#include "argv.h"#include "basic.h"#include "common.h"#include "env_set.h"#include "integer.h"#include "buffer.h"#include "platform.h"
Go to the source code of this file.
Data Structures | |
| struct | user_pass |
| struct | auth_challenge_info |
| struct | static_challenge_info |
Macros | |
| #define | USER_PASS_LEN 128 |
| #define | CR_ECHO (1<<0) /* echo response when typed by user */ |
| #define | CR_RESPONSE (1<<1) /* response needed */ |
| #define | SC_ECHO (1<<0) /* echo response when typed by user */ |
| #define | GET_USER_PASS_MANAGEMENT (1<<0) |
| #define | GET_USER_PASS_PASSWORD_ONLY (1<<2) |
| #define | GET_USER_PASS_NEED_OK (1<<3) |
| #define | GET_USER_PASS_NOFATAL (1<<4) |
| #define | GET_USER_PASS_NEED_STR (1<<5) |
| #define | GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6) |
| #define | GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */ |
| #define | GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ |
| #define | GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ |
| #define | GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ |
| #define | _STRINGIFY(S) #S |
| #define | MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx) |
| #define | MAC_PRINT_ARG(_mac) |
| #define | MAC_SCAN_ARG(_mac) |
Functions | |
| void | set_std_files_to_null (bool stdin_only) |
| const char ** | make_arg_array (const char *first, const char *parms, struct gc_arena *gc) |
| const char ** | make_extended_arg_array (char **p, bool is_inline, struct gc_arena *gc) |
| const char * | hostname_randomize (const char *hostname, struct gc_arena *gc) |
| struct auth_challenge_info * | get_auth_challenge (const char *auth_challenge, struct gc_arena *gc) |
| bool | get_user_pass_cr (struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge) |
| static bool | get_user_pass (struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags) |
| void | fail_user_pass (const char *prefix, const unsigned int flags, const char *reason) |
| void | purge_user_pass (struct user_pass *up, const bool force) |
| void | set_auth_token (struct user_pass *up, struct user_pass *tk, const char *token) |
| Sets the auth-token to token. More... | |
| void | set_auth_token_user (struct user_pass *tk, const char *username) |
| Sets the auth-token username by base64 decoding the passed username. More... | |
| const char * | safe_print (const char *str, struct gc_arena *gc) |
| void | configure_path (void) |
| const char * | sanitize_control_message (const char *str, struct gc_arena *gc) |
| bool | validate_peer_info_line (char *line) |
| void | output_peer_info_env (struct env_set *es, const char *peer_info) |
| int | get_num_elements (const char *string, char delimiter) |
| Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number elements in a cipher string or similar that is separated by : like. More... | |
| struct buffer | prepend_dir (const char *dir, const char *path, struct gc_arena *gc) |
| Prepend a directory to a path. More... | |
Macro Definition Documentation
◆ _STRINGIFY
◆ CR_ECHO
◆ CR_RESPONSE
◆ GET_USER_PASS_DYNAMIC_CHALLENGE
| #define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */ |
◆ GET_USER_PASS_INLINE_CREDS
| #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ |
◆ GET_USER_PASS_MANAGEMENT
◆ GET_USER_PASS_NEED_OK
◆ GET_USER_PASS_NEED_STR
◆ GET_USER_PASS_NOFATAL
◆ GET_USER_PASS_PASSWORD_ONLY
◆ GET_USER_PASS_PREVIOUS_CREDS_FAILED
◆ GET_USER_PASS_STATIC_CHALLENGE
| #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ |
◆ GET_USER_PASS_STATIC_CHALLENGE_ECHO
| #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ |
◆ MAC_FMT
| #define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx) |
◆ MAC_PRINT_ARG
| #define MAC_PRINT_ARG | ( | _mac | ) |
◆ MAC_SCAN_ARG
| #define MAC_SCAN_ARG | ( | _mac | ) |
◆ SC_ECHO
◆ USER_PASS_LEN
Function Documentation
◆ configure_path()
| void configure_path | ( | void | ) |
◆ fail_user_pass()
| void fail_user_pass | ( | const char * | prefix, |
| const unsigned int | flags, | ||
| const char * | reason | ||
| ) |
◆ get_auth_challenge()
| struct auth_challenge_info* get_auth_challenge | ( | const char * | auth_challenge, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 402 of file misc.c.
References ALLOC_OBJ_CLEAR_GC, auth_challenge, BSTR, buf_parse(), buf_set_read(), auth_challenge_info::challenge_text, CR_ECHO, CR_RESPONSE, auth_challenge_info::flags, gc_malloc(), buffer::len, openvpn_base64_decode(), auth_challenge_info::state_id, string_alloc(), and auth_challenge_info::user.
Referenced by get_user_pass_cr().
◆ get_num_elements()
| int get_num_elements | ( | const char * | string, |
| char | delimiter | ||
| ) |
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number elements in a cipher string or similar that is separated by : like.
X25519:secp256r1:X448:secp512r1:secp384r1:brainpoolP384r1
- Parameters
-
string the string to work on delimiter the delimiter to count, typically ':'
- Returns
- occrrences of delimiter + 1
Definition at line 777 of file misc.c.
References ASSERT.
Referenced by tls_ctx_set_tls_groups().
◆ get_user_pass()
|
inlinestatic |
Definition at line 130 of file misc.h.
References get_user_pass_cr().
Referenced by auth_user_pass_setup(), context_init_1(), get_user_pass_http(), man_settings_init(), pem_password_setup(), and socks_username_password_auth().
◆ get_user_pass_cr()
| bool get_user_pass_cr | ( | struct user_pass * | up, |
| const char * | auth_file, | ||
| const char * | prefix, | ||
| const unsigned int | flags, | ||
| const char * | auth_challenge | ||
| ) |
Definition at line 134 of file misc.c.
