OpenVPN
ssl_verify.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #include "base64.h"
38 #include "manage.h"
39 #include "otime.h"
40 #include "run_command.h"
41 #include "ssl_verify.h"
42 #include "ssl_verify_backend.h"
43 
44 #ifdef ENABLE_CRYPTO_OPENSSL
45 #include "ssl_verify_openssl.h"
46 #endif
47 #include "auth_token.h"
48 #include "push.h"
49 #include "ssl_util.h"
50 
52 #define TLS_USERNAME_LEN 64
53 
54 static void
56 {
57  string_mod(str, CC_PRINT, CC_CRLF, '_');
58 }
59 
60 /*
61  * Export the untrusted IP address and port to the environment
62  */
63 static void
65 {
66  setenv_link_socket_actual(session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT);
67 }
68 
69 /*
70  * Remove authenticated state from all sessions in the given tunnel
71  */
72 static void
74 {
75  if (multi)
76  {
77  wipe_auth_token(multi);
78  for (int i = 0; i < TM_SIZE; ++i)
79  {
80  for (int j = 0; j < KS_SIZE; ++j)
81  {
82  multi->session[i].key[j].authenticated = KS_AUTH_FALSE;
83  }
84  }
85  }
86 }
87 
88 /*
89  * Set the given session's common_name
90  */
91 static void
92 set_common_name(struct tls_session *session, const char *common_name)
93 {
94  if (session->common_name)
95  {
96  free(session->common_name);
97  session->common_name = NULL;
98 #ifdef ENABLE_PF
99  session->common_name_hashval = 0;
100 #endif
101  }
102  if (common_name)
103  {
104  /* FIXME: Last alloc will never be freed */
105  session->common_name = string_alloc(common_name, NULL);
106 #ifdef ENABLE_PF
107  {
108  const uint32_t len = (uint32_t) strlen(common_name);
109  if (len)
110  {
111  session->common_name_hashval = hash_func((const uint8_t *)common_name, len+1, 0);
112  }
113  else
114  {
115  session->common_name_hashval = 0;
116  }
117  }
118 #endif
119  }
120 }
121 
122 /*
123  * Retrieve the common name for the given tunnel's active session. If the
124  * common name is NULL or empty, return NULL if null is true, or "UNDEF" if
125  * null is false.
126  */
127 const char *
128 tls_common_name(const struct tls_multi *multi, const bool null)
129 {
130  const char *ret = NULL;
131  if (multi)
132  {
133  ret = multi->session[TM_ACTIVE].common_name;
134  }
135  if (ret && strlen(ret))
136  {
137  return ret;
138  }
139  else if (null)
140  {
141  return NULL;
142  }
143  else
144  {
145  return "UNDEF";
146  }
147 }
148 
149 /*
150  * Lock the common name for the given tunnel.
151  */
152 void
154 {
155  const char *cn = multi->session[TM_ACTIVE].common_name;
156  if (cn && !multi->locked_cn)
157  {
158  multi->locked_cn = string_alloc(cn, NULL);
159  }
160 }
161 
162 /*
163  * Lock the username for the given tunnel
164  */
165 static bool
166 tls_lock_username(struct tls_multi *multi, const char *username)
167 {
168  if (multi->locked_username)
169  {
170  if (!username || strcmp(username, multi->locked_username))
171  {
172  msg(D_TLS_ERRORS, "TLS Auth Error: username attempted to change from '%s' to '%s' -- tunnel disabled",
173  multi->locked_username,
174  np(username));
175 
176  /* disable the tunnel */
177  tls_deauthenticate(multi);
178  return false;
179  }
180  }
181  else
182  {
183  if (username)
184  {
185  multi->locked_username = string_alloc(username, NULL);
186  }
187  }
188  return true;
189 }
190 
191 const char *
192 tls_username(const struct tls_multi *multi, const bool null)
193 {
194  const char *ret = NULL;
195  if (multi)
196  {
197  ret = multi->locked_username;
198  }
199  if (ret && strlen(ret))
200  {
201  return ret;
202  }
203  else if (null)
204  {
205  return NULL;
206  }
207  else
208  {
209  return "UNDEF";
210  }
211 }
212 
213 void
214 cert_hash_remember(struct tls_session *session, const int error_depth,
215  const struct buffer *cert_hash)
216 {
217  if (error_depth >= 0 && error_depth < MAX_CERT_DEPTH)
218  {
219  if (!session->cert_hash_set)
220  {
221  ALLOC_OBJ_CLEAR(session->cert_hash_set, struct cert_hash_set);
222  }
223  if (!session->cert_hash_set->ch[error_depth])
224  {
225  ALLOC_OBJ(session->cert_hash_set->ch[error_depth], struct cert_hash);
226  }
227 
228  struct cert_hash *ch = session->cert_hash_set->ch[error_depth];
229  ASSERT(sizeof(ch->sha256_hash) == BLEN(cert_hash));
230  memcpy(ch->sha256_hash, BPTR(cert_hash), sizeof(ch->sha256_hash));
231  }
232 }
233 
234 void
236 {
237  if (chs)
238  {
239  int i;
240  for (i = 0; i < MAX_CERT_DEPTH; ++i)
241  {
242  free(chs->ch[i]);
243  }
244  free(chs);
245  }
246 }
247 
248 bool
249 cert_hash_compare(const struct cert_hash_set *chs1, const struct cert_hash_set *chs2)
250 {
251  if (chs1 && chs2)
252  {
253  int i;
254  for (i = 0; i < MAX_CERT_DEPTH; ++i)
255  {
256  const struct cert_hash *ch1 = chs1->ch[i];
257  const struct cert_hash *ch2 = chs2->ch[i];
258 
259  if (!ch1 && !ch2)
260  {
261  continue;
262  }
263  else if (ch1 && ch2 && !memcmp(ch1->sha256_hash, ch2->sha256_hash,
264  sizeof(ch1->sha256_hash)))
265  {
266  continue;
267  }
268  else
269  {
270  return false;
271  }
272  }
273  return true;
274  }
275  else if (!chs1 && !chs2)
276  {
277  return true;
278  }
279  else
280  {
281  return false;
282  }
283 }
284 
285 static struct cert_hash_set *
286 cert_hash_copy(const struct cert_hash_set *chs)
287 {
288  struct cert_hash_set *dest = NULL;
289  if (chs)
290  {
291  int i;
292  ALLOC_OBJ_CLEAR(dest, struct cert_hash_set);
293  for (i = 0; i < MAX_CERT_DEPTH; ++i)
294  {
295  const struct cert_hash *ch = chs->ch[i];
296  if (ch)
297  {
298  ALLOC_OBJ(dest->ch[i], struct cert_hash);
299  memcpy(dest->ch[i]->sha256_hash, ch->sha256_hash,
300  sizeof(dest->ch[i]->sha256_hash));
301  }
302  }
303  }
304  return dest;
305 }
306 void
308 {
309  const struct cert_hash_set *chs = multi->session[TM_ACTIVE].cert_hash_set;
310  if (chs && !multi->locked_cert_hash_set)
311  {
312  multi->locked_cert_hash_set = cert_hash_copy(chs);
313  }
314 }
315 
316 /*
317  * Returns the string associated with the given certificate type.
318  */
319 static const char *
321 {
322  switch (type)
323  {
325  return "SERVER";
326 
328  return "CLIENT";
329 
330  default:
331  return "?";
332  }
333 }
334 
335 /*
336  * Verify the peer's certificate fields.
