#include "syshead.h"#include "push.h"#include "options.h"#include "ssl.h"#include "ssl_verify.h"#include "ssl_ncp.h"#include "manage.h"#include "memdbg.h"#include "ssl_util.h"#include "options_util.h"
Go to the source code of this file.
Functions | |
| void | receive_auth_failed (struct context *c, const struct buffer *buffer) |
| void | server_pushed_signal (struct context *c, const struct buffer *buffer, const bool restart, const int adv) |
| void | receive_exit_message (struct context *c) |
| void | server_pushed_info (struct context *c, const struct buffer *buffer, const int adv) |
| void | receive_cr_response (struct context *c, const struct buffer *buffer) |
| static void | parse_auth_pending_keywords (const struct buffer *buffer, unsigned int *server_timeout) |
| Parse the keyword for the AUTH_PENDING request. More... | |
| void | receive_auth_pending (struct context *c, const struct buffer *buffer) |
| Parses an AUTH_PENDING message and if in pull mode extends the timeout. More... | |
| static bool | push_option_fmt (struct gc_arena *gc, struct push_list *push_list, int msglevel, const char *fmt,...) |
| Add an option to the given push list by providing a format string. More... | |
| void | send_auth_failed (struct context *c, const char *client_reason) |
| bool | send_auth_pending_messages (struct tls_multi *tls_multi, struct tls_session *session, const char *extra, unsigned int timeout) |
| Sends the auth pending control messages to a client. More... | |
| void | send_restart (struct context *c, const char *kill_msg) |
| void | incoming_push_message (struct context *c, const struct buffer *buffer) |
| bool | send_push_request (struct context *c) |
| void | prepare_auth_token_push_reply (struct tls_multi *tls_multi, struct gc_arena *gc, struct push_list *push_list) |
| Prepare push option for auth-token. More... | |
| bool | prepare_push_reply (struct context *c, struct gc_arena *gc, struct push_list *push_list) |
| Prepare push options, based on local options. More... | |
| static bool | send_push_options (struct context *c, struct buffer *buf, struct push_list *push_list, int safe_cap, bool *push_sent, bool *multi_push) |
| void | send_push_reply_auth_token (struct tls_multi *multi) |
| Sends a push reply message only containin the auth-token to update the auth-token on the client. More... | |
| bool | send_push_reply (struct context *c, struct push_list *per_client_push_list) |
| static void | push_option_ex (struct gc_arena *gc, struct push_list *push_list, const char *opt, bool enable, int msglevel) |
| void | push_option (struct options *o, const char *opt, int msglevel) |
| void | clone_push_list (struct options *o) |
| void | push_options (struct options *o, char **p, int msglevel, struct gc_arena *gc) |
| void | push_reset (struct options *o) |
| void | push_remove_option (struct options *o, const char *p) |
| int | process_incoming_push_request (struct context *c) |
| static void | push_update_digest (md_ctx_t *ctx, struct buffer *buf, const struct options *opt) |
| static int | process_incoming_push_reply (struct context *c, unsigned int permission_mask, unsigned int *option_types_found, struct buffer *buf) |
| int | process_incoming_push_msg (struct context *c, const struct buffer *buffer, bool honor_received_options, unsigned int permission_mask, unsigned int *option_types_found) |
| void | remove_iroutes_from_push_route_list (struct options *o) |
Variables | |
| static char | push_reply_cmd [] = "PUSH_REPLY" |
Function Documentation
◆ clone_push_list()
| void clone_push_list | ( | struct options * | o | ) |
Definition at line 873 of file push.c.
References options::gc, push_list::head, M_FATAL, push_entry::next, push_entry::option, options::push_list, push_option_ex(), push_reset(), and string_alloc().
Referenced by options_detach().
◆ incoming_push_message()
Definition at line 504 of file push.c.
References BSTR, context::c2, cleanup(), D_PUSH, D_PUSH_ERRORS, do_up(), context_2::es, event_timeout_clear(), gc_free(), gc_new(), msg, context::options, options_postprocess_pull(), process_incoming_push_msg(), options::pull, pull_permission_mask(), PUSH_MSG_CONTINUATION, PUSH_MSG_ERROR, PUSH_MSG_REPLY, options::push_option_types_found, context_2::push_request_interval, register_signal(), sanitize_control_message(), context::sig, status, and context_2::wait_for_connect.
Referenced by check_incoming_control_channel().
◆ parse_auth_pending_keywords()
|
static |
Parse the keyword for the AUTH_PENDING request.
- Parameters
-
buffer buffer containing the keywords, the buffer's content will be modified by this function server_timeout timeout pushed by the server or unchanged if the server does not push a timeout
Definition at line 293 of file push.c.