References alloc_buf_gc(), auth_challenge, auth_user_pass_mgmt(), BLEN, BOOL_CAST, BSTR, buf_parse(), buf_printf(), buf_set_read(), buf_set_write(), CC_CRLF, CC_PRINT, auth_challenge_info::challenge_text, chomp(), CR_ECHO, D_LOW, user_pass::defined, auth_challenge_info::flags, gc_free(), gc_malloc(), gc_new(), get_auth_challenge(), GET_USER_PASS_DYNAMIC_CHALLENGE, GET_USER_PASS_INLINE_CREDS, GET_USER_PASS_MANAGEMENT, GET_USER_PASS_NEED_OK, GET_USER_PASS_NEED_STR, GET_USER_PASS_PASSWORD_ONLY, GET_USER_PASS_PREVIOUS_CREDS_FAILED, GET_USER_PASS_STATIC_CHALLENGE, GET_USER_PASS_STATIC_CHALLENGE_ECHO, M_ERR, M_FATAL, M_INFO, M_NONFATAL, M_WARN, management_query_user_pass_enabled(), msg, openvpn_base64_encode(), openvpn_snprintf(), user_pass::password, PIN, pkcs11_id_current, pkcs11_id_management, platform_fopen(), query_user_add(), query_user_clear(), query_user_exec(), query_user_SINGLE(), auth_challenge_info::state_id, streq, string_clear(), string_mod(), strncpynt(), auth_challenge_info::user, USER_PASS_LEN, and user_pass::username.
Referenced by auth_user_pass_setup(), and get_user_pass().
◆ hostname_randomize()
| const char* hostname_randomize | ( | const char * | hostname, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 82 of file misc.c.
References alloc_buf_gc(), BSTR, buf_printf(), format_hex_ex(), n_rnd_bytes, and prng_bytes().
Referenced by openvpn_getaddrinfo().
◆ make_arg_array()
| const char** make_arg_array | ( | const char * | first, |
| const char * | parms, | ||
| struct gc_arena * | gc | ||
| ) |
Definition at line 547 of file misc.c.
References ALLOC_ARRAY_CLEAR_GC, ASSERT, M_WARN, MAX_PARMS, parse_line(), and string_alloc().
Referenced by make_extended_arg_array().
◆ make_extended_arg_array()
| const char** make_extended_arg_array | ( | char ** | p, |
| bool | is_inline, | ||
| struct gc_arena * | gc | ||
| ) |
Definition at line 624 of file misc.c.
References make_arg_array(), make_arg_copy(), make_inline_array(), and string_array_len().
Referenced by plugin_option_list_add(), and push_options().
◆ output_peer_info_env()
| void output_peer_info_env | ( | struct env_set * | es, |
| const char * | peer_info | ||
| ) |
Definition at line 755 of file misc.c.
References buf_parse(), buf_set_read(), chomp(), env_set_add(), es, M_INFO, M_WARN, msg, and validate_peer_info_line().
Referenced by key_method_2_read().
◆ prepend_dir()
Prepend a directory to a path.
Definition at line 797 of file misc.c.
References alloc_buf_gc(), ASSERT, buf_printf(), buffer::len, and PATH_SEPARATOR_STR.
Referenced by check_file_access_chroot(), and init_ssl().
◆ purge_user_pass()
| void purge_user_pass | ( | struct user_pass * | up, |
| const bool | force | ||
| ) |
Definition at line 473 of file misc.c.
References M_WARN, msg, user_pass::nocache, and secure_memzero().
Referenced by clear_user_pass_http(), key_method_2_write(), pem_password_callback(), ssl_clean_auth_token(), and ssl_purge_auth().
◆ safe_print()
| const char* safe_print | ( | const char * | str, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 541 of file misc.c.
References CC_CRLF, CC_PRINT, and string_mod_const().
Referenced by options_warning_safe_scan2().
◆ sanitize_control_message()
| const char* sanitize_control_message | ( | const char * | str, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 654 of file misc.c.
References check_debug_level(), D_SHOW_KEYS, and gc_malloc().
Referenced by incoming_push_message(), and send_control_channel_string_dowork().
◆ set_auth_token()
Sets the auth-token to token.
If a username is available from either up or already present in tk that will be used as default username for the token. The method will also purge up if the auth-nocache option is active.
- Parameters
-
up (non Auth-token) Username/password tk auth-token userpass to set token token to use as password for the auth-token
- Note
- all parameters to this function must not be null.
Definition at line 494 of file misc.c.
References user_pass::defined, user_pass::password, strncpynt(), user_pass::token_defined, USER_PASS_LEN, and user_pass::username.
Referenced by ssl_set_auth_token().
◆ set_auth_token_user()
| void set_auth_token_user | ( | struct user_pass * | tk, |
| const char * | username | ||
| ) |
Sets the auth-token username by base64 decoding the passed username.
- Parameters
-
tk auth-token userpass to set username base64 encoded username to set
- Note
- all parameters to this function must not be null.
Definition at line 516 of file misc.c.
References CLEAR, D_PUSH, user_pass::defined, buffer::len, msg, openvpn_base64_decode(), USER_PASS_LEN, and user_pass::username.
Referenced by ssl_set_auth_token_user().
◆ set_std_files_to_null()
| void set_std_files_to_null | ( | bool | stdin_only | ) |
Definition at line 56 of file misc.c.
Referenced by open_syslog(), and possibly_become_daemon().
◆ validate_peer_info_line()
| bool validate_peer_info_line | ( | char * | line | ) |
Definition at line 717 of file misc.c.
Referenced by man_output_peer_info_env(), and output_peer_info_env().
