OpenVPN
misc.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef MISC_H
25 #define MISC_H
26 
27 #include "argv.h"
28 #include "basic.h"
29 #include "common.h"
30 #include "env_set.h"
31 #include "integer.h"
32 #include "buffer.h"
33 #include "platform.h"
34 
35 /* forward declarations */
36 struct plugin_list;
37 
38 
39 /* Set standard file descriptors to /dev/null */
40 void set_std_files_to_null(bool stdin_only);
41 
42 /* Make arrays of strings */
43 
44 const char **make_arg_array(const char *first, const char *parms, struct gc_arena *gc);
45 
46 const char **make_extended_arg_array(char **p, bool is_inline,
47  struct gc_arena *gc);
48 
49 /* prepend a random prefix to hostname */
50 const char *hostname_randomize(const char *hostname, struct gc_arena *gc);
51 
52 /*
53  * Get and store a username/password
54  */
55 
56 struct user_pass
57 {
58  bool defined;
59  /* For auth-token username and token can be set individually, so we
60  * use this second bool to track if the token (password) is defined */
62  bool nocache;
63 
64 /* max length of username/password */
65 #ifdef ENABLE_PKCS11
66 #define USER_PASS_LEN 4096
67 #else
68 #define USER_PASS_LEN 128
69 #endif
72 };
73 
74 #ifdef ENABLE_MANAGEMENT
75 /*
76  * Challenge response info on client as pushed by server.
77  */
79 #define CR_ECHO (1<<0) /* echo response when typed by user */
80 #define CR_RESPONSE (1<<1) /* response needed */
81  unsigned int flags;
82 
83  const char *user;
84  const char *state_id;
85  const char *challenge_text;
86 };
87 
88 struct auth_challenge_info *get_auth_challenge(const char *auth_challenge, struct gc_arena *gc);
89 
90 /*
91  * Challenge response info on client as pushed by server.
92  */
94 #define SC_ECHO (1<<0) /* echo response when typed by user */
95  unsigned int flags;
96 
97  const char *challenge_text;
98 };
99 
100 #else /* ifdef ENABLE_MANAGEMENT */
101 struct auth_challenge_info {};
102 struct static_challenge_info {};
103 #endif /* ifdef ENABLE_MANAGEMENT */
104 
105 /*
106  * Flags for get_user_pass and management_query_user_pass
107  */
108 #define GET_USER_PASS_MANAGEMENT (1<<0)
109 /* GET_USER_PASS_SENSITIVE (1<<1) not used anymore */
110 #define GET_USER_PASS_PASSWORD_ONLY (1<<2)
111 #define GET_USER_PASS_NEED_OK (1<<3)
112 #define GET_USER_PASS_NOFATAL (1<<4)
113 #define GET_USER_PASS_NEED_STR (1<<5)
114 #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6)
115 
116 #define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */
117 #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */
118 #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */
119 
120 #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */
121 
122 bool get_user_pass_cr(struct user_pass *up,
123  const char *auth_file,
124  const char *prefix,
125  const unsigned int flags,
126  const char *auth_challenge);
127 
128 static inline bool
130  const char *auth_file,
131  const char *prefix,
132  const unsigned int flags)
133 {
134  return get_user_pass_cr(up, auth_file, prefix, flags, NULL);
135 }
136 
137 void fail_user_pass(const char *prefix,
138  const unsigned int flags,
139  const char *reason);
140 
141 void purge_user_pass(struct user_pass *up, const bool force);
142 
155 void set_auth_token(struct user_pass *up, struct user_pass *tk,
156  const char *token);
157 
167 void set_auth_token_user(struct user_pass *tk, const char *username);
168 
169 /*
170  * Process string received by untrusted peer before
171  * printing to console or log file.
172  * Assumes that string has been null terminated.
173  */
174 const char *safe_print(const char *str, struct gc_arena *gc);
175 
176 
177 void configure_path(void);
178 
179 const char *sanitize_control_message(const char *str, struct gc_arena *gc);
180 
181 /*
182  * /sbin/ip path, may be overridden
183  */
184 #ifdef ENABLE_IPROUTE
185 extern const char *iproute_path;
186 #endif
187 
188 /* helper to parse peer_info received from multi client, validate
189  * (this is untrusted data) and put into environment */
190 bool validate_peer_info_line(char *line);
191 
192 void output_peer_info_env(struct env_set *es, const char *peer_info);
193 
205 int
206 get_num_elements(const char *string, char delimiter);
207 
211 struct buffer
212 prepend_dir(const char *dir, const char *path, struct gc_arena *gc);
213 
214 #endif /* ifndef MISC_H */
unsigned int flags
Definition: misc.h:81
#define USER_PASS_LEN
Definition: misc.h:68
bool validate_peer_info_line(char *line)
Definition: misc.c:719
void fail_user_pass(const char *prefix, const unsigned int flags, const char *reason)
bool defined
Definition: misc.h:58
void set_std_files_to_null(bool stdin_only)
Definition: misc.c:58
char username[USER_PASS_LEN]
Definition: misc.h:70
list flags
const char * state_id
Definition: misc.h:84
static char * auth_challenge
Definition: ssl.c:393
bool nocache
Definition: misc.h:62
void configure_path(void)
void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
Sets the auth-token to token.
Definition: misc.c:490
const char * challenge_text
Definition: misc.h:85
const char * challenge_text
Definition: misc.h:97
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of &#39;delimiter&#39; in a string +1 This is typically used to find out the number e...
Definition: misc.c:779
const char ** make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc)
Definition: misc.c:626
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:84
const char * user
Definition: misc.h:83
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Definition: misc.h:129
const char ** make_arg_array(const char *first, const char *parms, struct gc_arena *gc)
Definition: misc.c:549
unsigned int flags
Definition: misc.h:95
struct auth_challenge_info * get_auth_challenge(const char *auth_challenge, struct gc_arena *gc)
Definition: misc.c:398
void purge_user_pass(struct user_pass *up, const bool force)
Definition: misc.c:469
Definition: misc.h:56
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
const char * sanitize_control_message(const char *str, struct gc_arena *gc)
Definition: misc.c:656
void set_auth_token_user(struct user_pass *tk, const char *username)
Sets the auth-token username by base64 decoding the passed username.
Definition: misc.c:518
char password[USER_PASS_LEN]
Definition: misc.h:71
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Definition: misc.c:136
bool token_defined
Definition: misc.h:61
const char * safe_print(const char *str, struct gc_arena *gc)
Definition: misc.c:543
void output_peer_info_env(struct env_set *es, const char *peer_info)
Definition: misc.c:757