References BLEN, BSTR, buf_advance(), buf_parse(), buf_read_u8(), D_PUSH, management_set_state(), msg, OPENVPN_STATE_AUTH_PENDING, and OPTION_LINE_SIZE.
Referenced by receive_auth_pending().
◆ prepare_auth_token_push_reply()
| void prepare_auth_token_push_reply | ( | struct tls_multi * | tls_multi, |
| struct gc_arena * | gc, | ||
| struct push_list * | push_list | ||
| ) |
Prepare push option for auth-token.
- Parameters
-
tls_multi tls multi context of VPN tunnel gc gc arena for allocating push options push_list push list to where options are added
- Returns
- true on success, false on failure.
Definition at line 586 of file push.c.
References tls_multi::auth_token, M_USAGE, and push_option_fmt().
Referenced by prepare_push_reply(), and send_push_reply_auth_token().
◆ prepare_push_reply()
Prepare push options, based on local options.
- Parameters
-
context context structure storing data for VPN tunnel gc gc arena for allocating push options push_list push list to where options are added
- Returns
- true on success, false on failure.
Definition at line 611 of file push.c.
References alloc_buf_gc(), buf_len(), buf_printf(), buf_str(), context::c2, options::ce, options::ciphername, CO_USE_CC_EXIT_NOTIFY, CO_USE_DYNAMIC_TLS_CRYPT, CO_USE_TLS_KEY_MATERIAL_EXPORT, extract_var_peer_info(), options::gc, options::ifconfig_local, options::imported_protocol_flags, M_USAGE, M_WARN, msg, context::options, tls_multi::peer_id, tls_multi::peer_info, prepare_auth_token_push_reply(), print_in6_addr(), print_in_addr_t(), context_2::push_ifconfig_defined, options::push_ifconfig_ipv4_blocked, options::push_ifconfig_ipv6_blocked, context_2::push_ifconfig_ipv6_defined, context_2::push_ifconfig_ipv6_local, context_2::push_ifconfig_ipv6_netbits, context_2::push_ifconfig_ipv6_remote, context_2::push_ifconfig_local, context_2::push_ifconfig_local_alias, context_2::push_ifconfig_remote_netmask, push_option_fmt(), context_2::tls_multi, tls_peer_supports_ncp(), connection_entry::tun_mtu, and tls_multi::use_peer_id.
Referenced by process_incoming_push_request().
◆ process_incoming_push_msg()
| int process_incoming_push_msg | ( | struct context * | c, |
| const struct buffer * | buffer, | ||
| bool | honor_received_options, | ||
| unsigned int | permission_mask, | ||
| unsigned int * | option_types_found | ||
| ) |
Definition at line 1079 of file push.c.
References buf_string_compare_advance(), context::c2, process_incoming_push_reply(), process_incoming_push_request(), PUSH_MSG_ERROR, push_reply_cmd, and context_2::push_request_received.
Referenced by incoming_push_message().
◆ process_incoming_push_reply()
|
static |
Definition at line 1027 of file push.c.
References apply_push_options(), buf_read_u8(), context::c2, sha256_digest::digest, context_2::es, md_ctx_cleanup(), md_ctx_final(), md_ctx_free(), md_ctx_init(), md_ctx_new(), context::options, context_2::pulled_options_digest, context_2::pulled_options_digest_init_done, context_2::pulled_options_state, options::push_continuation, PUSH_MSG_CONTINUATION, PUSH_MSG_ERROR, PUSH_MSG_REPLY, and push_update_digest().
Referenced by process_incoming_push_msg().
◆ process_incoming_push_request()
| int process_incoming_push_request | ( | struct context * | c | ) |
Definition at line 959 of file push.c.
References context::c2, CAS_CONNECT_DONE, CAS_FAILED, gc_free(), gc_new(), tls_multi::multi_state, now, openvpn_time(), prepare_push_reply(), PUSH_MSG_ALREADY_REPLIED, PUSH_MSG_AUTH_FAILURE, PUSH_MSG_ERROR, PUSH_MSG_REQUEST, PUSH_MSG_REQUEST_DEFERRED, send_auth_failed(), send_push_reply(), context_2::sent_push_reply_expiry, TLS_AUTHENTICATION_FAILED, tls_authentication_status(), TLS_AUTHENTICATION_SUCCEEDED, tls_client_reason(), and context_2::tls_multi.
Referenced by multi_client_connect_late_setup(), and process_incoming_push_msg().
◆ push_option()
| void push_option | ( | struct options * | o, |
| const char * | opt, | ||
| int | msglevel | ||
| ) |
Definition at line 867 of file push.c.
References options::gc, options::push_list, and push_option_ex().
