#include "argv.h"#include "basic.h"#include "common.h"#include "env_set.h"#include "integer.h"#include "buffer.h"#include "platform.h"
Go to the source code of this file.
Data Structures | |
| struct | user_pass |
| struct | auth_challenge_info |
| struct | static_challenge_info |
Macros | |
| #define | USER_PASS_LEN 128 |
| #define | CR_ECHO (1<<0) /* echo response when typed by user */ |
| #define | CR_RESPONSE (1<<1) /* response needed */ |
| #define | SC_ECHO (1<<0) /* echo response when typed by user */ |
| #define | SC_CONCAT (1<<1) /* concatenate password and response and do not base64 encode */ |
| #define | GET_USER_PASS_MANAGEMENT (1<<0) |
| #define | GET_USER_PASS_PASSWORD_ONLY (1<<2) |
| #define | GET_USER_PASS_NEED_OK (1<<3) |
| #define | GET_USER_PASS_NOFATAL (1<<4) |
| #define | GET_USER_PASS_NEED_STR (1<<5) |
| #define | GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6) |
| #define | GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) |
| CRV1 protocol – dynamic challenge. | |
| #define | GET_USER_PASS_STATIC_CHALLENGE (1<<8) |
| SCRV1 protocol – static challenge. | |
| #define | GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) |
| SCRV1 protocol – echo response. | |
| #define | GET_USER_PASS_INLINE_CREDS (1<<10) |
| indicates that auth_file is actually inline creds | |
| #define | GET_USER_PASS_STATIC_CHALLENGE_CONCAT (1<<11) |
| indicates password and response should be concatenated | |
| #define | _STRINGIFY(S) #S |
| #define | MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx) |
| #define | MAC_PRINT_ARG(_mac) |
| #define | MAC_SCAN_ARG(_mac) |
Functions | |
| void | set_std_files_to_null (bool stdin_only) |
| const char ** | make_arg_array (const char *first, const char *parms, struct gc_arena *gc) |
| const char ** | make_extended_arg_array (char **p, bool is_inline, struct gc_arena *gc) |
| const char * | hostname_randomize (const char *hostname, struct gc_arena *gc) |
| bool | get_user_pass_cr (struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge) |
| Retrieves the user credentials from various sources depending on the flags. | |
| static bool | get_user_pass (struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags) |
| Retrieves the user credentials from various sources depending on the flags. | |
| void | purge_user_pass (struct user_pass *up, const bool force) |
| void | set_auth_token (struct user_pass *tk, const char *token) |
| Sets the auth-token to token. | |
| void | set_auth_token_user (struct user_pass *tk, const char *username) |
| Sets the auth-token username by base64 decoding the passed username. | |
| const char * | safe_print (const char *str, struct gc_arena *gc) |
| const char * | sanitize_control_message (const char *str, struct gc_arena *gc) |
| bool | validate_peer_info_line (char *line) |
| void | output_peer_info_env (struct env_set *es, const char *peer_info) |
| struct buffer | prepend_dir (const char *dir, const char *path, struct gc_arena *gc) |
| Prepend a directory to a path. | |
| void | protect_user_pass (struct user_pass *up) |
| Encrypt username and password buffers in user_pass. | |
| void | unprotect_user_pass (struct user_pass *up) |
| Decrypt username and password buffers in user_pass. | |
Macro Definition Documentation
◆ _STRINGIFY
◆ CR_ECHO
◆ CR_RESPONSE
◆ GET_USER_PASS_DYNAMIC_CHALLENGE
| #define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) |
◆ GET_USER_PASS_INLINE_CREDS
| #define GET_USER_PASS_INLINE_CREDS (1<<10) |
◆ GET_USER_PASS_MANAGEMENT
◆ GET_USER_PASS_NEED_OK
◆ GET_USER_PASS_NEED_STR
◆ GET_USER_PASS_NOFATAL
◆ GET_USER_PASS_PASSWORD_ONLY
◆ GET_USER_PASS_PREVIOUS_CREDS_FAILED
◆ GET_USER_PASS_STATIC_CHALLENGE
| #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) |
◆ GET_USER_PASS_STATIC_CHALLENGE_CONCAT
| #define GET_USER_PASS_STATIC_CHALLENGE_CONCAT (1<<11) |
◆ GET_USER_PASS_STATIC_CHALLENGE_ECHO
| #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) |
◆ MAC_FMT
| #define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx) |
◆ MAC_PRINT_ARG
| #define MAC_PRINT_ARG | ( | _mac | ) |
◆ MAC_SCAN_ARG
| #define MAC_SCAN_ARG | ( | _mac | ) |
◆ SC_CONCAT
| #define SC_CONCAT (1<<1) /* concatenate password and response and do not base64 encode */ |
◆ SC_ECHO
◆ USER_PASS_LEN
Function Documentation
◆ get_user_pass()
|
inlinestatic |
Retrieves the user credentials from various sources depending on the flags.
