OpenVPN
misc.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef MISC_H
25 #define MISC_H
26 
27 #include "argv.h"
28 #include "basic.h"
29 #include "common.h"
30 #include "env_set.h"
31 #include "integer.h"
32 #include "buffer.h"
33 #include "platform.h"
34 
35 /* forward declarations */
36 struct plugin_list;
37 
38 
39 /* Set standard file descriptors to /dev/null */
40 void set_std_files_to_null(bool stdin_only);
41 
42 /* Make arrays of strings */
43 
44 const char **make_arg_array(const char *first, const char *parms, struct gc_arena *gc);
45 
46 const char **make_extended_arg_array(char **p, bool is_inline,
47  struct gc_arena *gc);
48 
49 /* prepend a random prefix to hostname */
50 const char *hostname_randomize(const char *hostname, struct gc_arena *gc);
51 
52 /*
53  * Get and store a username/password
54  */
55 
56 struct user_pass
57 {
58  bool defined;
59  bool nocache;
60 
61 /* max length of username/password */
62 #ifdef ENABLE_PKCS11
63 #define USER_PASS_LEN 4096
64 #else
65 #define USER_PASS_LEN 128
66 #endif
69 };
70 
71 #ifdef ENABLE_MANAGEMENT
72 /*
73  * Challenge response info on client as pushed by server.
74  */
76 #define CR_ECHO (1<<0) /* echo response when typed by user */
77 #define CR_RESPONSE (1<<1) /* response needed */
78  unsigned int flags;
79 
80  const char *user;
81  const char *state_id;
82  const char *challenge_text;
83 };
84 
85 struct auth_challenge_info *get_auth_challenge(const char *auth_challenge, struct gc_arena *gc);
86 
87 /*
88  * Challenge response info on client as pushed by server.
89  */
91 #define SC_ECHO (1<<0) /* echo response when typed by user */
92  unsigned int flags;
93 
94  const char *challenge_text;
95 };
96 
97 #else /* ifdef ENABLE_MANAGEMENT */
98 struct auth_challenge_info {};
99 struct static_challenge_info {};
100 #endif /* ifdef ENABLE_MANAGEMENT */
101 
102 /*
103  * Flags for get_user_pass and management_query_user_pass
104  */
105 #define GET_USER_PASS_MANAGEMENT (1<<0)
106 /* GET_USER_PASS_SENSITIVE (1<<1) not used anymore */
107 #define GET_USER_PASS_PASSWORD_ONLY (1<<2)
108 #define GET_USER_PASS_NEED_OK (1<<3)
109 #define GET_USER_PASS_NOFATAL (1<<4)
110 #define GET_USER_PASS_NEED_STR (1<<5)
111 #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6)
112 
113 #define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */
114 #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */
115 #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */
116 
117 #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */
118 
119 bool get_user_pass_cr(struct user_pass *up,
120  const char *auth_file,
121  const char *prefix,
122  const unsigned int flags,
123  const char *auth_challenge);
124 
125 static inline bool
127  const char *auth_file,
128  const char *prefix,
129  const unsigned int flags)
130 {
131  return get_user_pass_cr(up, auth_file, prefix, flags, NULL);
132 }
133 
134 void fail_user_pass(const char *prefix,
135  const unsigned int flags,
136  const char *reason);
137 
138 void purge_user_pass(struct user_pass *up, const bool force);
139 
151 void set_auth_token(struct user_pass *up, struct user_pass *tk,
152  const char *token);
153 
154 /*
155  * Process string received by untrusted peer before
156  * printing to console or log file.
157  * Assumes that string has been null terminated.
158  */
159 const char *safe_print(const char *str, struct gc_arena *gc);
160 
161 
162 void configure_path(void);
163 
164 const char *sanitize_control_message(const char *str, struct gc_arena *gc);
165 
166 /*
167  * /sbin/ip path, may be overridden
168  */
169 #ifdef ENABLE_IPROUTE
170 extern const char *iproute_path;
171 #endif
172 
173 /* helper to parse peer_info received from multi client, validate
174  * (this is untrusted data) and put into environment */
175 bool validate_peer_info_line(char *line);
176 
177 void output_peer_info_env(struct env_set *es, const char *peer_info);
178 
190 int
191 get_num_elements(const char *string, char delimiter);
192 
196 struct buffer
197 prepend_dir(const char *dir, const char *path, struct gc_arena *gc);
198 
199 #endif /* ifndef MISC_H */
unsigned int flags
Definition: misc.h:78
#define USER_PASS_LEN
Definition: misc.h:65
bool validate_peer_info_line(char *line)
Definition: misc.c:692
void fail_user_pass(const char *prefix, const unsigned int flags, const char *reason)
bool defined
Definition: misc.h:58
void set_std_files_to_null(bool stdin_only)
Definition: misc.c:58
char username[USER_PASS_LEN]
Definition: misc.h:67
list flags
const char * state_id
Definition: misc.h:81
static char * auth_challenge
Definition: ssl.c:393
bool nocache
Definition: misc.h:59
void configure_path(void)
void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
Sets the auth-token to token if a username is available from either up or already present in tk...
Definition: misc.c:490
const char * challenge_text
Definition: misc.h:82
const char * challenge_text
Definition: misc.h:94
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of &#39;delimiter&#39; in a string +1 This is typically used to find out the number e...
Definition: misc.c:752
const char ** make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc)
Definition: misc.c:599
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:84
const char * user
Definition: misc.h:80
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Definition: misc.h:126
const char ** make_arg_array(const char *first, const char *parms, struct gc_arena *gc)
Definition: misc.c:522
unsigned int flags
Definition: misc.h:92
struct auth_challenge_info * get_auth_challenge(const char *auth_challenge, struct gc_arena *gc)
Definition: misc.c:398
void purge_user_pass(struct user_pass *up, const bool force)
Definition: misc.c:469
Definition: misc.h:56
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
const char * sanitize_control_message(const char *str, struct gc_arena *gc)
Definition: misc.c:629
char password[USER_PASS_LEN]
Definition: misc.h:68
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Definition: misc.c:136
const char * safe_print(const char *str, struct gc_arena *gc)
Definition: misc.c:516
void output_peer_info_env(struct env_set *es, const char *peer_info)
Definition: misc.c:730