
3260management_io(struct management *man)
3261{
3262 switch (man->connection.state)
3263 {
3264 case MS_LISTEN:
3265 man_accept(man);
3266 break;
3267
3268 case MS_CC_WAIT_READ:
3269 man_read(man);
3270 break;
3271
3272 case MS_CC_WAIT_WRITE:
3273 man_write(man);
3274 break;
3275
3276 case MS_INITIAL:
3277 break;
3278
3279 default:
3280 ASSERT(0);
3281 }
3282}
3283
3284#endif /* ifdef _WIN32 */
3285
3286static inline bool
3287man_standalone_ok(const struct management *man)
3288{
3289 return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3290}
3291
3292static bool
3293man_check_for_signals(volatile int *signal_received)
3294{
3295 if (signal_received)
3296 {
3297 get_signal(signal_received);
3298 if (*signal_received)
3299 {
3300 return true;
3301 }
3302 }
3303 return false;
3304}
3305
3306/*
3307 * Wait for socket I/O when outside primary event loop
3308 */
3309static int
3310man_block(struct management *man, volatile int *signal_received, const time_t expire)
3311{
3312 struct timeval tv;
3313 struct event_set_return esr;
3314 int status = -1;
3315
3316 if (man_standalone_ok(man))
3317 {
3318 /* expire time can be already overdue, for this case init zero
3319 * timeout to avoid waiting first time and exit loop early with
3320 * either obtained event or timeout.
3321 */
3322 tv.tv_usec = 0;
3323 tv.tv_sec = 0;
3324
3325 while (true)
3326 {
3327 event_reset(man->connection.es);
3328 management_socket_set(man, man->connection.es, NULL, NULL);
3329 if (man_check_for_signals(signal_received))
3330 {
3331 status = -1;
3332 break;
3333 }
3334 status = event_wait(man->connection.es, &tv, &esr, 1);
3335 update_time();
3336 if (man_check_for_signals(signal_received))
3337 {
3338 status = -1;
3339 break;
3340 }
3341
3342 if (status > 0)
3343 {
3344 break;
3345 }
3346 else if (expire && now >= expire)
3347 {
3348 /* set SIGINT signal if expiration time exceeded */
3349 status = 0;
3350 if (signal_received)
3351 {
3352 *signal_received = SIGINT;
3353 }
3354 break;
3355 }
3356
3357 /* wait one second more */
3358 tv.tv_sec = 1;
3359 tv.tv_usec = 0;
3360 }
3361 }
3362 return status;
3363}
3364
3365/*
3366 * Perform management socket output outside primary event loop
3367 */
3368static void
3369man_output_standalone(struct management *man, volatile int *signal_received)
3370{
3371 if (man_standalone_ok(man))
3372 {
3373 while (man->connection.state == MS_CC_WAIT_WRITE)
3374 {
3375 management_io(man);
3376 if (man->connection.state == MS_CC_WAIT_WRITE)
3377 {
3378 man_block(man, signal_received, 0);
3379 }
3380 if (signal_received && *signal_received)
3381 {
3382 break;
3383 }
3384 }
3385 }
3386}
3387
3388/*
3389 * Process management event loop outside primary event loop
3390 */
3391static int
3392man_standalone_event_loop(struct management *man, volatile int *signal_received,
3393 const time_t expire)
3394{
3395 int status = -1;
3396 if (man_standalone_ok(man))
3397 {
3398 status = man_block(man, signal_received, expire);
3399 if (status > 0)
3400 {
3401 management_io(man);
3402 }
3403 }
3404 return status;
3405}
3406
3407#define MWCC_PASSWORD_WAIT (1 << 0)
3408#define MWCC_HOLD_WAIT (1 << 1)
3409#define MWCC_OTHER_WAIT (1 << 2)
3410
3411/*
3412 * Block until client connects
3413 */
3414static void
3415man_wait_for_client_connection(struct management *man, volatile int *signal_received,
3416 const time_t expire, unsigned int flags)
3417{
3418 ASSERT(man_standalone_ok(man));
3419 if (man->connection.state == MS_LISTEN)
3420 {
3421 if (flags & MWCC_PASSWORD_WAIT)
3422 {
3423 msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3424 }
3425 if (flags & MWCC_HOLD_WAIT)
3426 {
3427 msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3428 }
3429 if (flags & MWCC_OTHER_WAIT)
3430 {
3431 msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3432 }
3433 do
3434 {
3435 man_standalone_event_loop(man, signal_received, expire);
3436 if (signal_received && *signal_received)
3437 {
3438 break;
3439 }
3440 } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3441 }
3442}
3443
3444/*
3445 * Process the management event loop for sec seconds
3446 */
3447void
3448management_event_loop_n_seconds(struct management *man, int sec)
3449{
3450 if (man_standalone_ok(man))
3451 {
3452 volatile int signal_received = 0;
3453 const bool standalone_disabled_save = man->persist.standalone_disabled;
3454 time_t expire = 0;
3455
3456 /* This is so M_CLIENT messages will be correctly passed through msg() */
3457 man->persist.standalone_disabled = false;
3458
3459 /* set expire time */
3460 update_time();
3461 if (sec >= 0)
3462 {
3463 expire = now + sec;
3464 }
3465
3466 /* if no client connection, wait for one */
3467 man_wait_for_client_connection(man, &signal_received, expire, 0);
3468 if (signal_received)
3469 {
3470 return;
3471 }
3472
3473 /* run command processing event loop */
3474 do
3475 {
3476 man_standalone_event_loop(man, &signal_received, expire);
3477 if (!signal_received)
3478 {
3479 man_check_for_signals(&signal_received);
3480 }
3481 if (signal_received)
3482 {
3483 return;
3484 }
3485 update_time();
3486 } while (expire && expire > now);
3487
3488 /* revert state */
3489 man->persist.standalone_disabled = standalone_disabled_save;
3490 }
3491 else if (sec > 0)
3492 {
3493 sleep(sec);
3494 }
3495}
3496
3497/*
3498 * Get a username/password from management channel in standalone mode.
3499 */
3500bool
3501management_query_user_pass(struct management *man, struct user_pass *up, const char *type,
3502 const unsigned int flags, const char *static_challenge)
3503{
3504 struct gc_arena gc = gc_new();
3505 bool ret = false;
3506
3507 if (man_standalone_ok(man))
3508 {
3509 volatile int signal_received = 0;
3510 const bool standalone_disabled_save = man->persist.standalone_disabled;
3511 struct buffer alert_msg = alloc_buf_gc(128, &gc);
3512 const char *alert_type = NULL;
3513 const char *prefix = NULL;
3514 unsigned int up_query_mode = 0;
3515 const char *sc = NULL;
3516 ret = true;
3517 /* This is so M_CLIENT messages will be correctly passed through msg() */
3518 man->persist.standalone_disabled = false;
3519 man->persist.special_state_msg = NULL;
3520
3521 CLEAR(man->connection.up_query);
3522
3523 if (flags & GET_USER_PASS_NEED_OK)
3524 {
3525 up_query_mode = UP_QUERY_NEED_OK;
3526 prefix = "NEED-OK";
3527 alert_type = "confirmation";
3528 }
3529 else if (flags & GET_USER_PASS_NEED_STR)
3530 {
3531 up_query_mode = UP_QUERY_NEED_STR;
3532 prefix = "NEED-STR";
3533 alert_type = "string";
3534 }
3535 else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3536 {
3537 up_query_mode = UP_QUERY_PASS;
3538 prefix = "PASSWORD";
3539 alert_type = "password";
3540 }
3541 else
3542 {
3543 up_query_mode = UP_QUERY_USER_PASS;
3544 prefix = "PASSWORD";
3545 alert_type = "username/password";
3546 if (static_challenge)
3547 {
3548 sc = static_challenge;
3549 }
3550 }
3551 buf_printf(&alert_msg, ">%s:Need '%s' %s", prefix, type, alert_type);
3552
3553 if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3554 {
3555 buf_printf(&alert_msg, " MSG:%s", up->username);
3556 }
3557
3558 if (sc)
3559 {
3560 buf_printf(&alert_msg, " SC:%d,%s",
3561 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO)
3562 | (BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT) << 1),
3563 sc);
3564 }
3565
3566 man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3567 if (signal_received)
3568 {
3569 ret = false;
3570 }
3571
3572 if (ret)
3573 {
3574 man->persist.special_state_msg = BSTR(&alert_msg);
3575 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3576
3577 /* tell command line parser which info we need */
3578 man->connection.up_query_mode = up_query_mode;
3579 man->connection.up_query_type = type;
3580
3581 /* run command processing event loop until we get our username/password/response */
3582 do
3583 {
3584 man_standalone_event_loop(man, &signal_received, 0);
3585 if (!signal_received)
3586 {
3587 man_check_for_signals(&signal_received);
3588 }
3589 if (signal_received)
3590 {
3591 ret = false;
3592 break;
3593 }
3594 } while (!man->connection.up_query.defined);
3595 }
3596
3597 /* revert state */
3598 man->connection.up_query_mode = UP_QUERY_DISABLED;
3599 man->connection.up_query_type = NULL;
3600 man->persist.standalone_disabled = standalone_disabled_save;
3601 man->persist.special_state_msg = NULL;
3602
3603 /* pass through blank passwords */
3604 if (!strcmp(man->connection.up_query.password, blank_up))
3605 {
3606 CLEAR(man->connection.up_query.password);
3607 }
3608
3609 /*
3610 * Transfer u/p to return object, zero any record
3611 * we hold in the management object.
