26 #elif defined(_MSC_VER) 88 #ifdef ENABLE_MANAGEMENT 91 const char *reason = NULL;
92 struct buffer buf = *buffer;
104 #ifdef ENABLE_MANAGEMENT 105 struct buffer buf = *buffer;
124 struct buffer buf = *buffer;
139 for (i = 1; m[i] !=
'\0' && m[i] !=
']'; ++i)
145 else if (m[i] ==
'N')
170 #ifdef ENABLE_MANAGEMENT 184 struct buffer buf = *buffer;
191 #ifdef ENABLE_MANAGEMENT 208 msg(
D_PUSH,
"Info command was pushed by server ('%s')", m);
214 struct buffer buf = *buffer;
221 #ifdef ENABLE_MANAGEMENT 230 msg(
D_PUSH,
"CR response was sent by client ('%s')", m);
242 unsigned int *server_timeout)
244 struct buffer buf = *buffer;
250 #ifdef ENABLE_MANAGEMENT 254 "", NULL, NULL, NULL, NULL);
264 #ifdef ENABLE_MANAGEMENT 270 BSTR(&buf), NULL, NULL, NULL, NULL);
274 while (
buf_parse(&buf,
',', line,
sizeof(line)))
276 if (sscanf(line,
"timeout %u", server_timeout) != 1)
278 msg(
D_PUSH,
"ignoring AUTH_PENDING parameter: %s", line);
299 msg(
D_PUSH,
"AUTH_PENDING received, extending handshake timeout from %us " 301 min_uint(max_timeout, server_timeout));
322 int msglevel,
const char *fmt, ...)
324 #if __USE_MINGW_ANSI_STDIO 347 static const char auth_failed[] =
"AUTH_FAILED";
352 len = (client_reason ? strlen(client_reason)+1 : 0) +
sizeof(auth_failed);
374 unsigned int timeout)
378 static const char info_pre[] =
"INFO_PRE,";
380 const char *
const peer_info = tls_multi->
peer_info;
387 max_timeout = max_timeout - (
now - ks->
initial);
388 timeout =
min_uint(max_timeout, timeout);
397 static const char auth_pre[] =
"AUTH_PENDING,timeout ";
400 size_t len = 20 + 1 +
sizeof(auth_pre);
407 size_t len = strlen(extra) + 1 +
sizeof(info_pre);
443 unsigned int option_types_found = 0;
449 &option_types_found);
519 struct push_list *push_list)
544 struct push_list *push_list)
606 struct push_list *push_list,
int safe_cap,
607 bool *push_sent,
bool *multi_push)
616 const int l = strlen(e->
option);
617 if (
BLEN(buf) + l >= safe_cap)
632 if (
BLEN(buf) + l >= safe_cap)
634 msg(
M_WARN,
"--push option is too long");
648 struct push_list push_list = { 0 };
668 bool multi_push =
false;
669 const int extra = 84;
670 const int safe_cap =
BCAP(&buf) - extra;
671 bool push_sent =
false;
677 &push_sent, &multi_push))
684 &push_sent, &multi_push))
730 const char *opt,
bool enable,
int msglevel)
734 msg(msglevel,
"PUSH OPTION FAILED (illegal comma (',') in string): '%s'", opt);
789 int msglevel,
const char *format, ...)
794 va_start(arglist, format);
795 len =
vsnprintf(tmp,
sizeof(tmp), format, arglist);
797 if (len >
sizeof(tmp)-1)
817 if (
streq(p,
"ifconfig"))
824 if (
streq( p,
"ifconfig-ipv6" ))
838 && strncmp( e->
option, p, strlen(p) ) == 0)
875 struct push_list push_list = { 0 };
899 while (
buf_parse(buf,
',', line,
sizeof(line)))
917 unsigned int permission_mask,
918 unsigned int *option_types_found,
925 struct buffer buf_orig = (*buf);
970 bool honor_received_options,
971 unsigned int permission_mask,
972 unsigned int *option_types_found)
974 struct buffer buf = *buffer;
981 else if (honor_received_options
985 option_types_found, &buf);
1017 if (p[0] && !strcmp(p[0],
"route") && !p[3])
1020 bool status1, status2;
1025 if (status1 && status2)
bool string_class(const char *str, const unsigned int inclusive, const unsigned int exclusive)
void receive_auth_failed(struct context *c, const struct buffer *buffer)
void prepare_auth_token_push_reply(struct tls_multi *tls_multi, struct gc_arena *gc, struct push_list *push_list)
Prepare push option for auth-token.
static void buf_reset_len(struct buffer *buf)
#define TM_ACTIVE
Active tls_session.
