diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-12-27 18:25:47 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-12-27 18:25:47 +0100 |
commit | 3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (patch) | |
tree | f29063da5bec4caf3853d49a22a09c8619eebd21 /src/openvpn/misc.h | |
parent | d53dba59e78da865c4fe820386ff2f4f76925f3b (diff) |
New upstream version 2.4.0upstream/2.4.0
Diffstat (limited to 'src/openvpn/misc.h')
-rw-r--r-- | src/openvpn/misc.h | 250 |
1 files changed, 135 insertions, 115 deletions
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index b8bbaa7..16be621 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -43,88 +43,97 @@ struct plugin_list; */ struct env_item { - char *string; - struct env_item *next; + char *string; + struct env_item *next; }; struct env_set { - struct gc_arena *gc; - struct env_item *list; + struct gc_arena *gc; + struct env_item *list; }; -void run_up_down (const char *command, - const struct plugin_list *plugins, - int plugin_type, - const char *arg, +void run_up_down(const char *command, + const struct plugin_list *plugins, + int plugin_type, + const char *arg, #ifdef _WIN32 - DWORD adapter_index, + DWORD adapter_index, #endif - const char *dev_type, - int tun_mtu, - int link_mtu, - const char *ifconfig_local, - const char* ifconfig_remote, - const char *context, - const char *signal_text, - const char *script_type, - struct env_set *es); - -void write_pid (const char *filename); + const char *dev_type, + int tun_mtu, + int link_mtu, + const char *ifconfig_local, + const char *ifconfig_remote, + const char *context, + const char *signal_text, + const char *script_type, + struct env_set *es); + +void write_pid(const char *filename); /* system flags */ #define S_SCRIPT (1<<0) #define S_FATAL (1<<1) -const char *system_error_message (int, struct gc_arena *gc); +const char *system_error_message(int, struct gc_arena *gc); /* wrapper around the execve() call */ -int openvpn_popen (const struct argv *a, const struct env_set *es); -int openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned int flags); -bool openvpn_execve_check (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message); -bool openvpn_execve_allowed (const unsigned int flags); +int openvpn_popen(const struct argv *a, const struct env_set *es); + +int openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags); + +bool openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message); + +bool openvpn_execve_allowed(const unsigned int flags); static inline bool -openvpn_run_script (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook) +openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook) { - char msg[256]; + char msg[256]; - openvpn_snprintf(msg, sizeof(msg), "WARNING: Failed running command (%s)", hook); - return openvpn_execve_check(a, es, flags | S_SCRIPT, msg); + openvpn_snprintf(msg, sizeof(msg), "WARNING: Failed running command (%s)", hook); + return openvpn_execve_check(a, es, flags | S_SCRIPT, msg); } #ifdef HAVE_STRERROR /* a thread-safe version of strerror */ -const char* strerror_ts (int errnum, struct gc_arena *gc); +const char *strerror_ts(int errnum, struct gc_arena *gc); + #endif /* Set standard file descriptors to /dev/null */ -void set_std_files_to_null (bool stdin_only); +void set_std_files_to_null(bool stdin_only); /* dup inetd/xinetd socket descriptor and save */ extern int inetd_socket_descriptor; -void save_inetd_socket_descriptor (void); +void save_inetd_socket_descriptor(void); /* init random() function, only used as source for weak random numbers, when !ENABLE_CRYPTO */ void init_random_seed(void); /* set/delete environmental variable */ -void setenv_str_ex (struct env_set *es, - const char *name, - const char *value, - const unsigned int name_include, - const unsigned int name_exclude, - const char name_replace, - const unsigned int value_include, - const unsigned int value_exclude, - const char value_replace); - -void setenv_counter (struct env_set *es, const char *name, counter_type value); -void setenv_int (struct env_set *es, const char *name, int value); -void setenv_unsigned (struct env_set *es, const char *name, unsigned int value); -void setenv_str (struct env_set *es, const char *name, const char *value); -void setenv_str_safe (struct env_set *es, const char *name, const char *value); -void setenv_del (struct env_set *es, const char *name); +void setenv_str_ex(struct env_set *es, + const char *name, + const char *value, + const unsigned int name_include, + const unsigned