3612 */
3613 if (ret)
3614 {
3615 /* preserve caller's settings */
3616 man->connection.up_query.nocache = up->nocache;
3617 *up = man->connection.up_query;
3618 }
3619 secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3620 }
3621
3622 gc_free(&gc);
3623 return ret;
3624}
3625
3626static int
3627management_query_multiline(struct management *man, const char *b64_data, const char *prompt,
3628 const char *cmd, int *state, struct buffer_list **input)
3629{
3630 struct gc_arena gc = gc_new();
3631 int ret = 0;
3632 volatile int signal_received = 0;
3633 struct buffer alert_msg = clear_buf();
3634 const bool standalone_disabled_save = man->persist.standalone_disabled;
3635 struct man_connection *mc = &man->connection;
3636
3637 if (man_standalone_ok(man))
3638 {
3639 /* This is so M_CLIENT messages will be correctly passed through msg() */
3640 man->persist.standalone_disabled = false;
3641 man->persist.special_state_msg = NULL;
3642
3643 *state = EKS_SOLICIT;
3644
3645 if (b64_data)
3646 {
3647 alert_msg = alloc_buf_gc(strlen(b64_data) + strlen(prompt) + 3, &gc);
3648 buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3649 }
3650 else
3651 {
3652 alert_msg = alloc_buf_gc(strlen(prompt) + 3, &gc);
3653 buf_printf(&alert_msg, ">%s", prompt);
3654 }
3655
3656 man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3657
3658 if (signal_received)
3659 {
3660 goto done;
3661 }
3662
3663 man->persist.special_state_msg = BSTR(&alert_msg);
3664 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3665
3666 /* run command processing event loop until we get our signature */
3667 do
3668 {
3669 man_standalone_event_loop(man, &signal_received, 0);
3670 if (!signal_received)
3671 {
3672 man_check_for_signals(&signal_received);
3673 }
3674 if (signal_received)
3675 {
3676 goto done;
3677 }
3678 } while (*state != EKS_READY);
3679
3680 ret = 1;
3681 }
3682
3683done:
3684 if (*state == EKS_READY && ret)
3685 {
3686 msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3687 }
3688 else if (*state == EKS_INPUT || *state == EKS_READY)
3689 {
3690 msg(M_CLIENT, "ERROR: %s command failed", cmd);
3691 }
3692
3693 /* revert state */
3694 man->persist.standalone_disabled = standalone_disabled_save;
3695 man->persist.special_state_msg = NULL;
3696 in_extra_reset(mc, IER_RESET);
3697 *state = EKS_UNDEF;
3698
3699 gc_free(&gc);
3700 return ret;
3701}
3702
3703static char *
3704/* returns allocated base64 signature */
3705management_query_multiline_flatten_newline(struct management *man, const char *b64_data,
3706 const char *prompt, const char *cmd, int *state,
3707 struct buffer_list **input)
3708{
3709 int ok;
3710 char *result = NULL;
3711 struct buffer *buf;
3712
3713 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3714 if (ok && buffer_list_defined(*input))
3715 {
3716 buffer_list_aggregate_separator(*input, 10000, "\n");
3717 buf = buffer_list_peek(*input);
3718 if (buf && BLEN(buf) > 0)
3719 {
3720 result = (char *)malloc(BLEN(buf) + 1);
3721 check_malloc_return(result);
3722 memcpy(result, buf->data, BLEN(buf));
3723 result[BLEN(buf)] = '\0';
3724 }
3725 }
3726
3727 buffer_list_free(*input);
3728 *input = NULL;
3729
3730 return result;
3731}
3732
3733static char *
3734/* returns allocated base64 signature */
3735management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt,
3736 const char *cmd, int *state, struct buffer_list **input)
3737{
3738 int ok;
3739 char *result = NULL;
3740 struct buffer *buf;
3741
3742 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3743 if (ok && buffer_list_defined(*input))
3744 {
3745 buffer_list_aggregate(*input, 2048);
3746 buf = buffer_list_peek(*input);
3747 if (buf && BLEN(buf) > 0)
3748 {
3749 result = (char *)malloc(BLEN(buf) + 1);
3750 check_malloc_return(result);
3751 memcpy(result, buf->data, BLEN(buf));
3752 result[BLEN(buf)] = '\0';
3753 }
3754 }
3755
3756 buffer_list_free(*input);
3757 *input = NULL;
3758
3759 return result;
3760}
3761
3762char *
3763/* returns allocated base64 signature */
3764management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
3765{
3766 const char *prompt = "PK_SIGN";
3767 const char *desc = "pk-sign";
3768 struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
3769
3770 if (man->connection.client_version <= 1)
3771 {
3772 prompt = "RSA_SIGN";
3773 desc = "rsa-sign";
3774 }
3775
3776 buf_write(&buf_data, b64_data, (int)strlen(b64_data));
3777 if (man->connection.client_version > 2)
3778 {
3779 buf_write(&buf_data, ",", (int)strlen(","));
3780 buf_write(&buf_data, algorithm, (int)strlen(algorithm));
3781 }
3782 char *ret = management_query_multiline_flatten(man, (char *)buf_bptr(&buf_data), prompt, desc,
3783 &man->connection.ext_key_state,
3784 &man->connection.ext_key_input);
3785 free_buf(&buf_data);
3786 return ret;
3787}
3788
3789char *
3790management_query_cert(struct management *man, const char *cert_name)
3791{
3792 const char prompt_1[] = "NEED-CERTIFICATE:";
3793 struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3794 buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3795 buf_write(&buf_prompt, cert_name, strlen(cert_name) + 1); /* +1 for \0 */
3796
3797 char *result;
3798 result = management_query_multiline_flatten_newline(
3799 management, NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3800 &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3801 free_buf(&buf_prompt);
3802 return result;
3803}
3804
3805/*
3806 * Return true if management_hold() would block
3807 */
3808bool
3809management_would_hold(struct management *man)
3810{
3811 return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3812}
3813
3814/*
3815 * If the hold flag is enabled, hibernate until a management client releases the hold.
3816 * Return true if the caller should not sleep for an additional time interval.