337  *
338  * @param opt the tls options to verify against
339  * @param peer_cert the peer's certificate
340  * @param subject the peer's extracted subject name
341  * @param subject the peer's extracted common name
342  */
343 static result_t
344 verify_peer_cert(const struct tls_options *opt, openvpn_x509_cert_t *peer_cert,
345  const char *subject, const char *common_name)
346 {
347  /* verify certificate nsCertType */
348  if (opt->ns_cert_type != NS_CERT_CHECK_NONE)
349  {
350  if (SUCCESS == x509_verify_ns_cert_type(peer_cert, opt->ns_cert_type))
351  {
352  msg(D_HANDSHAKE, "VERIFY OK: nsCertType=%s",
354  }
355  else
356  {
357  msg(D_HANDSHAKE, "VERIFY nsCertType ERROR: %s, require nsCertType=%s",
358  subject, print_nsCertType(opt->ns_cert_type));
359  return FAILURE; /* Reject connection */
360  }
361  }
362 
363  /* verify certificate ku */
364  if (opt->remote_cert_ku[0] != 0)
365  {
366  if (SUCCESS == x509_verify_cert_ku(peer_cert, opt->remote_cert_ku, MAX_PARMS))
367  {
368  msg(D_HANDSHAKE, "VERIFY KU OK");
369  }
370  else
371  {
372  msg(D_HANDSHAKE, "VERIFY KU ERROR");
373  return FAILURE; /* Reject connection */
374  }
375  }
376 
377  /* verify certificate eku */
378  if (opt->remote_cert_eku != NULL)
379  {
380  if (SUCCESS == x509_verify_cert_eku(peer_cert, opt->remote_cert_eku))
381  {
382  msg(D_HANDSHAKE, "VERIFY EKU OK");
383  }
384  else
385  {
386  msg(D_HANDSHAKE, "VERIFY EKU ERROR");
387  return FAILURE; /* Reject connection */
388  }
389  }
390 
391  /* verify X509 name or username against --verify-x509-[user]name */
393  {
395  && strcmp(opt->verify_x509_name, subject) == 0)
397  && strcmp(opt->verify_x509_name, common_name) == 0)
399  && strncmp(opt->verify_x509_name, common_name,
400  strlen(opt->verify_x509_name)) == 0) )
401  {
402  msg(D_HANDSHAKE, "VERIFY X509NAME OK: %s", subject);
403  }
404  else
405  {
406  msg(D_HANDSHAKE, "VERIFY X509NAME ERROR: %s, must be %s",
407  subject, opt->verify_x509_name);
408  return FAILURE; /* Reject connection */
409  }
410  }
411 
412  return SUCCESS;
413 }
414 
415 /*
416  * Export the subject, common_name, and raw certificate fields to the
417  * environment for later verification by scripts and plugins.
418  */
419 static void
420 verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert_depth,
421  const char *subject, const char *common_name,
422  const struct x509_track *x509_track)
423 {
424  char envname[64];
425  char *serial = NULL;
426  struct gc_arena gc = gc_new();
427 
428  /* Save X509 fields in environment */
429  if (x509_track)
430  {
431  x509_setenv_track(x509_track, es, cert_depth, peer_cert);
432  }
433  else
434  {
435  x509_setenv(es, cert_depth, peer_cert);
436  }
437 
438  /* export subject name string as environmental variable */
439  openvpn_snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth);
440  setenv_str(es, envname, subject);
441 
442 #if 0
443  /* export common name string as environmental variable */
444  openvpn_snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth);
445  setenv_str(es, envname, common_name);
446 #endif
447 
448  /* export X509 cert fingerprints */
449  {
450  struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc);
451  struct buffer sha256 = x509_get_sha256_fingerprint(peer_cert, &gc);
452 
453  openvpn_snprintf(envname, sizeof(envname), "tls_digest_%d", cert_depth);
454  setenv_str(es, envname,
455  format_hex_ex(BPTR(&sha1), BLEN(&sha1), 0, 1, ":", &gc));
456 
457  openvpn_snprintf(envname, sizeof(envname), "tls_digest_sha256_%d",
458  cert_depth);
459  setenv_str(es, envname,
460  format_hex_ex(BPTR(&sha256), BLEN(&sha256), 0, 1, ":", &gc));
461  }
462 
463  /* export serial number as environmental variable */
464  serial = backend_x509_get_serial(peer_cert, &gc);
465  openvpn_snprintf(envname, sizeof(envname), "tls_serial_%d", cert_depth);
466  setenv_str(es, envname, serial);
467 
468  /* export serial number in hex as environmental variable */
469  serial = backend_x509_get_serial_hex(peer_cert, &gc);
470  openvpn_snprintf(envname, sizeof(envname), "tls_serial_hex_%d", cert_depth);
471  setenv_str(es, envname, serial);
472 
473  gc_free(&gc);
474 }
475 
476 /*
477  * call --tls-verify plug-in(s)
478  */
479 static result_t
480 verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es,
481  int cert_depth, openvpn_x509_cert_t *cert, char *subject)
482 {
484  {
485  int ret;
486  struct argv argv = argv_new();
487 
488  argv_printf(&argv, "%d %s", cert_depth, subject);
489 
490  ret = plugin_call_ssl(plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert);
491 
492  argv_free(&argv);
493 
494  if (ret == OPENVPN_PLUGIN_FUNC_SUCCESS)
495  {
496  msg(D_HANDSHAKE, "VERIFY PLUGIN OK: depth=%d, %s",
497  cert_depth, subject);
498  }
499  else
500  {
501  msg(D_HANDSHAKE, "VERIFY PLUGIN ERROR: depth=%d, %s",
502  cert_depth, subject);
503  return FAILURE; /* Reject connection */
504  }
505  }
506  return SUCCESS;
507 }
508 
509 static const char *
510 verify_cert_export_cert(openvpn_x509_cert_t *peercert, const char *tmp_dir, struct gc_arena *gc)
511 {
512  FILE *peercert_file;
513  const char *peercert_filename = "";
514 
515  /* create tmp file to store peer cert */
516  if (!tmp_dir
517  || !(peercert_filename = platform_create_temp_file(tmp_dir, "pcf", gc)))
518  {
519  msg(M_NONFATAL, "Failed to create peer cert file");
520  return NULL;
521  }
522 
523  /* write peer-cert in tmp-file */
524  peercert_file = fopen(peercert_filename, "w+");
525  if (!peercert_file)
526  {
527  msg(M_NONFATAL|M_ERRNO, "Failed to open temporary file: %s",
528  peercert_filename);
529  return NULL;
530  }
531 
532  if (SUCCESS != x509_write_pem(peercert_file, peercert))
533  {
534  msg(M_NONFATAL, "Error writing PEM file containing certificate");
535  (void) platform_unlink(peercert_filename);
536  peercert_filename = NULL;
537  }
538 
539  fclose(peercert_file);
540  return peercert_filename;
541 }
542 
543 
544 /*
545  * run --tls-verify script
546  */
547 static result_t
548 verify_cert_call_command(const char *verify_command, struct env_set *es,
549  int cert_depth, openvpn_x509_cert_t *cert, char *subject, const char *verify_export_cert)
550 {
551  const char *tmp_file = NULL;
552  int ret;
553  struct gc_arena gc = gc_new();
554  struct argv argv = argv_new();
555 
556  setenv_str(es, "script_type", "tls-verify");
557 
558  if (verify_export_cert)
559  {
560  tmp_file = verify_cert_export_cert(cert, verify_export_cert, &gc);
561  if (!tmp_file)
562  {
563  ret = false;
564  goto cleanup;
565  }
566  setenv_str(es, "peer_cert", tmp_file);
567  }
568 
569  argv_parse_cmd(&argv, verify_command);
570  argv_printf_cat(&argv, "%d %s", cert_depth, subject);
571 
572  argv_msg_prefix(D_TLS_DEBUG, &argv, "TLS: executing verify command");
573  ret = openvpn_run_script(&argv, es, 0, "--tls-verify script");
574 
575  if (verify_export_cert)
576  {
577  if (tmp_file)
578  {
579  platform_unlink(tmp_file);