Security parameter state of one TLS and data channel key session.
void send_restart(struct context *c, const char *kill_msg)
static const char * tls_client_reason(struct tls_multi *multi)
md_ctx_t * md_ctx_new(void)
struct options options
Options loaded from command line or configuration file.
#define PUSH_MSG_CONTINUATION
bool push_ifconfig_ipv6_blocked
void ssl_put_auth_challenge(const char *cr_str)
char * string_alloc(const char *str, struct gc_arena *gc)
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Translate an IPv4 addr or hostname from string form to in_addr_t.
static bool buf_advance(struct buffer *buf, int size)
bool do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
void clone_push_list(struct options *o)
Contains all state information for one tunnel.
#define IV_PROTO_AUTH_PENDING_KW
Supports signaling keywords with AUTH_PENDING, e.g.
bool push_ifconfig_defined
static void gc_free(struct gc_arena *a)
void receive_auth_pending(struct context *c, const struct buffer *buffer)
Parses an AUTH_PENDING message and if in pull mode extends the timeout.
static const struct key_state * get_primary_key(const struct tls_multi *multi)
gets an item of key_state objects in the order they should be scanned by data channel modules...
void send_auth_failed(struct context *c, const char *client_reason)
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
void management_auth_failure(struct management *man, const char *type, const char *reason)
in_addr_t push_ifconfig_local
enum multi_status multi_state
Security parameter state for a single VPN tunnel.
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
void send_push_reply_auth_token(struct tls_multi *multi)
Sends a push reply message only containin the auth-token to update the auth-token on the client...
bool pulled_options_digest_init_done
struct in6_addr push_ifconfig_ipv6_local
struct event_timeout wait_for_connect
static in_addr_t netbits_to_netmask(const int netbits)
unsigned int extract_iv_proto(const char *peer_info)
Extracts the IV_PROTO variable and returns its value or 0 if it cannot be extracted.
void push_reset(struct options *o)
void md_ctx_free(md_ctx_t *ctx)
struct in6_addr push_ifconfig_ipv6_remote
void receive_cr_response(struct context *c, const struct buffer *buffer)
bool buf_printf(struct buffer *buf, const char *format,...)
struct man_def_auth_context * mda_context
static void event_timeout_clear(struct event_timeout *et)
static int buf_read_u8(struct buffer *buf)
struct signal_info * sig
Internal error signaling object.
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
char * print_argv(const char **p, struct gc_arena *gc, const unsigned int flags)
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer...
int scheduled_exit_interval
static int process_incoming_push_reply(struct context *c, unsigned int permission_mask, unsigned int *option_types_found, struct buffer *buf)
bool send_push_request(struct context *c)
unsigned int data_channel_crypto_flags
static void parse_auth_pending_keywords(const struct buffer *buffer, unsigned int *server_timeout)
Parse the keyword for the AUTH_PENDING request.
bool tls_peer_supports_ncp(const char *peer_info)
Returns whether the client supports NCP either by announcing IV_NCP>=2 or the IV_CIPHERS list...
bool send_control_channel_string_dowork(struct tls_multi *multi, const char *str, int msglevel)
int len
Length in bytes of the actual content within the allocated memory.
bool push_request_received
static bool push_option_fmt(struct gc_arena *gc, struct push_list *push_list, int msglevel, const char *fmt,...)