3817 */
3818bool
3819management_hold(struct management *man, int holdtime)
3820{
3821 if (management_would_hold(man))
3822 {
3823 volatile int signal_received = 0;
3824 const bool standalone_disabled_save = man->persist.standalone_disabled;
3825 struct gc_arena gc = gc_new();
3826
3827 man->persist.standalone_disabled =
3828 false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3829 man->persist.special_state_msg = NULL;
3830 man->settings.mansig |= MANSIG_IGNORE_USR1_HUP;
3831
3832 man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3833
3834 if (!signal_received)
3835 {
3836 struct buffer out = alloc_buf_gc(128, &gc);
3837 buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3838 man->persist.special_state_msg = BSTR(&out);
3839 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3840
3841 /* run command processing event loop until we get our username/password */
3842 do
3843 {
3844 man_standalone_event_loop(man, &signal_received, 0);
3845 if (!signal_received)
3846 {
3847 man_check_for_signals(&signal_received);
3848 }
3849 if (signal_received)
3850 {
3851 break;
3852 }
3853 } while (!man->persist.hold_release);
3854 }
3855
3856 /* revert state */
3857 man->persist.standalone_disabled = standalone_disabled_save;
3858 man->persist.special_state_msg = NULL;
3859 man->settings.mansig &= ~MANSIG_IGNORE_USR1_HUP;
3860
3861 gc_free(&gc);
3862 return true;
3863 }
3864 return false;
3865}
3866
3867/*
3868 * struct command_line
3869 */
3870
3871struct command_line *
3872command_line_new(const size_t buf_len)
3873{
3874 struct command_line *cl;
3875 ALLOC_OBJ_CLEAR(cl, struct command_line);
3876 cl->buf = alloc_buf(buf_len);
3877 cl->residual = alloc_buf(buf_len);
3878 return cl;
3879}
3880
3881void
3882command_line_reset(struct command_line *cl)
3883{
3884 buf_clear(&cl->buf);
3885 buf_clear(&cl->residual);
3886}
3887
3888void
3889command_line_free(struct command_line *cl)
3890{
3891 if (!cl)
3892 {
3893 return;
3894 }
3895 command_line_reset(cl);
3896 free_buf(&cl->buf);
3897 free_buf(&cl->residual);
3898 free(cl);
3899}
3900
3901void
3902command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
3903{
3904 for (size_t i = 0; i < len; ++i)
3905 {
3906 if (buf[i] && char_class(buf[i], (CC_PRINT | CC_NEWLINE)))
3907 {
3908 if (!buf_write_u8(&cl->buf, buf[i]))
3909 {
3910 buf_clear(&cl->buf);
3911 }
3912 }
3913 }
3914}
3915
3916const char *
3917command_line_get(struct command_line *cl)
3918{
3919 const char *ret = NULL;
3920
3921 int i = buf_substring_len(&cl->buf, '\n');
3922 if (i >= 0)
3923 {
3924 buf_copy_excess(&cl->residual, &cl->buf, i);
3925 buf_chomp(&cl->buf);
3926 ret = BSTR(&cl->buf);
3927 }
3928 return ret;
3929}
3930
3931void
3932command_line_next(struct command_line *cl)
3933{
3934 buf_clear(&cl->buf);
3935 buf_copy(&cl->buf, &cl->residual);
3936 buf_clear(&cl->residual);
3937}
3938
3939/*
3940 * struct log_entry
3941 */
3942
3943const char *
3944log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3945{
3946 struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3947 if (flags & LOG_FATAL_NOTIFY)
3948 {
3949 buf_printf(&out, ">FATAL:");
3950 }
3951 if (flags & LOG_PRINT_LOG_PREFIX)
3952 {
3953 buf_printf(&out, ">LOG:");
3954 }
3955 if (flags & LOG_PRINT_ECHO_PREFIX)
3956 {
3957 buf_printf(&out, ">ECHO:");
3958 }
3959 if (flags & LOG_PRINT_STATE_PREFIX)
3960 {
3961 buf_printf(&out, ">STATE:");
3962 }
3963 if (flags & LOG_PRINT_INT_DATE)
3964 {
3965 buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3966 }
3967 if (flags & LOG_PRINT_MSG_FLAGS)
3968 {
3969 buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3970 }
3971 if (flags & LOG_PRINT_STATE)
3972 {
3973 buf_printf(&out, "%s,", man_state_name(e->u.state));
3974 }
3975 if (flags & LOG_PRINT_INTVAL)
3976 {
3977 buf_printf(&out, "%d,", e->u.intval);
3978 }
3979 if (e->string)
3980 {
3981 buf_printf(&out, "%s", e->string);
3982 }
3983 if (flags & LOG_PRINT_LOCAL_IP)
3984 {
3985 buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
3986 }
3987 if (flags & LOG_PRINT_REMOTE_IP)
3988 {
3989 buf_printf(&out, ",%s",
3990 (!addr_defined(&e->remote_sock)
3991 ? ","
3992 : print_sockaddr_ex(&e->remote_sock.addr.sa, ",",
3993 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
3994 buf_printf(&out, ",%s",
3995 (!addr_defined(&e->local_sock)
3996 ? ","
3997 : print_sockaddr_ex(&e->local_sock.addr.sa, ",",
3998 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
3999 }
4000 if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
4001 {
4002 buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
4003 }
4004 if (flags & LOG_ECHO_TO_LOG)
4005 {
4006 msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
4007 }
4008 if (flags & LOG_PRINT_CRLF)
4009 {
4010 buf_printf(&out, "\r\n");
4011 }
4012 return BSTR(&out);
4013}
4014
4015static void
4016log_entry_free_contents(struct log_entry *e)
4017{
4018 /* Cast away constness of const char* */
4019 free((char *)e->string);
4020 CLEAR(*e);
4021}
4022
4023/*
4024 * struct log_history
4025 */
4026
4027static inline int
4028log_index(const struct log_history *h, int i)
4029{
4030 return modulo_add(h->base, i, h->capacity);
4031}
4032
4033static void
4034log_history_obj_init(struct log_history *h, int capacity)
4035{
4036 CLEAR(*h);
4037 h->capacity = capacity;
4038 ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
4039}
4040
4041struct log_history *
4042log_history_init(const int capacity)
4043{
4044 struct log_history *h;
4045 ASSERT(capacity > 0);
4046 ALLOC_OBJ(h, struct log_history);
4047 log_history_obj_init(h, capacity);
4048 return h;
4049}
4050
4051static void
4052log_history_free_contents(struct log_history *h)
4053{
4054 int i;
4055 for (i = 0; i < h->size; ++i)
4056 {
4057 log_entry_free_contents(&h->array[log_index(h, i)]);
4058 }
4059 free(h->array);
4060}
4061
4062void
4063log_history_close(struct log_history *h)
4064{
4065 log_history_free_contents(h);
4066 free(h);
4067}
4068
4069void
4070log_history_add(struct log_history *h, const struct log_entry *le)
4071{
4072 struct log_entry *e;
4073 ASSERT(h->size >= 0 && h->size <= h->capacity);
4074 if (h->size == h->capacity)
4075 {
4076 e = &h->array[h->base];
4077 log_entry_free_contents(e);
4078 h->base = log_index(h, 1);
4079 }
4080 else
4081 {
4082 e = &h->array[log_index(h, h->size)];
4083 ++h->size;
4084 }
4085
4086 *e = *le;
4087 e->string = string_alloc(le->string, NULL);
4088}
4089
4090void
4091log_history_resize(struct log_history *h, const int capacity)
4092{
4093 if (capacity != h->capacity)
4094 {
4095 struct log_history newlog;
4096 int i;
4097
4098 ASSERT(capacity > 0);
4099 log_history_obj_init(&newlog, capacity);
4100
4101 for (i = 0; i < h->size; ++i)
4102 {
4103 log_history_add(&newlog, &h->array[log_index(h, i)]);
4104 }
4105
4106 log_history_free_contents(h);
4107 *h = newlog;
4108 }
4109}
4110
4111const struct log_entry *
4112log_history_ref(const struct log_history *h, const int index)
4113{
4114 if (index >= 0 && index < h->size)
4115 {
4116 return &h->array[log_index(h, (h->size - 1) - index)];
4117 }
4118 else
4119 {
4120 return NULL;
4121 }
4122}
4123
4124void
4125management_sleep(const int n)
4126{
4127 if (n < 0)
4128 {
4129 return;
4130 }
4131 else if (management)
4132 {
4133 management_event_loop_n_seconds(management, n);
4134 }
4135 else
4136 {
4137#ifdef _WIN32
4138 win32_sleep(n);
4139#else
4140 if (n > 0)
4141 {
4142 sleep(n);
4143 }
4144#endif
4145 }
4146}
4147
4148void
4149management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
4150{
4151 if (man->persist.callback.flags & MCF_SERVER)
4152 {
4153 return;
4154 }
4155
4156 if (event_timeout_trigger(&man->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4157 {
4158 if (dco_enabled(&c->options))
4159 {
4160 if (dco_get_peer_stats(c, true) < 0)
4161 {
4162 return;
4163 }
4164 }
4165
4166 man_bytecount_output_client(c->c2.dco_read_bytes + man->persist.bytes_in + c->c2.link_read_bytes,
4167 c->c2.dco_write_bytes + man->persist.bytes_out + c->c2.link_write_bytes);
4168 }
4169}
4170
4171void
4172management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
4173{
4174 if (!(management->persist.callback.flags & MCF_SERVER))
4175 {
4176 return;
4177 }
4178
4179 if (event_timeout_trigger(&management->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4180 {
4181 /* fetch counters from dco */
4182 if (dco_enabled(&multi->top.options))
4183 {
4184 if (dco_get_peer_stats_multi(&multi->top.c1.tuntap->dco, true) < 0)
4185 {
4186 return;
4187 }
4188 }
4189
4190 /* iterate over peers and report counters for each connected peer */
4191 struct hash_iterator hi;
4192 struct hash_element *he;
4193 hash_iterator_init(multi->hash, &hi);
4194 while ((he = hash_iterator_next(&hi)))
4195 {
4196 struct multi_instance *mi = (struct multi_instance *)he->value;
4197 struct context_2 *c2 = &mi->context.c2;
4198
4199 if ((c2->mda_context.flags & (DAF_CONNECTION_ESTABLISHED | DAF_CONNECTION_CLOSED)) == DAF_CONNECTION_ESTABLISHED)
4200 {
4201 man_bytecount_output_server(c2->dco_read_bytes + c2->link_read_bytes, c2->dco_write_bytes + c2->link_write_bytes, &c2->mda_context);
4202 }
4203 }
4204 hash_iterator_free(&hi);
4205 }
4206}
4207
4208/* context_2 stats are reset on reconnect. Since client expects stats
4209 * to be preserved across reconnects, we need to save context_2
4210 * stats before tearing the tunnel down.