580  }
581  }
582 
583 cleanup:
584  gc_free(&gc);
585  argv_free(&argv);
586 
587  if (ret)
588  {
589  msg(D_HANDSHAKE, "VERIFY SCRIPT OK: depth=%d, %s",
590  cert_depth, subject);
591  return SUCCESS;
592  }
593 
594  msg(D_HANDSHAKE, "VERIFY SCRIPT ERROR: depth=%d, %s",
595  cert_depth, subject);
596  return FAILURE; /* Reject connection */
597 }
598 
599 /*
600  * check peer cert against CRL directory
601  */
602 static result_t
603 verify_check_crl_dir(const char *crl_dir, openvpn_x509_cert_t *cert,
604  const char *subject, int cert_depth)
605 {
606  result_t ret = FAILURE;
607  char fn[256];
608  int fd = -1;
609  struct gc_arena gc = gc_new();
610 
611  char *serial = backend_x509_get_serial(cert, &gc);
612  if (!serial)
613  {
614  msg(D_HANDSHAKE, "VERIFY CRL: depth=%d, %s, serial number is not available",
615  cert_depth, subject);
616  goto cleanup;
617  }
618 
619  if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, serial))
620  {
621  msg(D_HANDSHAKE, "VERIFY CRL: filename overflow");
622  goto cleanup;
623  }
624  fd = platform_open(fn, O_RDONLY, 0);
625  if (fd >= 0)
626  {
627  msg(D_HANDSHAKE, "VERIFY CRL: depth=%d, %s, serial=%s is revoked",
628  cert_depth, subject, serial);
629  goto cleanup;
630  }
631 
632  ret = SUCCESS;
633 
634 cleanup:
635 
636  if (fd != -1)
637  {
638  close(fd);
639  }
640  gc_free(&gc);
641  return ret;
642 }
643 
644 result_t
645 verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth)
646 {
647  result_t ret = FAILURE;
648  char *subject = NULL;
649  const struct tls_options *opt;
650  struct gc_arena gc = gc_new();
651 
652  opt = session->opt;
653  ASSERT(opt);
654 
655  session->verified = false;
656 
657  /* get the X509 name */
658  subject = x509_get_subject(cert, &gc);
659  if (!subject)
660  {
661  msg(D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 "
662  "subject string from certificate", cert_depth);
663  goto cleanup;
664  }
665 
666  /* enforce character class restrictions in X509 name */
667  string_mod_remap_name(subject);
668  string_replace_leading(subject, '-', '_');
669 
670  /* extract the username (default is CN) */
671  struct buffer buf = alloc_buf_gc(256, &gc);
672  for (int i = 0; opt->x509_username_field[i] != NULL; i++)
673  {
674  char username[TLS_USERNAME_LEN+1] = {0}; /* null-terminated */
675 
676  if (SUCCESS != backend_x509_get_username(username, sizeof(username),
677  opt->x509_username_field[i], cert))
678  {
679  if (!cert_depth)
680  {
681  msg(D_TLS_ERRORS, "VERIFY ERROR: could not extract %s from X509 "
682  "subject string ('%s') -- note that the field length is "
683  "limited to %d characters",
684  opt->x509_username_field[i],
685  subject,
687  goto cleanup;
688  }
689  break;
690  }
691  if (!buf_printf(&buf, i ? "_%s" : "%s", username))
692  {
693  if (!cert_depth)
694  {
695  msg(D_TLS_ERRORS, "VERIFY ERROR: could not append %s from X509 "
696  "certificate -- note that the username length is "
697  "limited to %d characters",
698  opt->x509_username_field[i],
699  buf.capacity - 1);
700  goto cleanup;
701  }
702  break;
703  }
704  }
705 
706  char *common_name = BSTR(&buf);
707  if (!common_name)
708  {
709  msg(D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 "
710  "username string from certificate", cert_depth);
711  goto cleanup;
712  }
713 
714  /* enforce character class restrictions in common name */
715  string_mod_remap_name(common_name);
716 
717  /* warn if cert chain is too deep */
718  if (cert_depth >= MAX_CERT_DEPTH)
719  {
720  msg(D_TLS_ERRORS, "TLS Error: Convoluted certificate chain detected with depth [%d] greater than %d", cert_depth, MAX_CERT_DEPTH);
721  goto cleanup; /* Reject connection */
722  }
723 
724  if (cert_depth == opt->verify_hash_depth && opt->verify_hash)
725  {
726  struct buffer cert_fp = {0};
727 
728  switch (opt->verify_hash_algo)
729  {
730  case MD_SHA1:
731  cert_fp = x509_get_sha1_fingerprint(cert, &gc);
732  break;
733 
734  case MD_SHA256:
735  cert_fp = x509_get_sha256_fingerprint(cert, &gc);
736  break;
737 
738  default:
739  /* This should normally not happen at all; the algorithm used
740  * is parsed by add_option() [options.c] and set to a predefined
741  * value in an enumerated type. So if this unlikely scenario
742  * happens, consider this a failure
743  */
744  msg(M_WARN, "Unexpected invalid algorithm used with "
745  "--verify-hash (%i)", opt->verify_hash_algo);
746  ret = FAILURE;
747  goto cleanup;
748  }
749 
750  struct verify_hash_list *current_hash = opt->verify_hash;
751 
752  while (current_hash)
753  {
754  if (memcmp_constant_time(BPTR(&cert_fp), current_hash->hash,
755  BLEN(&cert_fp)) == 0)
756  {
757  break;
758  }
759  current_hash = current_hash->next;
760  }
761 
762  if (!current_hash)
763  {
764  const char *hex_fp = format_hex_ex(BPTR(&cert_fp), BLEN(&cert_fp),
765  0, 1, ":", &gc);
766  msg(D_TLS_ERRORS, "TLS Error: --tls-verify/--peer-fingerprint"
767  "certificate hash verification failed. (got "
768  "fingerprint: %s", hex_fp);
769  goto cleanup;
770  }
771  }
772 
773  /* save common name in session object */
774  if (cert_depth == 0)
775  {
776  set_common_name(session, common_name);
777  }
778 
779  session->verify_maxlevel = max_int(session->verify_maxlevel, cert_depth);
780 
781  /* export certificate values to the environment */
782  verify_cert_set_env(opt->es, cert, cert_depth, subject, common_name,
783  opt->x509_track);
784 
785  /* export current untrusted IP */
786  setenv_untrusted(session);
787 
788  /* If this is the peer's own certificate, verify it */
789  if (cert_depth == 0 && SUCCESS != verify_peer_cert(opt, cert, subject, common_name))
790  {
791  goto cleanup;
792  }
793 
794  /* call --tls-verify plug-in(s), if registered */
795  if (SUCCESS != verify_cert_call_plugin(opt->plugins, opt->es, cert_depth, cert, subject))
796  {
797  goto cleanup;
798  }
799 
800  /* run --tls-verify script */
802  opt->es, cert_depth, cert, subject, opt->verify_export_cert))
803  {
804  goto cleanup;
805  }
806 
807  /* check peer cert against CRL */
808  if (opt->crl_file)
809  {
810  if (opt->ssl_flags & SSLF_CRL_VERIFY_DIR)
811  {
812  if (SUCCESS != verify_check_crl_dir(opt->crl_file, cert, subject, cert_depth))
813  {
814  goto cleanup;
815  }
816  }
817  else
818  {
819  if (tls_verify_crl_missing(opt))
820  {
821  msg(D_TLS_ERRORS, "VERIFY ERROR: CRL not loaded");
822  goto cleanup;
823  }
824  }
825  }
826 
827  msg(D_HANDSHAKE, "VERIFY OK: depth=%d, %s", cert_depth, subject);
828  session->verified = true;
829  ret = SUCCESS;
830 
831 cleanup:
832 
833  if (ret != SUCCESS)
834  {
835  tls_clear_error(); /* always? */
836  session->verified = false; /* double sure? */
837  }
838  gc_free(&gc);
839 
840  return ret;
841 }
842 
843 /* ***************************************************************************
844 * Functions for the management of deferred authentication when using
845 * user/password authentication.
