OpenVPN
misc.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef MISC_H
25 #define MISC_H
26 
27 #include "argv.h"
28 #include "basic.h"
29 #include "common.h"
30 #include "env_set.h"
31 #include "integer.h"
32 #include "buffer.h"
33 #include "platform.h"
34 
35 /* forward declarations */
36 struct plugin_list;
37 
38 
39 /* Set standard file descriptors to /dev/null */
40 void set_std_files_to_null(bool stdin_only);
41 
42 /* Make arrays of strings */
43 
44 const char **make_arg_array(const char *first, const char *parms, struct gc_arena *gc);
45 
46 const char **make_extended_arg_array(char **p, bool is_inline,
47  struct gc_arena *gc);
48 
49 /* prepend a random prefix to hostname */
50 const char *hostname_randomize(const char *hostname, struct gc_arena *gc);
51 
52 /*
53  * Get and store a username/password
54  */
55 
56 struct user_pass
57 {
58  bool defined;
59  /* For auth-token username and token can be set individually, so we
60  * use this second bool to track if the token (password) is defined */
62  bool nocache;
63 
64 /* max length of username/password */
65 #ifdef ENABLE_PKCS11
66 #define USER_PASS_LEN 4096
67 #else
68 #define USER_PASS_LEN 128
69 #endif
70  /* Note that username and password are expected to be null-terminated */
73 };
74 
75 #ifdef ENABLE_MANAGEMENT
76 /*
77  * Challenge response info on client as pushed by server.
78  */
80 #define CR_ECHO (1<<0) /* echo response when typed by user */
81 #define CR_RESPONSE (1<<1) /* response needed */
82  unsigned int flags;
83 
84  const char *user;
85  const char *state_id;
86  const char *challenge_text;
87 };
88 
89 /*
90  * Challenge response info on client as pushed by server.
91  */
93 #define SC_ECHO (1<<0) /* echo response when typed by user */
94  unsigned int flags;
95 
96  const char *challenge_text;
97 };
98 
99 #else /* ifdef ENABLE_MANAGEMENT */
100 struct auth_challenge_info {};
101 struct static_challenge_info {};
102 #endif /* ifdef ENABLE_MANAGEMENT */
103 
104 /*
105  * Flags for get_user_pass and management_query_user_pass
106  */
107 #define GET_USER_PASS_MANAGEMENT (1<<0)
108 /* GET_USER_PASS_SENSITIVE (1<<1) not used anymore */
109 #define GET_USER_PASS_PASSWORD_ONLY (1<<2)
110 #define GET_USER_PASS_NEED_OK (1<<3)
111 #define GET_USER_PASS_NOFATAL (1<<4)
112 #define GET_USER_PASS_NEED_STR (1<<5)
113 #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6)
114 
115 #define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */
116 #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */
117 #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */
118 
119 #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */
120 
131 bool get_user_pass_cr(struct user_pass *up,
132  const char *auth_file,
133  const char *prefix,
134  const unsigned int flags,
135  const char *auth_challenge);
136 
146 static inline bool
148  const char *auth_file,
149  const char *prefix,
150  const unsigned int flags)
151 {
152  return get_user_pass_cr(up, auth_file, prefix, flags, NULL);
153 }
154 
155 void purge_user_pass(struct user_pass *up, const bool force);
156 
166 void set_auth_token(struct user_pass *tk, const char *token);
167 
177 void set_auth_token_user(struct user_pass *tk, const char *username);
178 
179 /*
180  * Process string received by untrusted peer before
181  * printing to console or log file.
182  * Assumes that string has been null terminated.
183  */
184 const char *safe_print(const char *str, struct gc_arena *gc);
185 
186 
187 void configure_path(void);
188 
189 const char *sanitize_control_message(const char *str, struct gc_arena *gc);
190 
191 /*
192  * /sbin/ip path, may be overridden
193  */
194 #ifdef ENABLE_IPROUTE
195 extern const char *iproute_path;
196 #endif
197 
198 /* helper to parse peer_info received from multi client, validate
199  * (this is untrusted data) and put into environment */
200 bool validate_peer_info_line(char *line);
201 
202 void output_peer_info_env(struct env_set *es, const char *peer_info);
203 
207 struct buffer
208 prepend_dir(const char *dir, const char *path, struct gc_arena *gc);
209 
210 #define _STRINGIFY(S) #S
211 /* *INDENT-OFF* - uncrustify need to ignore this macro */
212 #define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx)
213 /* *INDENT-ON* */
214 #define MAC_PRINT_ARG(_mac) _mac[0], _mac[1], _mac[2], \
215  _mac[3], _mac[4], _mac[5]
216 #define MAC_SCAN_ARG(_mac) &_mac[0], &_mac[1], &_mac[2], \
217  &_mac[3], &_mac[4], &_mac[5]
218 
219 #endif /* ifndef MISC_H */
configure_path
void configure_path(void)
sanitize_control_message
const char * sanitize_control_message(const char *str, struct gc_arena *gc)
Definition: misc.c:650
prepend_dir
struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc)
Prepend a directory to a path.
Definition: misc.c:773
es
struct env_set * es
Definition: test_pkcs11.c:133
user_pass::username
char username[USER_PASS_LEN]
Definition: misc.h:71
set_auth_token_user
void set_auth_token_user(struct user_pass *tk, const char *username)
Sets the auth-token username by base64 decoding the passed username.
Definition: misc.c:512
user_pass::defined
bool defined
Definition: misc.h:58
make_extended_arg_array
const char ** make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc)
Definition: misc.c:620
output_peer_info_env
void output_peer_info_env(struct env_set *es, const char *peer_info)
Definition: misc.c:751
get_user_pass_cr
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Retrieves the user credentials from various sources depending on the flags.
Definition: misc.c:211
auth_challenge_info
Definition: misc.h:79
argv.h
hostname_randomize
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:82
env_set.h
auth_challenge_info::challenge_text
const char * challenge_text
Definition: misc.h:86
auth_challenge
static char * auth_challenge
Definition: ssl.c:276
make_arg_array
const char ** make_arg_array(const char *first, const char *parms, struct gc_arena *gc)
Definition: misc.c:543
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition: misc.c:473
static_challenge_info::flags
unsigned int flags
Definition: misc.h:94
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition: misc.h:147
user_pass::nocache
bool nocache
Definition: misc.h:62
static_challenge_info::challenge_text
const char * challenge_text
Definition: misc.h:96
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
static_challenge_info
Definition: misc.h:92
auth_challenge_info::state_id
const char * state_id
Definition: misc.h:85
buffer.h
platform.h
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
env_set
Definition: env_set.h:42
auth_challenge_info::user
const char * user
Definition: misc.h:84
plugin_list
Definition: plugin.h:94
common.h
basic.h
user_pass::token_defined
bool token_defined
Definition: misc.h:61
safe_print
const char * safe_print(const char *str, struct gc_arena *gc)
Definition: misc.c:537
USER_PASS_LEN
#define USER_PASS_LEN
Definition: misc.h:68
user_pass::password
char password[USER_PASS_LEN]
Definition: misc.h:72
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition: misc.c:713
auth_challenge_info::flags
unsigned int flags
Definition: misc.h:82
user_pass
Definition: misc.h:56
integer.h
set_std_files_to_null
void set_std_files_to_null(bool stdin_only)
Definition: misc.c:56
set_auth_token
void set_auth_token(struct user_pass *tk, const char *token)
Sets the auth-token to token.
Definition: misc.c:494