Add an option to the given push list by providing a format string.
void md_ctx_final(md_ctx_t *ctx, uint8_t *dst)
void push_remove_option(struct options *o, const char *p)
md_ctx_t * pulled_options_state
interval_t renegotiate_seconds
static char push_reply_cmd[]
int process_incoming_push_msg(struct context *c, const struct buffer *buffer, bool honor_received_options, unsigned int permission_mask, unsigned int *option_types_found)
void md_ctx_update(md_ctx_t *ctx, const uint8_t *src, int src_len)
#define PUSH_MSG_REQUEST_DEFERRED
static struct gc_arena gc_new(void)
void management_notify_generic(struct management *man, const char *str)
in_addr_t push_ifconfig_local_alias
static void push_option_ex(struct gc_arena *gc, struct push_list *push_list, const char *opt, bool enable, int msglevel)
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
static bool event_timeout_defined(const struct event_timeout *et)
int push_ifconfig_ipv6_netbits
enum tls_auth_status tls_authentication_status(struct tls_multi *multi)
Return current session authentication state of the tls_multi structure This will return TLS_AUTHENTIC...
void remove_iroutes_from_push_route_list(struct options *o)
uint8_t digest[SHA256_DIGEST_LENGTH]
void ssl_purge_auth(const bool auth_user_pass_only)
void push_options(struct options *o, char **p, int msglevel, struct gc_arena *gc)
#define CO_USE_TLS_KEY_MATERIAL_EXPORT
Bit-flag indicating that data channel key derivation is done using TLS keying material export [RFC570...
struct event_timeout scheduled_exit
static bool send_push_options(struct context *c, struct buffer *buf, struct push_list *push_list, int safe_cap, bool *push_sent, bool *multi_push)
const char * sanitize_control_message(const char *src, struct gc_arena *gc)
const char ** make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc)
const md_kt_t * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
static time_t openvpn_time(time_t *t)
static struct key_state * get_key_scan(struct tls_multi *multi, int index)
gets an item of key_state objects in the order they should be scanned by data channel modules...
bool push_ifconfig_ipv4_blocked
void incoming_push_message(struct context *c, const struct buffer *buffer)
#define GETADDR_HOST_ORDER
struct connection_entry ce
struct context_2 c2
Level 2 context.
struct push_list push_list
unsigned int pull_permission_mask(const struct context *c)
time_t sent_push_reply_expiry
void md_ctx_cleanup(md_ctx_t *ctx)
#define PUSH_MSG_AUTH_FAILURE
time_t auth_deferred_expire
bool prepare_push_reply(struct context *c, struct gc_arena *gc, struct push_list *push_list)
Prepare push options, based on local options.
int key_id
Key id for this key_state, inherited from struct tls_session.
struct event_timeout push_request_interval
unsigned int push_option_types_found
bool push_ifconfig_ipv6_defined
volatile int signal_received
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
char * auth_token
If server sends a generated auth-token, this is the token to use for future user/pass authentications...
bool ssl_clean_auth_token(void)
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
time_t push_request_timeout
void register_signal(struct context *c, int sig, const char *text)
Security parameter state of a single session within a VPN tunnel.
struct sha256_digest pulled_options_digest
bool send_push_reply(struct context *c, struct push_list *per_client_push_list)
Wrapper structure for dynamically allocated memory.
#define PUSH_MSG_ALREADY_REPLIED
void server_pushed_signal(struct context *c, const struct buffer *buffer, const bool restart, const int adv)
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
static void push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options *opt)
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
static unsigned int max_uint(unsigned int x, unsigned int y)
Garbage collection arena used to keep track of dynamically allocated memory.
void md_ctx_init(md_ctx_t *ctx, const md_kt_t *kt)
static unsigned int min_uint(unsigned int x, unsigned int y)
const char * ifconfig_local
int process_incoming_push_request(struct context *c)
void push_option(struct options *o, const char *opt, int msglevel)
bool send_auth_pending_messages(struct tls_multi *tls_multi, const char *extra, unsigned int timeout)
Sends the auth pending control messages to a client.
static SERVICE_STATUS status
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
in_addr_t push_ifconfig_remote_netmask
bool apply_push_options(struct options *options, struct buffer *buf, unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
void schedule_exit(struct context *c, const int n_seconds, const int signal)
#define OPENVPN_STATE_AUTH_PENDING
static bool strprefix(const char *str, const char *prefix)
Return true iff str starts with prefix.
mbedtls_md_context_t md_ctx_t
Generic message digest context.
bool buf_string_match_head_str(const struct buffer *src, const char *match)
void server_pushed_info(struct context *c, const struct buffer *buffer, const int adv)
bool buf_string_compare_advance(struct buffer *src, const char *match)