846 *************************************************************************** */
847 
848 /* key_state_test_auth_control_file return values,
849  * NOTE: acf_merge indexing depends on these values */
850 #define ACF_UNDEFINED 0
851 #define ACF_SUCCEEDED 1
852 #define ACF_DISABLED 2
853 #define ACF_FAILED 3
854 
855 void
856 auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
857 {
858  free(multi->client_reason);
859  multi->client_reason = NULL;
860 
861  if (client_reason && strlen(client_reason))
862  {
863  multi->client_reason = string_alloc(client_reason, NULL);
864  }
865 }
866 
867 #ifdef ENABLE_MANAGEMENT
868 
869 static inline unsigned int
870 man_def_auth_test(const struct key_state *ks)
871 {
873  {
874  return ks->mda_status;
875  }
876  else
877  {
878  return ACF_DISABLED;
879  }
880 }
881 #endif /* ifdef ENABLE_MANAGEMENT */
882 
887 static void
889 {
890  if (ads && ads->auth_pending_file)
891  {
893  free(ads->auth_pending_file);
894  ads->auth_pending_file = NULL;
895  }
896 }
897 
901 static bool
902 check_auth_pending_method(const char *peer_info, const char *method)
903 {
904  struct gc_arena gc = gc_new();
905 
906  char *iv_sso = extract_var_peer_info(peer_info, "IV_SSO=", &gc);
907  if (!iv_sso)
908  {
909  gc_free(&gc);
910  return false;
911  }
912 
913  const char *client_method = strtok(iv_sso, ",");
914  bool supported = false;
915 
916  while (client_method)
917  {
918  if (0 == strcmp(client_method, method))
919  {
920  supported = true;
921  break;
922  }
923  client_method = strtok(NULL, ":");
924  }
925 
926  gc_free(&gc);
927  return supported;
928 }
929 
938 static bool
940  struct tls_multi *multi)
941 {
942  bool ret = true;
943  if (ads->auth_pending_file)
944  {
945  struct buffer_list *lines = buffer_list_file(ads->auth_pending_file,
946  1024);
947  if (lines && lines->head)
948  {
949  /* Must have at least three lines. further lines are ignored for
950  * forward compatibility */
951  if (!lines->head || !lines->head->next || !lines->head->next->next)
952  {
953  msg(M_WARN, "auth pending control file is not at least "
954  "three lines long.");
955  buffer_list_free(lines);
956  return false;
957  }
958  struct buffer *timeout_buf = &lines->head->buf;
959  struct buffer *iv_buf = &lines->head->next->buf;
960  struct buffer *extra_buf = &lines->head->next->next->buf;
961 
962  /* Remove newline chars at the end of the lines */
963  buf_chomp(timeout_buf);
964  buf_chomp(iv_buf);
965  buf_chomp(extra_buf);
966 
967  long timeout = strtol(BSTR(timeout_buf), NULL, 10);
968  if (timeout == 0)
969  {
970  msg(M_WARN, "could not parse auth pending file timeout");
971  buffer_list_free(lines);
972  return false;
973  }
974 
975  const char* pending_method = BSTR(iv_buf);
976  if (!check_auth_pending_method(multi->peer_info, pending_method))
977  {
978  char buf[128];
979  openvpn_snprintf(buf, sizeof(buf),
980  "Authentication failed, required pending auth "
981  "method '%s' not supported", pending_method);
982  auth_set_client_reason(multi, buf);
983  msg(M_INFO, "Client does not supported auth pending method "
984  "'%s'", pending_method);
985  ret = false;
986  }
987  else
988  {
989  send_auth_pending_messages(multi, BSTR(extra_buf), timeout);
990  }
991  }
992 
993  buffer_list_free(lines);
994  }
996  return ret;
997 }
998 
999 
1004 void
1006 {
1007  if (ads->auth_control_file)
1008  {
1010  free(ads->auth_control_file);
1011  ads->auth_control_file = NULL;
1012  }
1014 }
1015 
1022 static bool
1024  const struct tls_options *opt)
1025 {
1026  struct gc_arena gc = gc_new();
1027 
1029  const char *acf = platform_create_temp_file(opt->tmp_dir, "acf", &gc);
1030  const char *apf = platform_create_temp_file(opt->tmp_dir, "apf", &gc);
1031 
1032  if (acf && apf)
1033  {
1034  ads->auth_control_file = string_alloc(acf, NULL);
1035  ads->auth_pending_file = string_alloc(apf, NULL);
1036  setenv_str(opt->es, "auth_control_file", ads->auth_control_file);
1037  setenv_str(opt->es, "auth_pending_file", ads->auth_pending_file);
1038  }
1039 
1040  gc_free(&gc);
1041  return (acf && apf);
1042 }
1043 
1044 static unsigned int
1046 {
1047  if (ads->auth_control_file)
1048  {
1049  unsigned int ret = ads->auth_control_status;
1050  if (ret == ACF_UNDEFINED)
1051  {
1052  FILE *fp = fopen(ads->auth_control_file, "r");
1053  if (fp)
1054  {
1055  const int c = fgetc(fp);
1056  if (c == '1')
1057  {
1058  ret = ACF_SUCCEEDED;
1059  }
1060  else if (c == '0')
1061  {
1062  ret = ACF_FAILED;
1063  }
1064  fclose(fp);
1065  ads->auth_control_status = ret;
1066  }
1067  }
1068  return ret;
1069  }
1070  return ACF_DISABLED;
1071 }
1072 
1073 enum tls_auth_status
1074 tls_authentication_status(struct tls_multi *multi, const int latency)
1075 {
1076  bool deferred = false;
1077 
1078  /* at least one valid key has successfully completed authentication */
1079  bool success = false;
1080 
1081  /* at least one key is enabled for decryption */
1082  int active = 0;
1083 
1084  /* at least one key already failed authentication */
1085  bool failed_auth = false;
1086 
1087  if (latency && multi->tas_last + latency >= now)
1088  {
1090  }
1091  multi->tas_last = now;
1092 
1093  for (int i = 0; i < KEY_SCAN_SIZE; ++i)
1094  {
1095  struct key_state *ks = get_key_scan(multi, i);
1096  if (TLS_AUTHENTICATED(multi, ks))
1097  {
1098  active++;
1099  if (ks->authenticated == KS_AUTH_FALSE)
1100  {
1101  failed_auth = true;
1102  }
1103  else
1104  {
1105  unsigned int auth_plugin = ACF_DISABLED;
1106  unsigned int auth_script = ACF_DISABLED;
1107  unsigned int auth_man = ACF_DISABLED;
1108  auth_plugin = key_state_test_auth_control_file(&ks->plugin_auth);
1109  auth_script = key_state_test_auth_control_file(&ks->script_auth);
1110 #ifdef ENABLE_MANAGEMENT
1111  auth_man = man_def_auth_test(ks);
1112 #endif
1113  ASSERT(auth_plugin < 4 && auth_script < 4 && auth_man < 4);
1114 
1115  if (auth_plugin == ACF_FAILED || auth_script == ACF_FAILED
1116  || auth_man == ACF_FAILED)
1117  {
1119  failed_auth = true;
1120  }
1121  else if (auth_plugin == ACF_UNDEFINED
1122  || auth_script == ACF_UNDEFINED
1123  || auth_man == ACF_UNDEFINED)
1124  {
1125  if (now < ks->auth_deferred_expire)
1126  {
1127  deferred = true;
1128  }
1129  }
1130  else
1131  {
1132  /* all auth states (auth_plugin, auth_script, auth_man)
1133  * are either ACF_DISABLED or ACF_SUCCEDED now, which
1134  * translates to "not checked" or "auth succeeded"
1135  */
1136  success = true;
1138  }
1139  }
1140  }
1141  }
1142 
1143 #if 0
1144  dmsg(D_TLS_ERRORS, "TAS: a=%d s=%d d=%d f=%d", active, success, deferred, failed_auth);
1145 #endif
1146  if (failed_auth)
1147  {
1148  /* We have at least one session that failed authentication. There
1149  * might be still another session with valid keys.
1150  * Although our protocol allows keeping the VPN session alive
1151  * with the other session (and we actually did that in earlier
1152  * version, this behaviour is really strange from a user (admin)
1153  * experience */
1155  }
1156  else if (success)
1157  {
1159  }
1160  else if (active == 0 || deferred)
1161  {
1162  /* We have a deferred authentication and no currently active key
1163  * (first auth, no renegotiation) */
1165  }
1166  else
1167  {
1168  /* at least one key is active but none is fully authenticated (!success)
1169  * and all active are either failed authed or expired deferred auth */
1171  }
1172 }
1173 
1174 #ifdef ENABLE_MANAGEMENT
1175 /*
1176  * For deferred auth, this is where the management interface calls (on server)
1177  * to indicate auth failure/success.
1178  */
1179 bool
1180 tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason)
1181 {
1182  bool ret = false;
1183  if (multi)
1184  {
1185  int i;
1186  auth_set_client_reason(multi, client_reason);
1187  for (i = 0; i < KEY_SCAN_SIZE; ++i)
1188  {
1189  struct key_state *ks = get_key_scan(multi, i);
1190  if (ks->mda_key_id == mda_key_id)
1191  {
1192  ks->mda_status = auth ? ACF_SUCCEEDED : ACF_FAILED;
1193  ret = true;
1194  }
1195  }
1196  }
1197  return ret;
1198 }
1199 #endif /* ifdef ENABLE_MANAGEMENT */
1200 
1201 
1202 /* ****************************************************************************
1203  * Functions to verify username and password
1204  *
1205  * Authenticate a client using username/password.
1206  * Runs on server.
1207  *
1208  * If you want to add new authentication methods,
1209  * this is the place to start.