int name_exclude, + const char name_replace, + const unsigned int value_include, + const unsigned int value_exclude, + const char value_replace); + +void setenv_counter(struct env_set *es, const char *name, counter_type value); + +void setenv_int(struct env_set *es, const char *name, int value); + +void setenv_unsigned(struct env_set *es, const char *name, unsigned int value); + +void setenv_str(struct env_set *es, const char *name, const char *value); + +void setenv_str_safe(struct env_set *es, const char *name, const char *value); + +void setenv_del(struct env_set *es, const char *name); /** * Store the supplied name value pair in the env_set. If the variable with the @@ -132,51 +141,59 @@ void setenv_del (struct env_set *es, const char *name); */ void setenv_str_incr(struct env_set *es, const char *name, const char *value); -void setenv_int_i (struct env_set *es, const char *name, const int value, const int i); -void setenv_str_i (struct env_set *es, const char *name, const char *value, const int i); +void setenv_int_i(struct env_set *es, const char *name, const int value, const int i); + +void setenv_str_i(struct env_set *es, const char *name, const char *value, const int i); /* struct env_set functions */ -struct env_set *env_set_create (struct gc_arena *gc); -void env_set_destroy (struct env_set *es); -bool env_set_del (struct env_set *es, const char *str); -void env_set_add (struct env_set *es, const char *str); -const char* env_set_get (const struct env_set *es, const char *name); +struct env_set *env_set_create(struct gc_arena *gc); + +void env_set_destroy(struct env_set *es); + +bool env_set_del(struct env_set *es, const char *str); -void env_set_print (int msglevel, const struct env_set *es); +void env_set_add(struct env_set *es, const char *str); -void env_set_inherit (struct env_set *es, const struct env_set *src); +const char *env_set_get(const struct env_set *es, const char *name); -void env_set_add_to_environment (const struct env_set *es); -void env_set_remove_from_environment (const struct env_set *es); +void env_set_print(int msglevel, const struct env_set *es); + +void env_set_inherit(struct env_set *es, const struct env_set *src); + +void env_set_add_to_environment(const struct env_set *es); + +void env_set_remove_from_environment(const struct env_set *es); /* Make arrays of strings */ -const char **make_env_array (const struct env_set *es, - const bool check_allowed, - struct gc_arena *gc); +const char **make_env_array(const struct env_set *es, + const bool check_allowed, + struct gc_arena *gc); + +const char **make_arg_array(const char *first, const char *parms, struct gc_arena *gc); -const char **make_arg_array (const char *first, const char *parms, struct gc_arena *gc); -const char **make_extended_arg_array (char **p, struct gc_arena *gc); +const char **make_extended_arg_array(char **p, struct gc_arena *gc); /* an analogue to the random() function, but use OpenSSL functions if available */ #ifdef ENABLE_CRYPTO long int get_random(void); + #else #define get_random random #endif /* return true if filename can be opened for read */ -bool test_file (const char *filename); +bool test_file(const char *filename); /* create a temporary file in directory, returns the filename of the created file */ -const char *create_temp_file (const char *directory, const char *prefix, struct gc_arena *gc); +const char *create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc); /* put a directory and filename together */ -const char *gen_path (const char *directory, const char *filename, struct gc_arena *gc); +const char *gen_path(const char *directory, const char *filename, struct gc_arena *gc); /* return true if pathname is absolute */ -bool absolute_pathname (const char *pathname); +bool absolute_pathname(const char *pathname); /* prepend a random prefix to hostname (need ENABLE_CRYPTO) */ const char *hostname_randomize(const char *hostname, struct gc_arena *gc); @@ -187,17 +204,17 @@ const char *hostname_randomize(const char *hostname, struct gc_arena *gc); struct user_pass { - bool defined; - bool nocache; + bool defined; + bool nocache; /* max length of username/password */ -# ifdef ENABLE_PKCS11 -# define USER_PASS_LEN 4096 -# else -# define USER_PASS_LEN 128 -# endif - char username[USER_PASS_LEN]; - char password[USER_PASS_LEN]; +#ifdef ENABLE_PKCS11 +#define USER_PASS_LEN 4096 +#else +#define USER_PASS_LEN 128 +#endif + char username[USER_PASS_LEN]; + char password[USER_PASS_LEN]; }; #ifdef ENABLE_CLIENT_CR @@ -205,31 +222,31 @@ struct