4211 */
4212void
4213man_persist_client_stats(struct management *man, struct context *c)
4214{
4215 man->persist.bytes_in += c->c2.link_read_bytes;
4216 man->persist.bytes_out += c->c2.link_write_bytes;
4217
4218 /* no need to raise SIGUSR1 on error since we are already closing the instance */
4219 if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
4220 {
4221 man->persist.bytes_in += c->c2.dco_read_bytes;
4222 man->persist.bytes_out += c->c2.dco_write_bytes;
4223 }
4224}
4225
4226#else /* ifdef ENABLE_MANAGEMENT */
4227
4228#include "win32.h"
4229void
4230management_sleep(const int n)
4231{
4232#ifdef _WIN32
4233 win32_sleep(n);
4234#else
4235 if (n > 0)
4236 {
4237 sleep(n);
4238 }
4239#endif /* ifdef _WIN32 */
4240}
4241
4242#endif /* ENABLE_MANAGEMENT */
buffer_list_defined
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition buffer.c:1172
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:184
buffer_list_aggregate_separator
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1247
buf_clear
void buf_clear(struct buffer *buf)
Definition buffer.c:163
buffer_list_reset
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition buffer.c:1178
buffer_list_aggregate
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1292
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
buffer_list_new
struct buffer_list * buffer_list_new(void)
Allocate an empty buffer list of capacity max_size.
Definition buffer.c:1153
chomp
void chomp(char *str)
Definition buffer.c:613
buffer_list_peek
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition buffer.c:1234
buffer_list_free
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition buffer.c:1162
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
buffer_list_advance
void buffer_list_advance(struct buffer_list *ol, ssize_t n)
Definition buffer.c:1315
buf_parse
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition buffer.c:824
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:648
buffer_list_push
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition buffer.c:1193
buf_chomp
void buf_chomp(struct buffer *buf)
Definition buffer.c:553
char_class
bool char_class(const unsigned char c, const unsigned int flags)
Definition buffer.c:880
buf_substring_len
int buf_substring_len(const struct buffer *buf, int delim)
Definition buffer.c:802
buf_bptr
static uint8_t * buf_bptr(const struct buffer *buf)
Definition buffer.h:240
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition buffer.h:1059
BSTR
#define BSTR(buf)
Definition buffer.h:128
clear_buf
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:222
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:704
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition buffer.h:1080
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition buffer.h:739
CC_NEWLINE
#define CC_NEWLINE
newline
Definition buffer.h:891
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:253
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition buffer.h:348
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
buf_write_u8
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:684
BLEN
#define BLEN(buf)
Definition buffer.h:126
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:361
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1107
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1025
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition buffer.h:885
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1064
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1017
counter_type
uint64_t counter_type
Definition common.h:31
counter_format
#define counter_format
Definition common.h:32
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition crypto_openssl.c:1346
dco_get_peer_stats_multi
static int dco_get_peer_stats_multi(dco_context_t *dco, const bool raise_sigusr1_on_err)
Definition dco.h:369
dco_get_peer_stats
static int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
Definition dco.h:375
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition env_set.c:291
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_MANAGEMENT_DEBUG
#define D_MANAGEMENT_DEBUG
Definition errlevel.h:137
M_INFO
#define M_INFO
Definition errlevel.h:54
D_MANAGEMENT
#define D_MANAGEMENT
Definition errlevel.h:87
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition errlevel.h:56
event_set_init
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition event.c:1187
EVENT_METHOD_FAST
#define EVENT_METHOD_FAST
Definition event.h:79
event_free
static void event_free(struct event_set *es)
Definition event.h:159
event_wait
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition event.h:186
EVENT_WRITE
#define EVENT_WRITE
Definition event.h:38
EVENT_READ
#define EVENT_READ
Definition event.h:37
event_reset
static void event_reset(struct event_set *es)
Definition event.h:168
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition event.h:180
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition fdmisc.c:68
link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:49
link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:48
reset_coarse_timers
void reset_coarse_timers(struct context *c)
Definition init.c:1296
min_size
static size_t min_size(size_t x, size_t y)
Definition integer.h:79
min_uint
static unsigned int min_uint(unsigned int x, unsigned int y)
Definition integer.h:66
min_int
static int min_int(int x, int y)
Definition integer.h:105
modulo_add
static int modulo_add(int x, int y, int mod)
Definition integer.h:185
status
static SERVICE_STATUS status
Definition interactive.c:51
event_timeout_trigger
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition interval.c:42
ETT_DEFAULT
#define ETT_DEFAULT
Definition interval.h:222
event_timeout_init
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t last)
Initialises a timer struct.
Definition interval.h:172
event_timeout_clear
static void event_timeout_clear(struct event_timeout *et)
Clears the timeout and reset all values to 0.