- Parameters
-
up The user_pass structure to store the retrieved credentials. auth_file The path to the authentication file. Might be NULL. prefix The prefix to prepend to user prompts. flags Additional flags to control the behavior of the function.
- Returns
- true if the user credentials were successfully retrieved, false otherwise.
Definition at line 152 of file misc.h.
References get_user_pass_cr().
Referenced by auth_user_pass_setup(), context_init_1(), get_user_pass_http(), man_settings_init(), pem_password_setup(), and socks_username_password_auth().
◆ get_user_pass_cr()
| bool get_user_pass_cr | ( | struct user_pass * | up, |
| const char * | auth_file, | ||
| const char * | prefix, | ||
| const unsigned int | flags, | ||
| const char * | auth_challenge | ||
| ) |
Retrieves the user credentials from various sources depending on the flags.
- Parameters
-
up The user_pass structure to store the retrieved credentials. auth_file The path to the authentication file. Might be NULL. prefix The prefix to prepend to user prompts. flags Additional flags to control the behavior of the function. auth_challenge The authentication challenge string.
- Returns
- true if the user credentials were successfully retrieved, false otherwise.
Definition at line 211 of file misc.c.
References alloc_buf_gc(), auth_challenge, auth_user_pass_mgmt(), BLEN, BOOL_CAST, BSTR, buf_parse(), buf_printf(), buf_set_read(), buf_set_write(), CC_CRLF, CC_PRINT, chomp(), CR_ECHO, D_LOW, user_pass::defined, gc, gc_free(), gc_malloc(), gc_new(), GET_USER_PASS_DYNAMIC_CHALLENGE, GET_USER_PASS_INLINE_CREDS, GET_USER_PASS_MANAGEMENT, GET_USER_PASS_NEED_OK, GET_USER_PASS_NEED_STR, GET_USER_PASS_PASSWORD_ONLY, GET_USER_PASS_PREVIOUS_CREDS_FAILED, GET_USER_PASS_STATIC_CHALLENGE, GET_USER_PASS_STATIC_CHALLENGE_CONCAT, GET_USER_PASS_STATIC_CHALLENGE_ECHO, buffer::len, M_ERR, M_FATAL, M_INFO, M_NONFATAL, M_WARN, management_query_user_pass_enabled(), msg, openvpn_base64_encode(), parse_auth_challenge(), user_pass::password, PIN, pkcs11_id_current, pkcs11_id_management, platform_fopen(), query_user_add(), query_user_clear(), query_user_exec(), query_user_SINGLE(), streq, string_clear(), string_mod(), strncpynt(), unprotect_user_pass(), USER_PASS_LEN, and user_pass::username.
Referenced by auth_user_pass_setup(), get_user_pass(), test_get_user_pass_authfile_file(), test_get_user_pass_authfile_stdin(), test_get_user_pass_defined(), test_get_user_pass_dynamic_challenge(), test_get_user_pass_inline_creds(), test_get_user_pass_needok(), and test_get_user_pass_static_challenge().
◆ hostname_randomize()
| const char * hostname_randomize | ( | const char * | hostname, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 82 of file misc.c.
References alloc_buf_gc(), BSTR, buf_printf(), format_hex_ex(), gc, buffer::len, n_rnd_bytes, and prng_bytes().
Referenced by openvpn_getaddrinfo().
◆ make_arg_array()
| const char ** make_arg_array | ( | const char * | first, |
| const char * | parms, | ||
| struct gc_arena * | gc | ||
| ) |
Definition at line 563 of file misc.c.
References ALLOC_ARRAY_CLEAR_GC, ASSERT, gc, buffer::len, M_WARN, MAX_PARMS, parse_line(), and string_alloc().
Referenced by make_extended_arg_array().
◆ make_extended_arg_array()
| const char ** make_extended_arg_array | ( | char ** | p, |
| bool | is_inline, | ||
| struct gc_arena * | gc | ||
| ) |
Definition at line 640 of file misc.c.