1210  *************************************************************************** */
1211 
1212 /*
1213  * Verify the user name and password using a script
1214  */
1215 static int
1217  const struct user_pass *up)
1218 {
1219  struct gc_arena gc = gc_new();
1220  struct argv argv = argv_new();
1221  const char *tmp_file = "";
1222  int retval = OPENVPN_PLUGIN_FUNC_ERROR;
1223  struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */
1224 
1225  /* Set environmental variables prior to calling script */
1226  setenv_str(session->opt->es, "script_type", "user-pass-verify");
1227 
1228  /* format command line */
1230 
1232  {
1233  struct status_output *so;
1234 
1235  tmp_file = platform_create_temp_file(session->opt->tmp_dir, "up",
1236  &gc);
1237  if (tmp_file)
1238  {
1239  so = status_open(tmp_file, 0, -1, NULL, STATUS_OUTPUT_WRITE);
1240  status_printf(so, "%s", up->username);
1241  status_printf(so, "%s", up->password);
1242  if (!status_close(so))
1243  {
1244  msg(D_TLS_ERRORS, "TLS Auth Error: could not write username/password to file: %s",
1245  tmp_file);
1246  goto done;
1247  }
1248  /* pass temp file name to script */
1249  argv_printf_cat(&argv, "%s", tmp_file);
1250  }
1251  }
1252  else
1253  {
1254  setenv_str(session->opt->es, "username", up->username);
1255  setenv_str(session->opt->es, "password", up->password);
1256  }
1257 
1258  /* generate filename for deferred auth control file */
1259  if (!key_state_gen_auth_control_files(&ks->script_auth, session->opt))
1260  {
1261  msg(D_TLS_ERRORS, "TLS Auth Error (%s): "
1262  "could not create deferred auth control file", __func__);
1264  }
1265 
1266  /* call command */
1267  int script_ret = openvpn_run_script(&argv, session->opt->es, S_EXITCODE,
1268  "--auth-user-pass-verify");
1269  switch (script_ret)
1270  {
1271  case 0:
1272  retval = OPENVPN_PLUGIN_FUNC_SUCCESS;
1273  break;
1274  case 2:
1276  break;
1277  default:
1278  retval = OPENVPN_PLUGIN_FUNC_ERROR;
1279  break;
1280  }
1281  if (retval == OPENVPN_PLUGIN_FUNC_DEFERRED)
1282  {
1283  /* Check if we the plugin has written the pending auth control
1284  * file and send the pending auth to the client */
1286  multi))
1287  {
1288  retval = OPENVPN_PLUGIN_FUNC_ERROR;
1290  }
1291 
1292  }
1293  else
1294  {
1295  /* purge auth control filename (and file itself) for non-deferred returns */
1297  }
1299  {
1300  setenv_del(session->opt->es, "password");
1301  }
1302 
1303 done:
1304  if (tmp_file && strlen(tmp_file) > 0)
1305  {
1306  platform_unlink(tmp_file);
1307  }
1308 
1309  argv_free(&argv);
1310  gc_free(&gc);
1311  return retval;
1312 }
1313 
1314 /*
1315  * Verify the username and password using a plugin
1316  */
1317 static int
1319  const struct user_pass *up)
1320 {
1321  int retval = OPENVPN_PLUGIN_FUNC_ERROR;
1322  struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */
1323 
1324  /* set password in private env space */
1325  setenv_str(session->opt->es, "password", up->password);
1326 
1327  /* generate filename for deferred auth control file */
1328  if (!key_state_gen_auth_control_files(&ks->plugin_auth, session->opt))
1329  {
1330  msg(D_TLS_ERRORS, "TLS Auth Error (%s): "
1331  "could not create deferred auth control file", __func__);
1332  return retval;
1333  }
1334 
1335  /* call command */
1336  retval = plugin_call(session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, NULL, NULL, session->opt->es);
1337 
1338  if (retval == OPENVPN_PLUGIN_FUNC_DEFERRED)
1339  {
1340  /* Check if the plugin has written the pending auth control
1341  * file and send the pending auth to the client */
1343  {
1344  retval = OPENVPN_PLUGIN_FUNC_ERROR;
1346  }
1347  }
1348  else
1349  {
1350  /* purge auth control filename (and file itself) for non-deferred returns */
1352  }
1353 
1354  setenv_del(session->opt->es, "password");
1355 
1356  return retval;
1357 }
1358 
1359 
1360 #ifdef ENABLE_MANAGEMENT
1361 /*
1362  * management deferred internal ssl_verify.c status codes
1363  */
1364 #define KMDA_ERROR 0
1365 #define KMDA_SUCCESS 1
1366 #define KMDA_UNDEF 2
1367 #define KMDA_DEF 3
1368 
1369 static int
1371  struct tls_multi *multi,
1372  const struct user_pass *up)
1373 {
1374  int retval = KMDA_ERROR;
1375  struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */
1376 
1377  /* set username/password in private env space */
1378  setenv_str(session->opt->es, "password", up->password);
1379 
1380  if (management)
1381  {
1383  }
1384 
1385  setenv_del(session->opt->es, "password");
1386 
1387  retval = KMDA_SUCCESS;
1388 
1389  return retval;
1390 }
1391 #endif /* ifdef ENABLE_MANAGEMENT */
1392 
1393 static bool
1395  struct tls_session *session)
1396 {
1397  /* Is username defined? */
1398  if ((session->opt->ssl_flags & SSLF_AUTH_USER_PASS_OPTIONAL) || strlen(up->username))
1399  {
1400  setenv_str(session->opt->es, "username", up->username);
1401 
1402  /* setenv incoming cert common name for script */
1403  setenv_str(session->opt->es, "common_name", session->common_name);
1404 
1405  /* setenv client real IP address */
1406  setenv_untrusted(session);
1407 
1408  /*
1409  * if we are using auth-gen-token, send also the session id of auth gen token to
1410  * allow the management to figure out if it is a new session or a continued one
1411  */
1412  add_session_token_env(session, multi, up);
1413  return true;
1414  }
1415  else
1416  {
1417  msg(D_TLS_ERRORS, "TLS Auth Error: peer provided a blank username");
1418  return false;
1419  }
1420 }
1421 
1428 void
1429 verify_user_pass(struct user_pass *up, struct tls_multi *multi,
1430  struct tls_session *session)
1431 {
1432  struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */
1433 
1434 #ifdef ENABLE_MANAGEMENT
1435  int man_def_auth = KMDA_UNDEF;
1436 
1438  {
1439  man_def_auth = KMDA_DEF;
1440  }
1441 #endif
1442 
1443  /* enforce character class restrictions in username/password */
1445  string_mod(up->password, CC_PRINT, CC_CRLF, '_');
1446 
1447  /*
1448  * If auth token succeeds we skip the auth
1449  * methods unless otherwise specified
1450  */
1451  bool skip_auth = false;
1452 
1453  /*
1454  * If server is configured with --auth-gen-token and the client sends
1455  * something that looks like an authentication token, this
1456  * round will be done internally using the token instead of
1457  * calling any external authentication modules.
1458  */
1459  if (session->opt->auth_token_generate && is_auth_token(up->password))
1460  {
1461  multi->auth_token_state_flags = verify_auth_token(up, multi, session);
1462  if (session->opt->auth_token_call_auth)
1463  {
1464  /*
1465  * we do not care about the result here because it is
1466  * the responsibility of the external authentication to
1467  * decide what to do with the result
1468  */
1469  }
1470  else if (multi->auth_token_state_flags == AUTH_TOKEN_HMAC_OK)
1471  {
1472  /*
1473  * We do not want the EXPIRED or EMPTY USER flags here so check
1474  * for equality with AUTH_TOKEN_HMAC_OK
1475  */
1476  msg(M_WARN, "TLS: Username/auth-token authentication "
1477  "succeeded for username '%s'",
1478  up->username);
1479  skip_auth = true;
1480  }
1481  else
1482  {
1483  wipe_auth_token(multi);
1485  msg(M_WARN, "TLS: Username/auth-token authentication "
1486  "failed for username '%s'", up->username);
1487  return;
1488  }
1489  }
1490 
1491  int plugin_status = OPENVPN_PLUGIN_FUNC_SUCCESS;
1492  int script_status = OPENVPN_PLUGIN_FUNC_SUCCESS;
1493  /* Set the environment variables used by all auth variants */
1494  if (!set_verify_user_pass_env(up, multi, session))
1495  {
1496  skip_auth = true;
1497  plugin_status = OPENVPN_PLUGIN_FUNC_ERROR;
1498  }
1499 
1500  /* call plugin(s) and/or script */
1501  if (!skip_auth)
1502  {
1503 #ifdef ENABLE_MANAGEMENT
1504  if (man_def_auth == KMDA_DEF)
1505  {
1506  man_def_auth = verify_user_pass_management(session, multi, up);
1507  }
1508 #endif
1510  {
1511  plugin_status = verify_user_pass_plugin(session, multi, up);
1512  }
1513 
1514  if (session->opt->auth_user_pass_verify_script)
1515  {
1516  script_status = verify_user_pass_script(session, multi, up);
1517  }
1518  }
1519 
1520  /* check sizing of username if it will become our common name */
1521  if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME)
1522  && strlen(up->username)>TLS_USERNAME_LEN)
1523  {
1524  msg(D_TLS_ERRORS,
1525  "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters",
1527  plugin_status = OPENVPN_PLUGIN_FUNC_ERROR;
1528  script_status = OPENVPN_PLUGIN_FUNC_ERROR;
1529  }
1530  /* auth succeeded? */
1531  bool plugin_ok = plugin_status == OPENVPN_PLUGIN_FUNC_SUCCESS
1532  || plugin_status == OPENVPN_PLUGIN_FUNC_DEFERRED;
1533 
1534  bool script_ok = script_status == OPENVPN_PLUGIN_FUNC_SUCCESS
1535  || script_status == OPENVPN_PLUGIN_FUNC_DEFERRED;
1536 
1537  if (script_ok && plugin_ok && tls_lock_username(multi, up->username)
1538 #ifdef ENABLE_MANAGEMENT
1539  && man_def_auth != KMDA_ERROR
1540 #endif
1541  )
1542  {
1544  if (plugin_status == OPENVPN_PLUGIN_FUNC_DEFERRED
1545  || script_status == OPENVPN_PLUGIN_FUNC_DEFERRED)
1546  {
1548  }
1549 #ifdef ENABLE_MANAGEMENT
1550  if (man_def_auth != KMDA_UNDEF)
1551  {
1553  }
1554 #endif
1555  if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME))
1556  {
1557  set_common_name(session, up->username);
1558  }
1559 
1560  if ((session->opt->auth_token_generate))
1561  {
1562  /*
1563  * If we accepted a (not expired) token, i.e.