Definition interval.h:153
hash_iterator_free
void hash_iterator_free(struct hash_iterator *hi)
Definition list.c:270
hash_iterator_next
struct hash_element * hash_iterator_next(struct hash_iterator *hi)
Definition list.c:276
hash_iterator_init
void hash_iterator_init(struct hash *hash, struct hash_iterator *hi)
Definition list.c:234
management_pre_tunnel_close
void management_pre_tunnel_close(struct management *man)
Definition manage.c:3094
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3103
log_history_close
void log_history_close(struct log_history *h)
Definition manage.c:4063
management
struct management * management
Definition manage.c:64
man_status
static void man_status(struct management *man, const int version, struct status_output *so)
Definition manage.c:495
management_check_bytecount_server
void management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
Definition manage.c:4172
man_up_finalize
static void man_up_finalize(struct management *man)
Definition manage.c:728
man_io_error
static bool man_io_error(struct management *man, const char *prefix)
Definition manage.c:2156
man_log
static void man_log(struct management *man, const char *parm)
Definition manage.c:707
man_reset_client_socket
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition manage.c:2058
man_bytecount
static void man_bytecount(struct management *man, const int update_seconds)
Definition manage.c:515
management_notify_client_close
void management_notify_client_close(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3012
man_connect
static void man_connect(struct management *man)
Definition manage.c:1992
MWCC_OTHER_WAIT
#define MWCC_OTHER_WAIT
Definition manage.c:3409
man_read
static ssize_t man_read(struct management *man)
Definition manage.c:2312
man_check_for_signals
static bool man_check_for_signals(volatile int *signal_received)
Definition manage.c:3293
man_bytecount_output_server
static void man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total, struct man_def_auth_context *mdac)
Definition manage.c:565
man_output_list_push
static void man_output_list_push(struct management *man, const char *str)
Definition manage.c:280
management_socket_set
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition manage.c:3138
command_line_free
void command_line_free(struct command_line *cl)
Definition manage.c:3889
man_block
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3310
man_certificate
static void man_certificate(struct management *man)
Definition manage.c:1222
command_line_next
void command_line_next(struct command_line *cl)
Definition manage.c:3932
man_net
static void man_net(struct management *man)
Definition manage.c:832
management_clear_callback
void management_clear_callback(struct management *man)
Definition manage.c:2766
man_persist_init
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition manage.c:2464
management_query_cert
char * management_query_cert(struct management *man, const char *cert_name)
Definition manage.c:3790
command_line_new
struct command_line * command_line_new(const size_t buf_len)
Definition manage.c:3872
man_standalone_ok
static bool man_standalone_ok(const struct management *man)
Definition manage.c:3287
management_hold
bool management_hold(struct management *man, int holdtime)
Definition manage.c:3819
man_settings_init
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2522
log_index
static int log_index(const struct log_history *h, int i)
Definition manage.c:4028
man_connection_clear
static void man_connection_clear(struct man_connection *mc)
Definition manage.c:2451
AF_DID_RESET
#define AF_DID_RESET
man_start_ne32
static void man_start_ne32(struct management *man)
Definition manage.c:1745
man_connection_settings_reset
static void man_connection_settings_reset(struct management *man)
Definition manage.c:1773
man_help
static void man_help(void)
Definition manage.c:72
man_update_io_state
static void man_update_io_state(struct management *man)
Definition manage.c:241
man_bytecount_stop
static void man_bytecount_stop(struct management *man)
Definition manage.c:508
man_check_password
static void man_check_password(struct management *man, const char *line)
Definition manage.c:210
man_persist_state
static bool man_persist_state(unsigned int *persistent, const int n)
Definition manage.c:3122
man_need
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Checks if the correct number of arguments to a management command are present and otherwise prints an...
Definition manage.c:1264
man_connection_init
static void man_connection_init(struct management *man)
Definition manage.c:2622
env_filter_match
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition manage.c:2829
man_client_pending_auth
static void man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str, const char *extra, const char *timeout_str)
Will send a notification to the client that succesful authentication will require an additional step ...
Definition manage.c:1081
man_connection_close
static void man_connection_close(struct management *man)
Definition manage.c:2667
man_query_password
static void man_query_password(struct management *man, const char *type, const char *string)
Definition manage.c:792
man_client_kill
static void man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
Definition manage.c:1158
log_history_init
struct log_history * log_history_init(const int capacity)
Definition manage.c:4042
man_listen
static void man_listen(struct management *man)
Definition manage.c:1916
man_stop_ne32
static void man_stop_ne32(struct management *man)
Definition manage.c:1765
man_query_username
static void man_query_username(struct management *man, const char *type, const char *string)
Definition manage.c:783
man_push_update
static void man_push_update(struct management *man, const char **p, const push_update_type type)
Definition manage.c:1340
MWCC_PASSWORD_WAIT
#define MWCC_PASSWORD_WAIT
Definition manage.c:3407
man_dispatch_command
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition manage.c:1382
virtual_output_callback_func
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition manage.c:347
man_signal
static void man_signal(struct management *man, const char *name)
Definition manage.c:461
man_prompt
static void man_prompt(struct management *man)
Definition manage.c:287
man_state
static void man_state(struct management *man, const char *parm)
Definition manage.c:721
man_client_deny
static void man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
Definition manage.c:1130
man_echo
static void man_echo(struct management *man, const char *parm)
Definition manage.c:714
management_learn_addr
void management_learn_addr(struct management *management, struct man_def_auth_context *mdac, const struct mroute_addr *addr, const bool primary)
Definition manage.c:3024
management_query_multiline_flatten
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3735
man_proxy
static void man_proxy(struct management *man, const char **p)
Definition manage.c:1281
management_init
struct management * management_init(void)
Definition manage.c:2696
in_extra_reset
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition manage.c:982
command_line_reset
void command_line_reset(struct command_line *cl)
Definition manage.c:3882
man_query_need_str
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition manage.c:815
management_would_hold
bool management_would_hold(struct management *man)
Definition manage.c:3809
man_history
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition manage.c:665
management_query_user_pass
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition manage.c:3501
man_bytecount_output_client
static void man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
Definition manage.c:553
log_history_add
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition manage.c:4070
log_entry_free_contents
static void log_entry_free_contents(struct log_entry *e)
Definition manage.c:4016
man_mod_signal
static int man_mod_signal(const struct management *man, const int signum)
Definition manage.c:435
MN_AT_LEAST
#define MN_AT_LEAST
Definition manage.c:1252
management_event_loop_n_seconds
void management_event_loop_n_seconds(struct management *man, int sec)
Definition manage.c:3448
man_persist_close
static void man_persist_close(struct man_persist *mp)
Definition manage.c:2500
man_kill
static void man_kill(struct management *man, const char *victim)
Definition manage.c:577
management_close
void management_close(struct management *man)
Definition manage.c:2749
man_pk_sig
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition manage.c:1206
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition manage.c:2775
man_output_list_push_finalize
static void man_output_list_push_finalize(struct management *man)
Definition manage.c:257
man_load_stats
static void man_load_stats(struct management *man)
Definition manage.c:1238
man_password_needed
static bool man_password_needed(struct management *man)
Definition manage.c:204
set_client_version
static void set_client_version(struct management *man, const char *version)
Definition manage.c:1331
log_entry_print
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition manage.c:3944
management_auth_token
void management_auth_token(struct management *man, const char *token)
Definition manage.c:3116
man_accept
static void man_accept(struct management *man)
Definition manage.c:1876
man_client_auth
static void man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
Definition manage.c:1113
parse_cid
static bool parse_cid(const char *str, unsigned long *cid)
Definition manage.c:1042
man_send_cc_message
static void man_send_cc_message(struct management *man, const char *message, const char *parameters)
Definition manage.c:845
man_delete_unix_socket
static void man_delete_unix_socket(struct management *man)
Definition manage.c:320
management_io
void management_io(struct management *man)
Definition manage.c:3176
man_wait_for_client_connection
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition manage.c:3415
IER_NEW
#define IER_NEW
Definition manage.c:979
man_output_peer_info_env
static void man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
Definition manage.c:2932
AF_DID_PUSH
#define AF_DID_PUSH
management_open
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2710
man_welcome
static void man_welcome(struct management *man)
Definition manage.c:193
management_notify_generic
void management_notify_generic(struct management *man, const char *str)
Definition manage.c:2926
management_connection_established
void management_connection_established(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3002
man_query_need_ok
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition manage.c:806
management_query_multiline_flatten_newline
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3705
man_output_extra_env
static void man_output_extra_env(struct management *man, const char *prefix)
Definition manage.c:2896
man_persist_client_stats
void man_persist_client_stats(struct management *man, struct context *c)
Definition manage.c:4213
man_new_connection_post
static void man_new_connection_post(struct management *man, const char *description)
Definition manage.c:1786
log_history_obj_init
static void log_history_obj_init(struct log_history *h, int capacity)
Definition manage.c:4034
report_command_status
static void report_command_status(const bool status, const char *command)
Small function to report the success or failure of a command to the management interface.
