diff options
author | Bernhard Schmidt <berni@debian.org> | 2018-03-04 22:22:32 +0100 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2018-03-04 22:22:32 +0100 |
commit | cf55ab99392458e723c7ebcc32c19bbd225b1f4b (patch) | |
tree | b895b41b7629c9a31de5cc15e7aa7805ddac87ce /src/openvpn/misc.c | |
parent | 9683f890944ffb114f5f8214f694e0b339cf5a5a (diff) |
New upstream version 2.4.5
Diffstat (limited to 'src/openvpn/misc.c')
-rw-r--r-- | src/openvpn/misc.c | 224 |
1 files changed, 10 insertions, 214 deletions
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index fbd9938..77bb671 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> * Copyright (C) 2014-2015 David Sommerseth <davids@redhat.com> - * Copyright (C) 2016-2017 David Sommerseth <davids@openvpn.net> + * Copyright (C) 2016-2018 David Sommerseth <davids@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -55,116 +55,6 @@ const char *iproute_path = IPROUTE_PATH; /* GLOBAL */ int script_security = SSEC_BUILT_IN; /* GLOBAL */ /* - * Pass tunnel endpoint and MTU parms to a user-supplied script. - * Used to execute the up/down script/plugins. - */ -void -run_up_down(const char *command, - const struct plugin_list *plugins, - int plugin_type, - const char *arg, -#ifdef _WIN32 - DWORD adapter_index, -#endif - const char *dev_type, - int tun_mtu, - int link_mtu, - const char *ifconfig_local, - const char *ifconfig_remote, - const char *context, - const char *signal_text, - const char *script_type, - struct env_set *es) -{ - struct gc_arena gc = gc_new(); - - if (signal_text) - { - setenv_str(es, "signal", signal_text); - } - setenv_str(es, "script_context", context); - setenv_int(es, "tun_mtu", tun_mtu); - setenv_int(es, "link_mtu", link_mtu); - setenv_str(es, "dev", arg); - if (dev_type) - { - setenv_str(es, "dev_type", dev_type); - } -#ifdef _WIN32 - setenv_int(es, "dev_idx", adapter_index); -#endif - - if (!ifconfig_local) - { - ifconfig_local = ""; - } - if (!ifconfig_remote) - { - ifconfig_remote = ""; - } - if (!context) - { - context = ""; - } - - if (plugin_defined(plugins, plugin_type)) - { - struct argv argv = argv_new(); - ASSERT(arg); - argv_printf(&argv, - "%s %d %d %s %s %s", - arg, - tun_mtu, link_mtu, - ifconfig_local, ifconfig_remote, - context); - - if (plugin_call(plugins, plugin_type, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS) - { - msg(M_FATAL, "ERROR: up/down plugin call failed"); - } - - argv_reset(&argv); - } - - if (command) - { - struct argv argv = argv_new(); - ASSERT(arg); - setenv_str(es, "script_type", script_type); - argv_parse_cmd(&argv, command); - argv_printf_cat(&argv, "%s %d %d %s %s %s", arg, tun_mtu, link_mtu, - ifconfig_local, ifconfig_remote, context); - argv_msg(M_INFO, &argv); - openvpn_run_script(&argv, es, S_FATAL, "--up/--down"); - argv_reset(&argv); - } - - gc_free(&gc); -} - -/* Write our PID to a file */ -void -write_pid(const char *filename) -{ - if (filename) - { - unsigned int pid = 0; - FILE *fp = platform_fopen(filename, "w"); - if (!fp) - { - msg(M_ERR, "Open error on pid file %s", filename); - } - - pid = platform_getpid(); - fprintf(fp, "%u\n", pid); - if (fclose(fp)) - { - msg(M_ERR, "Close error on pid file %s", filename); - } - } -} - -/* * Set standard file descriptors to /dev/null */ void @@ -426,40 +316,6 @@ openvpn_popen(const struct argv *a, const struct env_set *es) /* - * Initialize random number seed. random() is only used - * when "weak" random