References gc, buffer::len, make_arg_array(), make_arg_copy(), make_inline_array(), and string_array_len().
Referenced by plugin_option_list_add(), and push_options().
◆ output_peer_info_env()
| void output_peer_info_env | ( | struct env_set * | es, |
| const char * | peer_info | ||
| ) |
Definition at line 771 of file misc.c.
References buf_parse(), buf_set_read(), chomp(), env_set_add(), es, buffer::len, M_INFO, M_WARN, msg, and validate_peer_info_line().
Referenced by key_method_2_read().
◆ prepend_dir()
Prepend a directory to a path.
Definition at line 793 of file misc.c.
References alloc_buf_gc(), ASSERT, buf_printf(), gc, buffer::len, and PATH_SEPARATOR_STR.
Referenced by check_file_access_chroot(), and init_ssl().
◆ protect_user_pass()
| void protect_user_pass | ( | struct user_pass * | up | ) |
Encrypt username and password buffers in user_pass.
Definition at line 804 of file misc.c.
References user_pass::password, protect_buffer_win32(), user_pass::protected, purge_user_pass(), and user_pass::username.
Referenced by get_user_pass_http(), key_method_2_write(), purge_user_pass(), set_auth_token(), and set_auth_token_user().
◆ purge_user_pass()
| void purge_user_pass | ( | struct user_pass * | up, |
| const bool | force | ||
| ) |
Definition at line 485 of file misc.c.
References buffer::len, M_WARN, msg, user_pass::nocache, protect_user_pass(), and secure_memzero().
Referenced by clear_user_pass_http(), establish_http_proxy_passthru(), key_method_2_write(), pem_password_callback(), protect_user_pass(), ssl_clean_auth_token(), ssl_purge_auth(), and unprotect_user_pass().
◆ safe_print()
| const char * safe_print | ( | const char * | str, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 557 of file misc.c.
References CC_CRLF, CC_PRINT, gc, buffer::len, and string_mod_const().
Referenced by options_warning_safe_scan2().
◆ sanitize_control_message()
| const char * sanitize_control_message | ( | const char * | str, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 670 of file misc.c.
References check_debug_level(), D_SHOW_KEYS, gc, gc_malloc(), and buffer::len.
Referenced by incoming_push_message(), and send_control_channel_string_dowork().
◆ set_auth_token()
| void set_auth_token | ( | struct user_pass * | tk, |
| const char * | token | ||
| ) |
Sets the auth-token to token.
The method will also purge up if the auth-nocache option is active.
- Parameters
-
tk auth-token userpass to set token token to use as password for the auth-token
- Note
- all parameters to this function must not be null.
Definition at line 510 of file misc.c.
References buffer::len, protect_user_pass(), strncpynt(), unprotect_user_pass(), and USER_PASS_LEN.
Referenced by ssl_set_auth_token().
◆ set_auth_token_user()
| void set_auth_token_user | ( | struct user_pass * | tk, |
| const char * | username | ||
| ) |
Sets the auth-token username by base64 decoding the passed username.
- Parameters
-
tk auth-token userpass to set username base64 encoded username to set
- Note
- all parameters to this function must not be null.
Definition at line 530 of file misc.c.
References CLEAR, D_PUSH, buffer::len, msg, openvpn_base64_decode(), protect_user_pass(), unprotect_user_pass(), and USER_PASS_LEN.
Referenced by ssl_set_auth_token_user().
◆ set_std_files_to_null()
| void set_std_files_to_null | ( | bool | stdin_only | ) |
Definition at line 56 of file misc.c.
Referenced by open_syslog(), and possibly_become_daemon().
◆ unprotect_user_pass()
| void unprotect_user_pass | ( | struct user_pass * | up | ) |
Decrypt username and password buffers in user_pass.
Definition at line 824 of file misc.c.
References user_pass::password, user_pass::protected, purge_user_pass(), unprotect_buffer_win32(), and user_pass::username.
Referenced by auth_user_pass_setup(), establish_http_proxy_passthru(), get_user_pass_cr(), key_method_2_write(), pem_password_setup(), set_auth_token(), and set_auth_token_user().
◆ validate_peer_info_line()
| bool validate_peer_info_line | ( | char * | line | ) |
Definition at line 733 of file misc.c.
References buffer::len.
Referenced by man_output_peer_info_env(), and output_peer_info_env().