Definition manage.c:307
IER_RESET
#define IER_RESET
Definition manage.c:978
man_close_socket
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition manage.c:331
parse_uint
static bool parse_uint(const char *str, const char *what, unsigned int *uint)
Definition manage.c:1056
management_set_callback
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition manage.c:2759
management_notify_client_needing_auth
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:2960
man_client_n_clients
static void man_client_n_clients(struct management *man)
Definition manage.c:1184
man_output_standalone
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition manage.c:3369
management_notify_client_cr_response
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
Definition manage.c:2982
management_echo
void management_echo(struct management *man, const char *string, const bool pull)
Definition manage.c:3037
blank_up
static const char blank_up[]
Definition manage.c:62
man_remote_entry_get
static void man_remote_entry_get(struct management *man, const char *p1, const char *p2)
Definition manage.c:911
log_history_ref
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition manage.c:4112
man_remote_entry_count
static void man_remote_entry_count(struct management *man)
Definition manage.c:895
man_settings_close
static void man_settings_close(struct man_settings *ms)
Definition manage.c:2611
management_check_bytecount_client
void management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
Definition manage.c:4149
man_env_filter
static void man_env_filter(struct management *man, const int level)
Definition manage.c:1198
MANAGEMENT_ECHO_FLAGS
#define MANAGEMENT_ECHO_FLAGS
Definition manage.c:58
man_output_list_push_str
static void man_output_list_push_str(struct management *man, const char *str)
Definition manage.c:271
management_up_down
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition manage.c:2910
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3764
man_remote
static void man_remote(struct management *man, const char **p)
Definition manage.c:1295
man_forget_passwords
static void man_forget_passwords(struct management *man)
Definition manage.c:824
command_line_add
void command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
Definition manage.c:3902
man_standalone_event_loop
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3392
man_process_command
static void man_process_command(struct management *man, const char *line)
Definition manage.c:2106
management_query_multiline
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3627
man_output_env
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition manage.c:2875
command_line_get
const char * command_line_get(struct command_line *cl)
Definition manage.c:3917
log_history_free_contents
static void log_history_free_contents(struct log_history *h)
Definition manage.c:4052
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition manage.c:4125
man_state_name
static const char * man_state_name(const int state)
Definition manage.c:144
log_history_resize
void log_history_resize(struct log_history *h, const int capacity)
Definition manage.c:4091
in_extra_dispatch
static void in_extra_dispatch(struct management *man)
Definition manage.c:1005
man_command_unsupported
static void man_command_unsupported(const char *command_name)
Definition manage.c:488
management_notify
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition manage.c:2920
MWCC_HOLD_WAIT
#define MWCC_HOLD_WAIT
Definition manage.c:3408
management_post_tunnel_open
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition manage.c:3071
man_query_user_pass
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition manage.c:758
man_write
static ssize_t man_write(struct management *man)
Definition manage.c:2406
man_hold
static void man_hold(struct management *man, const char *cmd)
Definition manage.c:948
MANSIG_MAP_USR1_TO_TERM
#define MANSIG_MAP_USR1_TO_TERM
Definition manage.h:257
MS_LISTEN
#define MS_LISTEN
Definition manage.h:270
OPENVPN_STATE_ADD_ROUTES
#define OPENVPN_STATE_ADD_ROUTES
Definition manage.h:451
UP_QUERY_USER_PASS
#define UP_QUERY_USER_PASS
Definition manage.h:263
OPENVPN_STATE_INITIAL
#define OPENVPN_STATE_INITIAL
Definition manage.h:448
MF_FORGET_DISCONNECT
#define MF_FORGET_DISCONNECT
Definition manage.h:31
UP_QUERY_DISABLED
#define UP_QUERY_DISABLED
Definition manage.h:262
LOG_FATAL_NOTIFY
#define LOG_FATAL_NOTIFY
Definition manage.h:127
MS_INITIAL
#define MS_INITIAL
Definition manage.h:269
MANAGEMENT_STATE_BUFFER_SIZE
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition manage.h:57
MANAGEMENT_VERSION
#define MANAGEMENT_VERSION
Definition manage.h:53
OPENVPN_STATE_CONNECTING
#define OPENVPN_STATE_CONNECTING
Definition manage.h:449
EKS_SOLICIT
#define EKS_SOLICIT
Definition manage.h:304
MS_CC_WAIT_WRITE
#define MS_CC_WAIT_WRITE
Definition manage.h:272
LOG_PRINT_REMOTE_IP
#define LOG_PRINT_REMOTE_IP
Definition manage.h:131
LOG_PRINT_STATE_PREFIX
#define LOG_PRINT_STATE_PREFIX
Definition manage.h:119
OPENVPN_STATE_RECONNECTING
#define OPENVPN_STATE_RECONNECTING
Definition manage.h:453
LOG_PRINT_INT_DATE
#define LOG_PRINT_INT_DATE
Definition manage.h:121
DAF_INITIAL_AUTH
#define DAF_INITIAL_AUTH
Definition manage.h:68
IEC_PK_SIGN
#define IEC_PK_SIGN
Definition manage.h:298
MANSIG_MAP_USR1_TO_HUP
#define MANSIG_MAP_USR1_TO_HUP
Definition manage.h:256
LOG_PRINT_ECHO_PREFIX
#define LOG_PRINT_ECHO_PREFIX
Definition manage.h:118
LOG_PRINT_LOCAL_IP
#define LOG_PRINT_LOCAL_IP
Definition manage.h:124
MANAGEMENT_ECHO_BUFFER_SIZE
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition manage.h:56
DAF_CONNECTION_CLOSED
#define DAF_CONNECTION_CLOSED
Definition manage.h:67
MCF_SERVER
#define MCF_SERVER
Definition manage.h:175
OPENVPN_STATE_CLIENT_BASE
#define OPENVPN_STATE_CLIENT_BASE
Definition manage.h:465
MS_CC_WAIT_READ
#define MS_CC_WAIT_READ
Definition manage.h:271
LOG_PRINT_STATE
#define LOG_PRINT_STATE
Definition manage.h:123
OPENVPN_STATE_CONNECTED
#define OPENVPN_STATE_CONNECTED
Definition manage.h:452
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition manage.h:460
LOG_ECHO_TO_LOG
#define LOG_ECHO_TO_LOG
Definition manage.h:133
UP_QUERY_NEED_STR
#define UP_QUERY_NEED_STR
Definition manage.h:266
OPENVPN_STATE_EXITING
#define OPENVPN_STATE_EXITING
Definition manage.h:454
management_connected
static bool management_connected(const struct management *man)
Definition manage.h:413
MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition manage.h:55
OPENVPN_STATE_AUTH_PENDING
#define OPENVPN_STATE_AUTH_PENDING
Definition manage.h:462
log_history_size
static int log_history_size(const struct log_history *h)
Definition manage.h:156
IEC_UNDEF
#define IEC_UNDEF
Definition manage.h:293
IEC_CERTIFICATE
#define IEC_CERTIFICATE
Definition manage.h:297
MANSIG_IGNORE_USR1_HUP
#define MANSIG_IGNORE_USR1_HUP
Definition manage.h:255
OPENVPN_STATE_AUTH
#define OPENVPN_STATE_AUTH
Definition manage.h:458
EKS_READY
#define EKS_READY
Definition manage.h:306
LOG_PRINT_LOG_PREFIX
#define LOG_PRINT_LOG_PREFIX
Definition manage.h:117
OPENVPN_STATE_WAIT
#define OPENVPN_STATE_WAIT
Definition manage.h:457
LOG_PRINT_INTVAL
#define LOG_PRINT_INTVAL
Definition manage.h:129
LOG_PRINT_CRLF
#define LOG_PRINT_CRLF
Definition manage.h:126
DAF_CONNECTION_ESTABLISHED
#define DAF_CONNECTION_ESTABLISHED
Definition manage.h:66
MF_SERVER
#define MF_SERVER
Definition manage.h:27
OPENVPN_STATE_ASSIGN_IP
#define OPENVPN_STATE_ASSIGN_IP
Definition manage.h:450
MANAGEMENT_N_PASSWORD_RETRIES
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition manage.h:54
MF_UP_DOWN
#define MF_UP_DOWN
Definition manage.h:39
UP_QUERY_PASS
#define UP_QUERY_PASS
Definition manage.h:264
EKS_UNDEF
#define EKS_UNDEF
Definition manage.h:303
MF_HOLD
#define MF_HOLD
Definition manage.h:29
IEC_CLIENT_AUTH
#define IEC_CLIENT_AUTH
Definition manage.h:294
MF_SIGNAL
#define MF_SIGNAL
Definition manage.h:30
UP_QUERY_NEED_OK
#define UP_QUERY_NEED_OK
Definition manage.h:265
MF_UNIX_SOCK
#define MF_UNIX_SOCK
Definition manage.h:35
OPENVPN_STATE_GET_CONFIG
#define OPENVPN_STATE_GET_CONFIG
Definition manage.h:459
MF_CONNECT_AS_CLIENT
#define MF_CONNECT_AS_CLIENT
Definition manage.h:32
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition manage.h:461
LOG_PRINT_MSG_FLAGS
#define LOG_PRINT_MSG_FLAGS
Definition manage.h:122
EKS_INPUT
#define EKS_INPUT
Definition manage.h:305
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition misc.c:718
USER_PASS_LEN
#define USER_PASS_LEN
Definition misc.h:64
GET_USER_PASS_STATIC_CHALLENGE_CONCAT
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
indicates password and response should be concatenated
Definition misc.h:125
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:112
GET_USER_PASS_STATIC_CHALLENGE_ECHO
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
SCRV1 protocol – echo response.