numbers are acceptable. - * OpenSSL routines are always used when cryptographically - * strong random numbers are required. - */ - -void -init_random_seed(void) -{ - struct timeval tv; - - if (!gettimeofday(&tv, NULL)) - { - const unsigned int seed = (unsigned int) tv.tv_sec ^ tv.tv_usec; - srandom(seed); - } -} - -/* thread-safe strerror */ - -const char * -strerror_ts(int errnum, struct gc_arena *gc) -{ -#ifdef HAVE_STRERROR - struct buffer out = alloc_buf_gc(256, gc); - - buf_printf(&out, "%s", openvpn_strerror(errnum, gc)); - return BSTR(&out); -#else - return "[error string unavailable]"; -#endif -} - -/* * Set environmental variable (int or string). * * On Posix, we use putenv for portability, @@ -484,29 +340,6 @@ construct_name_value(const char *name, const char *value, struct gc_arena *gc) return BSTR(&out); } -bool -deconstruct_name_value(const char *str, const char **name, const char **value, struct gc_arena *gc) -{ - char *cp; - - ASSERT(str); - ASSERT(name && value); - - *name = cp = string_alloc(str, gc); - *value = NULL; - - while ((*cp)) - { - if (*cp == '=' && !*value) - { - *cp = 0; - *value = cp + 1; - } - ++cp; - } - return *name && *value; -} - static bool env_string_equal(const char *s1, const char *s2) { @@ -886,8 +719,6 @@ test_file(const char *filename) return ret; } -#ifdef ENABLE_CRYPTO - /* create a temporary filename in directory */ const char * create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) @@ -900,20 +731,16 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) do { - uint8_t rndbytes[16]; - const char *rndstr; - ++attempts; ++counter; - prng_bytes(rndbytes, sizeof rndbytes); - rndstr = format_hex_ex(rndbytes, sizeof rndbytes, 40, 0, NULL, gc); - buf_printf(&fname, PACKAGE "_%s_%s.tmp", prefix, rndstr); + buf_printf(&fname, PACKAGE "_%s_%08lx%08lx.tmp", prefix, + (unsigned long) get_random(), (unsigned long) get_random()); retfname = gen_path(directory, BSTR(&fname), gc); if (!retfname) { - msg(M_FATAL, "Failed to create temporary filename and path"); + msg(M_WARN, "Failed to create temporary filename and path"); return NULL; } @@ -928,19 +755,19 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) else if (fd == -1 && errno != EEXIST) { /* Something else went wrong, no need to retry. */ - struct gc_arena gcerr = gc_new(); - msg(M_FATAL, "Could not create temporary file '%s': %s", - retfname, strerror_ts(errno, &gcerr)); - gc_free(&gcerr); + msg(M_WARN | M_ERRNO, "Could not create temporary file '%s'", + retfname); return NULL; } } while (attempts < 6); - msg(M_FATAL, "Failed to create temporary file after %i attempts", attempts); + msg(M_WARN, "Failed to create temporary file after %i attempts", attempts); return NULL; } +#ifdef ENABLE_CRYPTO + /* * Prepend a random string to hostname to prevent DNS caching. * For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov. @@ -1632,37 +1459,6 @@ make_extended_arg_array(char **p, struct gc_arena *gc) } } -void -openvpn_sleep(const int n) -{ -#ifdef ENABLE_MANAGEMENT - if (management) - { - management_event_loop_n_seconds(management, n); - return; - } -#endif - sleep(n); -} - -/* - * Return the next largest power of 2 - * or u if u is a power of 2. - */ -size_t -adjust_power_of_2(size_t u) -{ - size_t ret = 1; - - while (ret < u) - { - ret <<= 1; - ASSERT(ret > 0); - } - - return ret; -} - /* * Remove security-sensitive strings from control message * so that they will not be output to log file. |