Referenced by helper_client_server(), helper_keepalive(), helper_tcp_nodelay(), multi_client_connect_compress_migrate(), and push_options().
◆ push_option_ex()
|
static |
Definition at line 838 of file push.c.
References ALLOC_OBJ_CLEAR_GC, ASSERT, CC_ANY, CC_COMMA, push_entry::enable, push_list::head, msg, push_entry::next, push_entry::option, string_class(), and push_list::tail.
Referenced by clone_push_list(), push_option(), and push_option_fmt().
◆ push_option_fmt()
|
static |
Add an option to the given push list by providing a format string.
The string added to the push options is allocated in o->gc, so the caller does not have to preserve anything.
- Parameters
-
gc GC arena where options are allocated push_list Push list containing options msglevel The message level to use when printing errors fmt Format string for the option ... Format string arguments
- Returns
- true on success, false on failure.
Definition at line 897 of file push.c.
References push_option_ex(), and string_alloc().
Referenced by prepare_auth_token_push_reply(), and prepare_push_reply().
◆ push_options()
Definition at line 889 of file push.c.
References make_extended_arg_array(), print_argv(), and push_option().
Referenced by add_option().
◆ push_remove_option()
| void push_remove_option | ( | struct options * | o, |
| const char * | p | ||
| ) |
Definition at line 921 of file push.c.
References D_PUSH_DEBUG, push_entry::enable, push_list::head, msg, push_entry::next, push_entry::option, options::push_ifconfig_ipv4_blocked, options::push_ifconfig_ipv6_blocked, options::push_list, and streq.
Referenced by add_option().
◆ push_reset()
| void push_reset | ( | struct options * | o | ) |
Definition at line 915 of file push.c.
References CLEAR, and options::push_list.
Referenced by add_option(), and clone_push_list().
◆ push_update_digest()
|
static |
Definition at line 1005 of file push.c.
References buf_parse(), options::ce, md_ctx_update(), OPTION_PARM_SIZE, strprefix(), and connection_entry::tun_mtu_defined.
Referenced by process_incoming_push_reply().
◆ receive_auth_failed()
Definition at line 50 of file push.c.
References AR_INTERACT, AR_NOINTERACT, AR_NONE, ASSERT, auth_retry_get(), BLEN, BSTR, buf_string_compare_advance(), buf_string_match_head_str(), M_VERB0, management_auth_failure(), msg, options::no_advance, context::options, parse_auth_failed_temp(), options::pull, register_signal(), context::sig, ssl_clean_auth_token(), ssl_purge_auth(), ssl_put_auth_challenge(), and UP_TYPE_AUTH.
Referenced by check_incoming_control_channel().
◆ receive_auth_pending()
Parses an AUTH_PENDING message and if in pull mode extends the timeout.
- Parameters
-
c The context struct buffer Buffer containing the control message with AUTH_PENDING
Definition at line 336 of file push.c.
References context::c2, D_PUSH, key_state::established, get_primary_key(), options::handshake_window, max_uint(), min_uint(), msg, context::options, parse_auth_pending_keywords(), options::pull, context_2::push_request_timeout, options::renegotiate_seconds, and context_2::tls_multi.
Referenced by check_incoming_control_channel().
◆ receive_cr_response()
Definition at line 261 of file push.c.
References BLEN, BSTR, buf_advance(), buf_read_u8(), context::c2, D_PUSH, es, get_primary_key(), management_notify_client_cr_response(), key_state::mda_key_id, msg, tls_multi::session, context_2::tls_multi, TM_ACTIVE, verify_crresponse_plugin(), and verify_crresponse_script().
Referenced by check_incoming_control_channel().
◆ receive_exit_message()
| void receive_exit_message | ( | struct context * | c | ) |
Definition at line 191 of file push.c.
References D_STREAM_ERRORS, dmsg, management_notify(), options::mode, MODE_SERVER, context::options, register_signal(), schedule_exit(), options::scheduled_exit_interval, and context::sig.
Referenced by check_incoming_control_channel().
◆ remove_iroutes_from_push_route_list()
| void remove_iroutes_from_push_route_list | ( | struct options * | o | ) |
Definition at line 1109 of file push.c.
References CLEAR, D_PUSH, D_ROUTE_DEBUG, push_entry::enable, gc_free(), gc_new(), get_ipv6_addr(), getaddr(), GETADDR_HOST_ORDER, push_list::head, options::iroutes, options::iroutes_ipv6, MAX_PARMS, msg, iroute::netbits, iroute_ipv6::netbits, netbits_to_netmask(), iroute::network, iroute_ipv6::network, push_entry::next, iroute::next, iroute_ipv6::next, push_entry::option, parse_line(), options::push_list, and SIZE.