Definition misc.h:120
GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NEED_OK
Definition misc.h:113
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition misc.h:115
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:377
MAPF_SUBNET
#define MAPF_SUBNET
Definition mroute.h:155
multi.h
Header file for server-mode related structures and functions.
BOOL_CAST
#define BOOL_CAST(x)
Definition basic.h:26
CLEAR
#define CLEAR(x)
Definition basic.h:32
SIZE
#define SIZE(x)
Definition basic.h:29
get_debug_level
msglvl_t get_debug_level(void)
Definition error.c:131
set_mute_cutoff
bool set_mute_cutoff(const int cutoff)
Definition error.c:117
get_mute_cutoff
int get_mute_cutoff(void)
Definition error.c:137
set_debug_level
bool set_debug_level(const int level, const unsigned int flags)
Definition error.c:101
msg_flags_string
const char * msg_flags_string(const msglvl_t flags, struct gc_arena *gc)
Definition error.c:739
M_CLIENT
#define M_CLIENT
Definition error.h:108
msg_set_virtual_output
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition error.h:350
ERR_BUF_SIZE
#define ERR_BUF_SIZE
Definition error.h:34
M_FATAL
#define M_FATAL
Definition error.h:90
ignore_sys_error
static bool ignore_sys_error(const int err, bool crt_error)
Definition error.h:366
M_ERR
#define M_ERR
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:152
openvpn_errno_maybe_crt
static int openvpn_errno_maybe_crt(bool *crt_error)
Definition error.h:404
ASSERT
#define ASSERT(x)
Definition error.h:219
M_WARN
#define M_WARN
Definition error.h:92
M_ERRNO
#define M_ERRNO
Definition error.h:95
auth_retry_print
const char * auth_retry_print(void)
Definition options.c:4812
title_string
const char title_string[]
Definition options.c:72
auth_retry_set
bool auth_retry_set(const msglvl_t msglevel, const char *option)
Definition options.c:4789
streq
#define streq(x, y)
Definition options.h:724
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:990
parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, msglvl_t msglevel, struct gc_arena *gc)
Definition options_parse.c:50
MAX_PARMS
#define MAX_PARMS
Definition options.h:51
now
time_t now
Definition otime.c:33
update_time
static void update_time(void)
Definition otime.h:84
platform_getpid
unsigned int platform_getpid(void)
Definition platform.c:333
platform_user_get
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition platform.c:80
platform_group_get
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition platform.c:124
push_update_type
push_update_type
Definition push.h:47
UPT_BY_CID
@ UPT_BY_CID
Definition push.h:49
UPT_BROADCAST
@ UPT_BROADCAST
Definition push.h:48
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition sig.c:204
signal_name
const char * signal_name(const int sig, const bool upper)
Definition sig.c:91
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition sig.c:175
parse_signal
int parse_signal(const char *signame)
Definition sig.c:64
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition sig.h:109
sd_close
void sd_close(socket_descriptor_t *sd)
Definition socket.c:2947
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition socket.c:786
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition socket.c:969
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition socket.c:919
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition socket.c:566
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition socket.c:197
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition socket.h:243
openvpn_close_socket
#define openvpn_close_socket(s)
Definition socket.h:248
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition socket_util.c:409
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:38
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition socket_util.h:89
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition socket_util.h:77
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition socket_util.h:123
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition socket_util.h:127
GETADDR_FATAL
#define GETADDR_FATAL
Definition socket_util.h:118
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition socket_util.h:31
PROTO_NONE
@ PROTO_NONE
Definition socket_util.h:176
PROTO_UDP
@ PROTO_UDP
Definition socket_util.h:177
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition socket_util.h:179
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition socket_util.h:119
addr_defined
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition socket_util.h:234
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition socket_util.h:117
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition socket_util.h:34
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition socket_util.h:122
ssl_purge_auth
void ssl_purge_auth(const bool auth_user_pass_only)
Definition ssl.c:381
ssl_clean_auth_token
bool ssl_clean_auth_token(void)
Definition ssl.c:370
ssl.h
Control Channel SSL/Data channel negotiation module.
status_open
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition status.c:59
status_close
bool status_close(struct status_output *so)
Definition status.c:178
buffer_list
Definition buffer.h:1125
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::capacity
int capacity
Size in bytes of memory allocated by malloc().
Definition buffer.h:61
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition buffer.h:67
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
command_line
Definition manage.h:78
command_line::residual
struct buffer residual
Definition manage.h:80
command_line::buf
struct buffer buf
Definition manage.h:79
context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition openvpn.h:172
context_2
Level 2 context containing state that is reset on both SIGHUP and SIGUSR1 restarts.
Definition openvpn.h:224
context_2::link_read_bytes
counter_type link_read_bytes
Definition openvpn.h:266
context_2::link_write_bytes
counter_type link_write_bytes
Definition openvpn.h:269
context_2::dco_read_bytes
counter_type dco_read_bytes
Definition openvpn.h:267
context_2::mda_context
struct man_def_auth_context mda_context
Definition openvpn.h:450
context_2::dco_write_bytes
counter_type dco_write_bytes
Definition openvpn.h:270
context
Contains all state information for one tunnel.
Definition openvpn.h:471
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:514
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:472
context::c1
struct context_1 c1
Level 1 context.