1564  * initial auth via token on new connection, we need
1565  * to store the auth-token in multi->auth_token, so
1566  * the initial timestamp and session id can be extracted from it
1567  */
1568  if (!multi->auth_token
1571  {
1572  multi->auth_token = strdup(up->password);
1573  }
1574 
1575  /*
1576  * Server is configured with --auth-gen-token. Generate or renew
1577  * the token.
1578  */
1579  generate_auth_token(up, multi);
1580  }
1581  /*
1582  * Auth token already sent to client, update auth-token on client.
1583  * The initial auth-token is sent as part of the push message, for this
1584  * update we need to schedule an extra push message.
1585  *
1586  * Otherwise the auth-token get pushed out as part of the "normal"
1587  * push-reply
1588  */
1589  if (multi->auth_token_initial)
1590  {
1591  /*
1592  * We do not explicitly schedule the sending of the
1593  * control message here but control message are only
1594  * postponed when the control channel is not yet fully
1595  * established and furthermore since this is called in
1596  * the middle of authentication, there are other messages
1597  * (new data channel keys) that are sent anyway and will
1598  * trigger schedueling
1599  */
1601  }
1602  msg(D_HANDSHAKE, "TLS: Username/Password authentication %s for username '%s' %s",
1603  (ks->authenticated == KS_AUTH_DEFERRED) ? "deferred" : "succeeded",
1604  up->username,
1605  (session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) ? "[CN SET]" : "");
1606  }
1607  else
1608  {
1610  msg(D_TLS_ERRORS, "TLS Auth Error: Auth Username/Password verification failed for peer");
1611  }
1612 }
1613 
1614 void
1616 {
1617  struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */
1618 
1619  /* While it shouldn't really happen, don't allow the common name to be NULL */
1620  if (!session->common_name)
1621  {
1622  set_common_name(session, "");
1623  }
1624 
1625  /* Don't allow the CN to change once it's been locked */
1626  if (ks->authenticated > KS_AUTH_FALSE && multi->locked_cn)
1627  {
1628  const char *cn = session->common_name;
1629  if (cn && strcmp(cn, multi->locked_cn))
1630  {
1631  msg(D_TLS_ERRORS, "TLS Auth Error: TLS object CN attempted to change from '%s' to '%s' -- tunnel disabled",
1632  multi->locked_cn,
1633  cn);
1634 
1635  /* change the common name back to its original value and disable the tunnel */
1636  set_common_name(session, multi->locked_cn);
1637  tls_deauthenticate(multi);
1638  }
1639  }
1640 
1641  /* Don't allow the cert hashes to change once they have been locked */
1642  if (ks->authenticated > KS_AUTH_FALSE && multi->locked_cert_hash_set)
1643  {
1644  const struct cert_hash_set *chs = session->cert_hash_set;
1645  if (chs && !cert_hash_compare(chs, multi->locked_cert_hash_set))
1646  {
1647  msg(D_TLS_ERRORS, "TLS Auth Error: TLS object CN=%s client-provided SSL certs unexpectedly changed during mid-session reauth",
1648  session->common_name);
1649 
1650  /* disable the tunnel */
1651  tls_deauthenticate(multi);
1652  }
1653  }
1654 
1655  /* verify --client-config-dir based authentication */
1657  {
1658  struct gc_arena gc = gc_new();
1659 
1660  const char *cn = session->common_name;
1661  const char *path = platform_gen_path(session->opt->client_config_dir_exclusive,
1662  cn, &gc);
1663  if (!cn || !strcmp(cn, CCD_DEFAULT) || !platform_test_file(path))
1664  {
1666  wipe_auth_token(multi);
1667  msg(D_TLS_ERRORS, "TLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'",
1668  session->common_name,
1669  path ? path : "UNDEF");
1670  }
1671 
1672  gc_free(&gc);
1673  }
1674 }
1675 
1676 void
1678 {
1679  struct env_item *item = es->list;
1680  while (item)
1681  {
1682  struct env_item *next = item->next;
1683  if (item->string
1684  && 0 == strncmp("X509_", item->string, strlen("X509_")))
1685  {
1686  env_set_del(es, item->string);
1687  }
1688  item = next;
1689  }
1690 }
#define M_NONFATAL
Definition: error.h:95
static bool tls_lock_username(struct tls_multi *multi, const char *username)
Definition: ssl_verify.c:166
bool argv_printf_cat(struct argv *argres, const char *format,...)
printf() inspired argv concatenation.
Definition: argv.c:466
uint8_t hash[SHA256_DIGEST_LENGTH]
Definition: options.h:208
void add_session_token_env(struct tls_session *session, struct tls_multi *multi, const struct user_pass *up)
Put the session id, and auth token status into the environment if auth-token is enabled.
Definition: auth_token.c:52
int auth_token_state_flags
The state of the auth-token sent from the client last time.
Definition: ssl_common.h:603
#define VERIFY_X509_SUBJECT_RDN
Definition: ssl_verify.h:65
#define TM_ACTIVE
Active tls_session.
Definition: ssl_common.h:483
const char * tmp_dir
Definition: ssl_common.h:337
Security parameter state of one TLS and data channel key session.
Definition: ssl_common.h:185
struct key_state key[KS_SIZE]
Definition: ssl_common.h:463
const char * crl_file
Definition: ssl_common.h:300
#define SSLF_CRL_VERIFY_DIR
Definition: ssl_common.h:367
static void verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert_depth, const char *subject, const char *common_name, const struct x509_track *x509_track)
Definition: ssl_verify.c:420
#define ALLOC_OBJ(dptr, type)
Definition: buffer.h:1045
void generate_auth_token(const struct user_pass *up, struct tls_multi *multi)
Generate an auth token based on username and timestamp.
Definition: auth_token.c:174
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:685
struct buffer_list * buffer_list_file(const char *fn, int max_line_len)
Definition: buffer.c:1375
#define D_TLS_DEBUG
Definition: errlevel.h:163
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition: argv.c:90
#define STATUS_OUTPUT_WRITE
Definition: status.h:51
#define SSLF_USERNAME_AS_COMMON_NAME
Definition: ssl_common.h:364
#define VERIFY_X509_SUBJECT_DN
Definition: ssl_verify.h:64
#define M_INFO
Definition: errlevel.h:55
unsigned int auth_control_status
Definition: ssl_common.h:164
struct buffer_entry * head
Definition: buffer.h:1112
#define AUTH_TOKEN_EXPIRED
Auth-token sent from client has expired.
Definition: ssl_common.h:593
enum ks_auth_state authenticated
Definition: ssl_common.h:227
struct tls_options * opt
Definition: ssl_common.h:428
int verify_maxlevel
Definition: ssl_common.h:448
#define SSLF_AUTH_USER_PASS_OPTIONAL
Definition: ssl_common.h:365
char * peer_info
Definition: ssl_common.h:582
#define SA_IP_PORT
Definition: socket.h:365
char * auth_token_initial
The first auth-token we sent to a client, for clients that do not update their auth-token (older Open...