Referenced by multi_client_connect_late_setup().
◆ send_auth_failed()
| void send_auth_failed | ( | struct context * | c, |
| const char * | client_reason | ||
| ) |
Definition at line 392 of file push.c.
References alloc_buf_gc(), BSTR, buf_printf(), context::c2, D_PUSH, D_TLS_DEBUG, event_timeout_defined(), gc_free(), gc_new(), buffer::len, msg, context::options, PUSH_BUNDLE_SIZE, reschedule_multi_process(), schedule_exit(), context_2::scheduled_exit, options::scheduled_exit_interval, send_control_channel_string_dowork(), tls_multi::session, context_2::tls_multi, TM_ACTIVE, and TM_INITIAL.
Referenced by check_tls(), and process_incoming_push_request().
◆ send_auth_pending_messages()
| bool send_auth_pending_messages | ( | struct tls_multi * | tls_multi, |
| struct tls_session * | session, | ||
| const char * | extra, | ||
| unsigned int | timeout | ||
| ) |
Sends the auth pending control messages to a client.
See doc/management-notes.txt under client-pending-auth for more details on message format
Definition at line 436 of file push.c.
References alloc_buf_gc(), key_state::auth_deferred_expire, BSTR, buf_printf(), D_PUSH, extract_iv_proto(), gc_free(), gc_new(), tls_options::handshake_window, key_state::initial, IV_PROTO_AUTH_PENDING_KW, session::key, KS_PRIMARY, buffer::len, max_uint(), min_uint(), now, tls_multi::opt, tls_multi::peer_info, PUSH_BUNDLE_SIZE, tls_options::renegotiate_seconds, and send_control_channel_string_dowork().
Referenced by key_state_check_auth_pending_file(), and management_client_pending_auth().
◆ send_push_options()
|
static |
Definition at line 714 of file push.c.
References BLEN, BSTR, buf_printf(), buf_reset_len(), D_PUSH, push_entry::enable, push_list::head, M_WARN, msg, push_entry::next, push_entry::option, push_reply_cmd, send_control_channel_string(), and status.
Referenced by send_push_reply().
◆ send_push_reply()
Definition at line 773 of file push.c.
References alloc_buf_gc(), BCAP, BLEN, BSTR, buf_printf(), buf_reset_len(), D_PUSH, gc_free(), gc_new(), context::options, PUSH_BUNDLE_SIZE, options::push_list, push_reply_cmd, send_control_channel_string(), send_push_options(), and status.
Referenced by process_incoming_push_request().
◆ send_push_reply_auth_token()
| void send_push_reply_auth_token | ( | struct tls_multi * | multi | ) |
Sends a push reply message only containin the auth-token to update the auth-token on the client.
Always pushes to the active session
- Parameters
-
multi - The tls_multistructure belonging to the instance to push to
Definition at line 753 of file push.c.
Referenced by resend_auth_token_renegotiation().
◆ send_push_request()
| bool send_push_request | ( | struct context * | c | ) |
Definition at line 549 of file push.c.
References context::c2, D_PUSH, D_STREAM_ERRORS, key_state::established, get_primary_key(), options::handshake_window, msg, now, context::options, key_state::peer_last_packet, context_2::push_request_timeout, register_signal(), send_control_channel_string(), context::sig, and context_2::tls_multi.
Referenced by check_push_request().
◆ send_restart()
| void send_restart | ( | struct context * | c, |
| const char * | kill_msg | ||
| ) |
Definition at line 493 of file push.c.
References D_PUSH, context::options, schedule_exit(), options::scheduled_exit_interval, and send_control_channel_string().
Referenced by management_kill_by_cid().
◆ server_pushed_info()
Definition at line 223 of file push.c.
References alloc_buf_gc(), BLEN, BSTR, buf_advance(), buf_printf(), buf_read_u8(), D_PUSH, D_PUSH_ERRORS, gc_free(), gc_new(), management_notify_generic(), and msg.
Referenced by check_incoming_control_channel().
◆ server_pushed_signal()
| void server_pushed_signal | ( | struct context * | c, |
| const struct buffer * | buffer, | ||
| const bool | restart, | ||
| const int | adv | ||
| ) |
Definition at line 131 of file push.c.
References BLEN, BSTR, buf_advance(), buf_read_u8(), D_STREAM_ERRORS, management_notify(), msg, options::no_advance, context::options, options::pull, register_signal(), context::sig, signal_info::signal_text, and ssl_purge_auth().
Referenced by check_incoming_control_channel().
Variable Documentation
◆ push_reply_cmd
|
static |
Definition at line 41 of file push.c.
Referenced by process_incoming_push_msg(), send_push_options(), send_push_reply(), and send_push_reply_auth_token().