user_pass * Challenge response info on client as pushed by server. */ struct auth_challenge_info { -# define CR_ECHO (1<<0) /* echo response when typed by user */ -# define CR_RESPONSE (1<<1) /* response needed */ - unsigned int flags; +#define CR_ECHO (1<<0) /* echo response when typed by user */ +#define CR_RESPONSE (1<<1) /* response needed */ + unsigned int flags; - const char *user; - const char *state_id; - const char *challenge_text; + const char *user; + const char *state_id; + const char *challenge_text; }; -struct auth_challenge_info *get_auth_challenge (const char *auth_challenge, struct gc_arena *gc); +struct auth_challenge_info *get_auth_challenge(const char *auth_challenge, struct gc_arena *gc); /* * Challenge response info on client as pushed by server. */ struct static_challenge_info { -# define SC_ECHO (1<<0) /* echo response when typed by user */ - unsigned int flags; +#define SC_ECHO (1<<0) /* echo response when typed by user */ + unsigned int flags; - const char *challenge_text; + const char *challenge_text; }; -#else +#else /* ifdef ENABLE_CLIENT_CR */ struct auth_challenge_info {}; struct static_challenge_info {}; -#endif +#endif /* ifdef ENABLE_CLIENT_CR */ /* * Flags for get_user_pass and management_query_user_pass @@ -248,54 +265,55 @@ struct static_challenge_info {}; #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ -bool get_user_pass_cr (struct user_pass *up, - const char *auth_file, - const char *prefix, - const unsigned int flags, - const char *auth_challenge); +bool get_user_pass_cr(struct user_pass *up, + const char *auth_file, + const char *prefix, + const unsigned int flags, + const char *auth_challenge); static inline bool -get_user_pass (struct user_pass *up, - const char *auth_file, - const char *prefix, - const unsigned int flags) +get_user_pass(struct user_pass *up, + const char *auth_file, + const char *prefix, + const unsigned int flags) { - return get_user_pass_cr (up, auth_file, prefix, flags, NULL); + return get_user_pass_cr(up, auth_file, prefix, flags, NULL); } -void fail_user_pass (const char *prefix, - const unsigned int flags, - const char *reason); +void fail_user_pass(const char *prefix, + const unsigned int flags, + const char *reason); -void purge_user_pass (struct user_pass *up, const bool force); +void purge_user_pass(struct user_pass *up, const bool force); -void set_auth_token (struct user_pass *up, const char *token); +void set_auth_token(struct user_pass *up, const char *token); /* * Process string received by untrusted peer before * printing to console or log file. * Assumes that string has been null terminated. */ -const char *safe_print (const char *str, struct gc_arena *gc); +const char *safe_print(const char *str, struct gc_arena *gc); /* returns true if environmental variable safe to print to log */ -bool env_safe_to_print (const char *str); +bool env_safe_to_print(const char *str); /* returns true if environmental variable may be passed to an external program */ -bool env_allowed (const char *str); +bool env_allowed(const char *str); /* * A sleep function that services the management layer for n * seconds rather than doing nothing. */ -void openvpn_sleep (const int n); +void openvpn_sleep(const int n); -void configure_path (void); +void configure_path(void); const char *sanitize_control_message(const char *str, struct gc_arena *gc); #if AUTO_USERID -void get_user_pass_auto_userid (struct user_pass *up, const char *tag); +void get_user_pass_auto_userid(struct user_pass *up, const char *tag); + #endif /* @@ -313,19 +331,21 @@ extern const char *iproute_path; extern int script_security; /* GLOBAL */ /* return the next largest power of 2 */ -size_t adjust_power_of_2 (size_t u); +size_t adjust_power_of_2(size_t u); #define COMPAT_FLAG_QUERY 0 /** compat_flags operator: Query for a flag */ #define COMPAT_FLAG_SET (1<<0) /** compat_flags operator: Set a compat flag */ #define COMPAT_NAMES (1<<1) /** compat flag: --compat-names set */ #define COMPAT_NO_NAME_REMAPPING (1<<2) /** compat flag: --compat-names without char remapping */ -bool compat_flag (unsigned int flag); +bool compat_flag(unsigned int flag); #if P2MP_SERVER /* helper to parse peer_info received from multi client, validate * (this is untrusted data) and put into environment */ bool validate_peer_info_line(char *line); -void output_peer_info_env (struct env_set *es, const char * peer_info); + +void output_peer_info_env(struct env_set *es, const char *peer_info); + #endif /* P2MP_SERVER */ -#endif +#endif /* ifndef MISC_H */ |