Definition: ssl_common.h:587
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
bool verified
Definition: ssl_common.h:458
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
Definition: plugin.h:202
const char * auth_user_pass_verify_script
Definition: ssl_common.h:335
#define KMDA_SUCCESS
Definition: ssl_verify.c:1365
#define ACF_DISABLED
Definition: ssl_verify.c:852
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:533
#define NS_CERT_CHECK_CLIENT
Do not perform Netscape certificate type verification.
Definition: ssl_verify.h:241
#define D_TLS_ERRORS
Definition: errlevel.h:59
#define CC_PRINT
Definition: buffer.h:915
void send_push_reply_auth_token(struct tls_multi *multi)
Sends a push reply message only containin the auth-token to update the auth-token on the client...
Definition: push.c:645
X509 openvpn_x509_cert_t
const char * client_config_dir_exclusive
Definition: ssl_common.h:349
#define ACF_SUCCEEDED
Definition: ssl_verify.c:851
int verify_x509_type
Definition: ssl_common.h:298
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition: buffer.c:1207
result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const expected_ku, int expected_len)
struct cert_hash_set * cert_hash_set
Definition: ssl_common.h:452
int plugin_call_ssl(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es, int certdepth, openvpn_x509_cert_t *current_cert)
Definition: plugin.c:787
Key state is authenticated.
Definition: ssl_common.h:153
char * x509_username_field[2]
Definition: ssl_common.h:312
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:242
void cert_hash_remember(struct tls_session *session, const int error_depth, const struct buffer *cert_hash)
Definition: ssl_verify.c:214
struct man_def_auth_context * mda_context
Definition: ssl_common.h:376
static const char * verify_cert_export_cert(openvpn_x509_cert_t *peercert, const char *tmp_dir, struct gc_arena *gc)
Definition: ssl_verify.c:510
static void tls_deauthenticate(struct tls_multi *multi)
Definition: ssl_verify.c:73
char * backend_x509_get_serial_hex(openvpn_x509_cert_t *cert, struct gc_arena *gc)
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
#define TLS_AUTHENTICATED(multi, ks)
Check whether the ks key_state has finished the key exchange part of the OpenVPN hand shake...
Definition: ssl_verify.h:113
#define dmsg(flags,...)
Definition: error.h:153
#define MAX_PARMS
Definition: options.h:51
#define TLS_USERNAME_LEN
Maximum length of common name.
Definition: ssl_verify.c:52
bool auth_token_generate
Generate auth-tokens on successful user/pass auth,seet via options->auth_token_generate.
Definition: ssl_common.h:340
static void string_mod_remap_name(char *str)
Definition: ssl_verify.c:55
static int verify_user_pass_management(struct tls_session *session, struct tls_multi *multi, const struct user_pass *up)
Definition: ssl_verify.c:1370
static result_t verify_check_crl_dir(const char *crl_dir, openvpn_x509_cert_t *cert, const char *subject, int cert_depth)
Definition: ssl_verify.c:603
#define ASSERT(x)
Definition: error.h:200
enum tls_auth_status tls_authentication_status(struct tls_multi *multi, const int latency)
Return current session authentication state of the tls_multi structure This will return TLS_AUTHENTIC...
Definition: ssl_verify.c:1074
Structure containing the hash for a single certificate.
Definition: ssl_verify.h:54
#define OPENVPN_PLUGIN_FUNC_SUCCESS
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer...
Definition: ssl_common.h:616
Structure containing the hashes for a full certificate chain.
Definition: ssl_verify.h:59
bool platform_unlink(const char *filename)
Definition: platform.c:354
void status_printf(struct status_output *so, const char *format,...)
Definition: status.c:224
char username[USER_PASS_LEN]
Definition: misc.h:67
result_t verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth)
Definition: ssl_verify.c:645
int capacity
Size in bytes of memory allocated by malloc().
Definition: buffer.h:62
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void setenv_del(struct env_set *es, const char *name)
Definition: env_set.c:330
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition: status.c:63
#define VERIFY_X509_NONE
Definition: ssl_verify.h:63
bool status_close(struct status_output *so)
Definition: status.c:190
#define BPTR(buf)
Definition: buffer.h:124
#define AUTH_TOKEN_HMAC_OK
Auth-token sent from client has valid hmac.
Definition: ssl_common.h:591
static const char * print_nsCertType(int type)
Definition: ssl_verify.c:320
#define KEY_SCAN_SIZE
Definition: ssl_common.h:505
static int verify_user_pass_script(struct tls_session *session, struct tls_multi *multi, const struct user_pass *up)
Definition: ssl_verify.c:1216
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:296
#define OPENVPN_PLUGIN_FUNC_DEFERRED
Key state authentication is being deferred, by async auth.
Definition: ssl_common.h:151
#define PATH_SEPARATOR
Definition: config.h:745
#define KS_SIZE
Size of the tls_session.key array.
Definition: ssl_common.h:405
struct env_item * list
Definition: env_set.h:44
#define ACF_FAILED
Definition: ssl_verify.c:853
bool auth_user_pass_verify_script_via_file
Definition: ssl_common.h:336
int platform_open(const char *path, int flags, int mode)
Definition: platform.c:380
#define OPENVPN_PLUGIN_TLS_VERIFY
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition: socket.c:3030
#define OPENVPN_PLUGIN_FUNC_ERROR
static const char * np(const char *str)
Definition: simple.c:128
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
#define KS_PRIMARY
Primary key state index.
Definition: ssl_common.h:401
struct gc_arena gc
Definition: argv.h:36
Key state is not authenticated.
Definition: ssl_common.h:150
unsigned remote_cert_ku[MAX_PARMS]
Definition: ssl_common.h:303
time_t now
Definition: otime.c:36
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
static int verify_user_pass_plugin(struct tls_session *session, struct tls_multi *multi, const struct user_pass *up)
Definition: ssl_verify.c:1318
void x509_setenv_track(const struct x509_track *xt, struct env_set *es, const int depth, openvpn_x509_cert_t *x509)
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1050
unsigned int mda_key_id
Definition: ssl_common.h:231
#define ENABLE_MANAGEMENT
Definition: config-msvc.h:12
char * locked_cn
Definition: ssl_common.h:566
#define S_EXITCODE
Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise...
Definition: run_command.h:49
bool platform_test_file(const char *filename)
Return true if filename can be opened for read.
Definition: platform.c:526
bool env_set_del(struct env_set *es, const char *str)
Definition: env_set.c:185
void auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
Sets the reason why authentication of a client failed.
Definition: ssl_verify.c:856
int ns_cert_type
Definition: ssl_common.h:302
#define MAX_CERT_DEPTH
Maximum certificate depth we will allow.
Definition: ssl_verify.h:51
result_t x509_verify_cert_eku(openvpn_x509_cert_t *x509, const char *const expected_oid)
hash_algo_type verify_hash_algo
Definition: ssl_common.h:308
void wipe_auth_token(struct tls_multi *multi)
Wipes the authentication token out of the memory, frees and cleans up related buffers and flags...
Definition: auth_token.c:390
#define NS_CERT_CHECK_NONE
Do not perform Netscape certificate type verification.
Definition: ssl_verify.h:237
void argv_msg_prefix(const int msglev, const struct argv *a, const char *prefix)
Similar to argv_msg() but prefixes the messages being written with a given string.
Definition: argv.c:262
unsigned int verify_auth_token(struct user_pass *up, struct tls_multi *multi, struct tls_session *session)
Verifies the auth token to be in the format that generate_auth_token create and checks if the token i...
Definition: auth_token.c:299
unsigned int mda_status
Definition: ssl_common.h:232
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise...
Definition: run_command.h:64
struct cert_hash_set * locked_cert_hash_set
Definition: ssl_common.h:568
struct buffer buf
Definition: buffer.h:1106
const char * verify_x509_name
Definition: ssl_common.h:299
static unsigned int man_def_auth_test(const struct key_state *ks)
Definition: ssl_verify.c:870
char * x509_get_subject(openvpn_x509_cert_t *cert, struct gc_arena *gc)
bool cert_hash_compare(const struct cert_hash_set *chs1, const struct cert_hash_set *chs2)
Compares certificates hashes, returns true if hashes are equal.
Definition: ssl_verify.c:249
struct verify_hash_list * verify_hash
Definition: ssl_common.h:305
static result_t verify_peer_cert(const struct tls_options *opt, openvpn_x509_cert_t *peer_cert, const char *subject, const char *common_name)
Definition: ssl_verify.c:344
static bool key_state_gen_auth_control_files(struct auth_deferred_status *ads, const struct tls_options *opt)
Generates and creates the control files used for deferred authentification in the temporary directory...