Definition openvpn.h:513
env_item
Definition env_set.h:37
env_item::string
char * string
Definition env_set.h:38
env_item::next
struct env_item * next
Definition env_set.h:39
env_set
Definition env_set.h:43
env_set::list
struct env_item * list
Definition env_set.h:45
event_set_return
Definition event.h:122
event_set
Definition event.h:128
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash_element
Definition list.h:40
hash_element::value
void * value
Definition list.h:41
hash_iterator
Definition list.h:79
link_socket_actual
Definition socket_util.h:50
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
log_entry
Definition manage.h:107
log_entry::local_ip6
struct in6_addr local_ip6
Definition manage.h:111
log_entry::local_sock
struct openvpn_sockaddr local_sock
Definition manage.h:112
log_entry::remote_sock
struct openvpn_sockaddr remote_sock
Definition manage.h:113
log_entry::timestamp
time_t timestamp
Definition manage.h:108
log_entry::string
const char * string
Definition manage.h:109
log_entry::local_ip
in_addr_t local_ip
Definition manage.h:110
log_entry::u
union log_entry_union u
Definition manage.h:114
log_history
Definition manage.h:138
log_history::size
int size
Definition manage.h:140
log_history::capacity
int capacity
Definition manage.h:141
log_history::array
struct log_entry * array
Definition manage.h:142
log_history::base
int base
Definition manage.h:139
man_connection
Definition manage.h:275
man_connection::es
struct event_set * es
Definition manage.h:311
man_connection::in_extra_cid
unsigned long in_extra_cid
Definition manage.h:301
man_connection::up_query_type
const char * up_query_type
Definition manage.h:320
man_connection::password_verified
bool password_verified
Definition manage.h:287
man_connection::halt
bool halt
Definition manage.h:286
man_connection::env_filter_level
int env_filter_level
Definition manage.h:312
man_connection::up_query
struct user_pass up_query
Definition manage.h:322
man_connection::sd_top
socket_descriptor_t sd_top
Definition manage.h:278
man_connection::state
int state
Definition manage.h:276
man_connection::ext_cert_input
struct buffer_list * ext_cert_input
Definition manage.h:310
man_connection::in
struct command_line * in
Definition manage.h:290
man_connection::in_extra_kid
unsigned int in_extra_kid
Definition manage.h:302
man_connection::remote
struct openvpn_sockaddr remote
Definition manage.h:280
man_connection::sd_cli
socket_descriptor_t sd_cli
Definition manage.h:279
man_connection::ext_key_input
struct buffer_list * ext_key_input
Definition manage.h:308
man_connection::up_query_mode
int up_query_mode
Definition manage.h:321
man_connection::bytecount_update_seconds
int bytecount_update_seconds
Definition manage.h:317
man_connection::in_extra_cmd
int in_extra_cmd
Definition manage.h:299
man_connection::in_extra
struct buffer_list * in_extra
Definition manage.h:300
man_connection::echo_realtime
bool echo_realtime
Definition manage.h:316
man_connection::state_realtime
bool state_realtime
Definition manage.h:314
man_connection::bytecount_update_interval
struct event_timeout bytecount_update_interval
Definition manage.h:318
man_connection::ext_cert_state
int ext_cert_state
Definition manage.h:309
man_connection::out
struct buffer_list * out
Definition manage.h:291
man_connection::password_tries
int password_tries
Definition manage.h:288
man_connection::client_version
int client_version
Definition manage.h:328
man_connection::log_realtime
bool log_realtime
Definition manage.h:315
man_connection::ne32
struct net_event_win32 ne32
Definition manage.h:283
man_connection::ext_key_state
int ext_key_state
Definition manage.h:307
man_def_auth_context
Definition manage.h:63
man_def_auth_context::cid
unsigned long cid
Definition manage.h:64
man_def_auth_context::flags
unsigned int flags
Definition manage.h:69
man_persist
Definition manage.h:218
man_persist::bytes_in
counter_type bytes_in
Definition manage.h:234
man_persist::state
struct log_history * state
Definition manage.h:228
man_persist::callback
struct management_callback callback
Definition manage.h:225
man_persist::log
struct log_history * log
Definition manage.h:221
man_persist::vout
struct virtual_output vout
Definition manage.h:222
man_persist::standalone_disabled
bool standalone_disabled
Definition manage.h:224
man_persist::defined
bool defined
Definition manage.h:219
man_persist::hold_release
bool hold_release
Definition manage.h:230
man_persist::echo
struct log_history * echo
Definition manage.h:227
man_persist::special_state_msg
const char * special_state_msg
Definition manage.h:232
man_persist::bytes_out
counter_type bytes_out
Definition manage.h:235
man_settings
Definition manage.h:239
man_settings::management_over_tunnel
bool management_over_tunnel
Definition manage.h:248
man_settings::local
struct addrinfo * local
Definition manage.h:242
man_settings::flags
unsigned int flags
Definition manage.h:241
man_settings::echo_buffer_size
int echo_buffer_size
Definition manage.h:251
man_settings::mansig
unsigned int mansig
Definition manage.h:258
man_settings::state_buffer_size
int state_buffer_size
Definition manage.h:252
man_settings::defined
bool defined
Definition manage.h:240
man_settings::log_history_cache
int log_history_cache
Definition manage.h:250
man_settings::up
struct user_pass up
Definition manage.h:249
management_callback
Definition manage.h:172
management_callback::get_peer_info
char *(* get_peer_info)(void *arg, const unsigned long cid)
Definition manage.h:191
management_callback::client_auth
bool(* client_auth)(void *arg, const unsigned long cid, const unsigned int mda_key_id, const bool auth, const char *reason, const char *client_reason, struct buffer_list *cc_config)
Definition manage.h:186
management_callback::kill_by_addr
int(* kill_by_addr)(void *arg, const in_addr_t addr, const uint16_t port, const uint8_t proto)
Definition manage.h:181
management_callback::delete_event
void(* delete_event)(void *arg, event_t event)
Definition manage.h:182
management_callback::arg
void * arg
Definition manage.h:173
management_callback::push_update_broadcast
bool(* push_update_broadcast)(void *arg, const char *options)
Definition manage.h:199
management_callback::push_update_by_cid
bool(* push_update_by_cid)(void *arg, unsigned long cid, const char *options)
Definition manage.h:200
management_callback::client_pending_auth
bool(* client_pending_auth)(void *arg, const unsigned long cid, const unsigned int kid, const char *extra, unsigned int timeout)
Definition manage.h:189
management_callback::n_clients
int(* n_clients)(void *arg)
Definition manage.h:183
management_callback::status
void(* status)(void *arg, const int version, struct status_output *so)
Definition manage.h:178
management_callback::remote_entry_get
bool(* remote_entry_get)(void *arg, unsigned int index, char **remote)
Definition manage.h:198
management_callback::remote_entry_count
unsigned int(* remote_entry_count)(void *arg)
Definition manage.h:197
management_callback::send_cc_message
bool(* send_cc_message)(void *arg, const char *message, const char *parameter)
Definition manage.h:184
management_callback::proxy_cmd
bool(* proxy_cmd)(void *arg, const char **p)
Definition manage.h:192
management_callback::show_net
void(* show_net)(void *arg, const msglvl_t msglevel)
Definition manage.h:179
management_callback::flags
unsigned int flags
Definition manage.h:176
management_callback::remote_cmd
bool(* remote_cmd)(void *arg, const char **p)
Definition manage.h:193
management_callback::kill_by_cn
int(* kill_by_cn)(void *arg, const char *common_name)
Definition manage.h:180
management_callback::kill_by_cid
bool(* kill_by_cid)(void *arg, const unsigned long cid, const char *kill_msg)
Definition manage.h:185
management::persist
struct man_persist persist
Definition manage.h:333
management::connection
struct man_connection connection
Definition manage.h:335
management::settings
struct man_settings settings
Definition manage.h:334
mroute_addr
Definition mroute.h:82
multi_context
Main OpenVPN server state structure.
Definition multi.h:163
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:167
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition multi.h:202
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition multi.h:102
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:143
openvpn_sockaddr
Definition socket_util.h:38
rw_handle
Definition win32.h:80
status_output
Definition status.h:49
tuntap::dco
dco_context_t dco
Definition tun.h:249
user_pass
Definition misc.h:52
user_pass::defined
bool defined
Definition misc.h:53
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:68
user_pass::nocache
bool nocache
Definition misc.h:57
user_pass::username
char username[USER_PASS_LEN]
Definition misc.h:67
virtual_output::flags_default
unsigned int flags_default
Definition status.h:34
virtual_output::arg
void * arg
Definition status.h:33
virtual_output::func
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition status.h:35
SIGHUP
#define SIGHUP
Definition syshead.h:55
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition syshead.h:443
SIGINT
#define SIGINT
Definition syshead.h:56
SIGTERM
#define SIGTERM
Definition syshead.h:59
socket_descriptor_t
SOCKET socket_descriptor_t
Definition syshead.h:445
sleep
#define sleep(x)
Definition syshead.h:42
SIGUSR1
#define SIGUSR1
Definition syshead.h:57
in_addr_t
uint32_t in_addr_t
Definition syshead.h:52
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition syshead.h:453
es
struct env_set * es
Definition test_pkcs11.c:138
gc
struct gc_arena gc
Definition test_ssl.c:131
log_entry_union::msg_flags
unsigned int msg_flags
Definition manage.h:101
log_entry_union::state
int state
Definition manage.h:102
log_entry_union::intval
int intval
Definition manage.h:103
net_event_win32_init
void net_event_win32_init(struct net_event_win32 *ne)
Definition win32.c:323
net_event_win32_close
void net_event_win32_close(struct net_event_win32 *ne)
Definition win32.c:374
net_event_win32_reset_write
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition win32.c:339
net_event_win32_start
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition win32.c:330
win32_sleep
void win32_sleep(const int n)
Definition win32.c:1503
net_event_win32_reset
void net_event_win32_reset(struct net_event_win32 *ne)
Definition win32.c:357
net_event_win32_stop
void net_event_win32_stop(struct net_event_win32 *ne)
Definition win32.c:363
net_event_win32_get_event_mask
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition win32.h:141
net_event_win32_clear_selected_events
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition win32.h:147
net_event_win32_get_event
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition win32.h:135
Generated by doxygen 1.9.8