Definition: ssl_verify.c:1023
const char * platform_gen_path(const char *directory, const char *filename, struct gc_arena *gc)
Put a directory and filename together.
Definition: platform.c:460
static struct key_state * get_key_scan(struct tls_multi *multi, int index)
gets an item of key_state objects in the order they should be scanned by data channel modules...
Definition: ssl_common.h:626
const struct plugin_list * plugins
Definition: ssl_common.h:354
struct env_item * next
Definition: env_set.h:39
struct link_socket_actual untrusted_addr
Definition: ssl_common.h:461
#define M_ERRNO
Definition: error.h:99
char * string
Definition: env_set.h:38
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition: buffer.c:519
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition: manage.c:2908
struct auth_deferred_status script_auth
Definition: ssl_common.h:237
const char * verify_export_cert
Definition: ssl_common.h:297
char * client_reason
Definition: ssl_common.h:576
#define VERIFY_X509_SUBJECT_RDN_PREFIX
Definition: ssl_verify.h:66
bool auth_token_call_auth
always call normal authentication
Definition: ssl_common.h:343
char * backend_x509_get_serial(openvpn_x509_cert_t *cert, struct gc_arena *gc)
#define TM_SIZE
Size of the tls_multi.session array.
Definition: ssl_common.h:488
static void set_common_name(struct tls_session *session, const char *common_name)
Definition: ssl_verify.c:92
#define KMDA_DEF
Definition: ssl_verify.c:1367
void buf_chomp(struct buffer *buf)
Definition: buffer.c:590
#define CCD_DEFAULT
Definition: common.h:62
static void setenv_untrusted(struct tls_session *session)
Definition: ssl_verify.c:64
#define BLEN(buf)
Definition: buffer.h:127
time_t auth_deferred_expire
Definition: ssl_common.h:228
int verify_hash_depth
Definition: ssl_common.h:306
void key_state_rm_auth_control_files(struct auth_deferred_status *ads)
Removes auth_pending and auth_control files from file system and key_state structure.
Definition: ssl_verify.c:1005
void verify_user_pass(struct user_pass *up, struct tls_multi *multi, struct tls_session *session)
Main username/password verification entry point.
Definition: ssl_verify.c:1429
#define msg(flags,...)
Definition: error.h:149
struct buffer_entry * next
Definition: buffer.h:1107
time_t tas_last
Definition: ssl_common.h:571
#define D_HANDSHAKE
Definition: errlevel.h:72
static int max_int(int x, int y)
Definition: integer.h:69
bool tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason)
Definition: ssl_verify.c:1180
uint32_t hash_func(const uint8_t *k, uint32_t length, uint32_t initval)
Definition: list.c:589
#define KMDA_UNDEF
Definition: ssl_verify.c:1366
static unsigned int key_state_test_auth_control_file(struct auth_deferred_status *ads)
Definition: ssl_verify.c:1045
bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace)
Definition: buffer.c:1077
result_t x509_verify_ns_cert_type(openvpn_x509_cert_t *cert, const int usage)
struct buffer x509_get_sha1_fingerprint(openvpn_x509_cert_t *cert, struct gc_arena *gc)
Retrieve the certificate&#39;s SHA1 fingerprint.
char * auth_token
If server sends a generated auth-token, this is the token to use for future user/pass authentications...
Definition: ssl_common.h:583
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
bool plugin_defined(const struct plugin_list *pl, const int type)
Definition: plugin.c:901
bool tls_verify_crl_missing(const struct tls_options *opt)
Return true iff a CRL is configured, but is not loaded.
void string_replace_leading(char *str, const char match, const char replace)
Definition: buffer.c:1128
const char * verify_command
Definition: ssl_common.h:296
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:425
Definition: misc.h:56
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
static result_t verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert, char *subject)
Definition: ssl_verify.c:480
static bool set_verify_user_pass_env(struct user_pass *up, struct tls_multi *multi, struct tls_session *session)
Definition: ssl_verify.c:1394
static bool management_enable_def_auth(const struct management *man)
Definition: manage.h:472
result_t x509_write_pem(FILE *peercert_file, openvpn_x509_cert_t *peercert)
char * locked_username
Definition: ssl_common.h:567
char * common_name
Definition: ssl_common.h:450
static void key_state_rm_auth_pending_file(struct auth_deferred_status *ads)
Removes auth_pending file from the file system and key_state structure.
Definition: ssl_verify.c:888
const char * tls_common_name(const struct tls_multi *multi, const bool null)
Returns the common name field for the given tunnel.
Definition: ssl_verify.c:128
struct auth_deferred_status plugin_auth
Definition: ssl_common.h:236
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
#define M_WARN
Definition: error.h:96
void tls_clear_error(void)
Clear the underlying SSL library&#39;s error state.
Definition: ssl_openssl.c:102
const char * tls_username(const struct tls_multi *multi, const bool null)
Returns the username field for the given tunnel.
Definition: ssl_verify.c:192
#define free
Definition: cmocka.c:1850
void tls_x509_clear_env(struct env_set *es)
Remove any X509_ env variables from env_set es.
Definition: ssl_verify.c:1677
static bool key_state_check_auth_pending_file(struct auth_deferred_status *ads, struct tls_multi *multi)
Checks if the deferred state should also send auth pending request to the client. ...
Definition: ssl_verify.c:939
tls_auth_status
Definition: ssl_verify.h:68
void argv_parse_cmd(struct argv *argres, const char *cmdstr)
Parses a command string, tokenizes it and puts each element into a separate struct argv argument slot...
Definition: argv.c:485
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
void tls_lock_common_name(struct tls_multi *multi)
Locks the common name field for the given tunnel.
Definition: ssl_verify.c:153
void tls_lock_cert_hash_set(struct tls_multi *multi)
Locks the certificate hash set used in the given tunnel.
Definition: ssl_verify.c:307
const char * platform_create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
Create a temporary file in directory, returns the filename of the created file.
Definition: platform.c:407
void cert_hash_free(struct cert_hash_set *chs)
Frees the given set of certificate hashes.
Definition: ssl_verify.c:235
char * extract_var_peer_info(const char *peer_info, const char *var, struct gc_arena *gc)
Extracts a variable from peer info, the returned string will be allocated using the supplied gc_arena...
Definition: ssl_util.c:34
#define BSTR(buf)
Definition: buffer.h:129
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition: argv.c:104
struct buffer x509_get_sha256_fingerprint(openvpn_x509_cert_t *cert, struct gc_arena *gc)
Retrieve the certificate&#39;s SHA256 fingerprint.
char password[USER_PASS_LEN]
Definition: misc.h:68
static struct cert_hash_set * cert_hash_copy(const struct cert_hash_set *chs)
Definition: ssl_verify.c:286
void verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session)
Perform final authentication checks, including locking of the cn, the allowed certificate hashes...
Definition: ssl_verify.c:1615
Definition: argv.h:35
bool send_auth_pending_messages(struct tls_multi *tls_multi, const char *extra, unsigned int timeout)
Sends the auth pending control messages to a client.
Definition: push.c:365
#define CC_CRLF
Definition: buffer.h:944
#define KMDA_ERROR
Definition: ssl_verify.c:1364
struct verify_hash_list * next
Definition: options.h:209
const struct x509_track * x509_track
Definition: ssl_common.h:379
#define ACF_UNDEFINED
Definition: ssl_verify.c:850
unsigned int ssl_flags
Definition: ssl_common.h:373
static result_t verify_cert_call_command(const char *verify_command, struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert, char *subject, const char *verify_export_cert)
Definition: ssl_verify.c:548
struct env_set * es
Definition: ssl_common.h:352
struct cert_hash * ch[MAX_CERT_DEPTH]
Array of certificate hashes.
Definition: ssl_verify.h:60
static bool check_auth_pending_method(const char *peer_info, const char *method)
Check peer_info if the client supports the requested pending auth method.
Definition: ssl_verify.c:902
void x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert)
result_t
Result of verification function.
const char * remote_cert_eku
Definition: ssl_common.h:304
result_t backend_x509_get_username(char *common_name, int cn_len, char *x509_username_field, openvpn_x509_cert_t *peer_cert)
unsigned char sha256_hash[256/8]
Definition: ssl_verify.h:55
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition: argv.c:442
#define NS_CERT_CHECK_SERVER
Do not perform Netscape certificate type verification.
Definition: ssl_verify.h:239
static bool is_auth_token(const char *password)
Return if the password string has the format of a password.
Definition: auth_token.h:127