These defines are always defined when management is enabled.
We still have --disable-management as configure option, so we need
to replace these with ENABLE_MANAGEMENT in some cases.
PATCH v3: Rebase directly on master
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20181010142527.27025-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20181010142527.27025-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -540,7 +540,7 @@ init_query_passwords(const struct context *c) |
540 | 540 |
/* Auth user/pass input */ |
541 | 541 |
if (c->options.auth_user_pass_file) |
542 | 542 |
{ |
543 |
-#ifdef ENABLE_CLIENT_CR |
|
543 |
+#ifdef ENABLE_MANAGEMENT |
|
544 | 544 |
auth_user_pass_setup(c->options.auth_user_pass_file, &c->options.sc_info); |
545 | 545 |
#else |
546 | 546 |
auth_user_pass_setup(c->options.auth_user_pass_file, NULL); |
... | ... |
@@ -2800,7 +2800,7 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) |
2800 | 2800 |
to.x509_track = options->x509_track; |
2801 | 2801 |
|
2802 | 2802 |
#if P2MP |
2803 |
-#ifdef ENABLE_CLIENT_CR |
|
2803 |
+#ifdef ENABLE_MANAGEMENT |
|
2804 | 2804 |
to.sci = &options->sc_info; |
2805 | 2805 |
#endif |
2806 | 2806 |
#endif |
... | ... |
@@ -110,14 +110,12 @@ man_help(void) |
110 | 110 |
msg(M_CLIENT, "client-pf CID : Define packet filter for client CID (MULTILINE)"); |
111 | 111 |
#endif |
112 | 112 |
#endif |
113 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
114 | 113 |
msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge"); |
115 | 114 |
msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END"); |
116 | 115 |
msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge"); |
117 | 116 |
msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END"); |
118 | 117 |
msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge"); |
119 | 118 |
msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END"); |
120 |
-#endif |
|
121 | 119 |
msg(M_CLIENT, "signal s : Send signal s to daemon,"); |
122 | 120 |
msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2."); |
123 | 121 |
msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history."); |
... | ... |
@@ -847,8 +845,6 @@ man_hold(struct management *man, const char *cmd) |
847 | 847 |
} |
848 | 848 |
} |
849 | 849 |
|
850 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
851 |
- |
|
852 | 850 |
#define IER_RESET 0 |
853 | 851 |
#define IER_NEW 1 |
854 | 852 |
|
... | ... |
@@ -936,7 +932,6 @@ in_extra_dispatch(struct management *man) |
936 | 936 |
break; |
937 | 937 |
|
938 | 938 |
#endif /* ifdef MANAGEMENT_PF */ |
939 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
940 | 939 |
case IEC_PK_SIGN: |
941 | 940 |
man->connection.ext_key_state = EKS_READY; |
942 | 941 |
buffer_list_free(man->connection.ext_key_input); |
... | ... |
@@ -950,13 +945,10 @@ in_extra_dispatch(struct management *man) |
950 | 950 |
man->connection.ext_cert_input = man->connection.in_extra; |
951 | 951 |
man->connection.in_extra = NULL; |
952 | 952 |
return; |
953 |
-#endif |
|
954 | 953 |
} |
955 | 954 |
in_extra_reset(&man->connection, IER_RESET); |
956 | 955 |
} |
957 | 956 |
|
958 |
-#endif /* MANAGEMENT_IN_EXTRA */ |
|
959 |
- |
|
960 | 957 |
#ifdef MANAGEMENT_DEF_AUTH |
961 | 958 |
|
962 | 959 |
static bool |
... | ... |
@@ -1102,8 +1094,6 @@ man_client_pf(struct management *man, const char *cid_str) |
1102 | 1102 |
#endif /* MANAGEMENT_PF */ |
1103 | 1103 |
#endif /* MANAGEMENT_DEF_AUTH */ |
1104 | 1104 |
|
1105 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
1106 |
- |
|
1107 | 1105 |
static void |
1108 | 1106 |
man_pk_sig(struct management *man, const char *cmd_name) |
1109 | 1107 |
{ |
... | ... |
@@ -1136,8 +1126,6 @@ man_certificate(struct management *man) |
1136 | 1136 |
} |
1137 | 1137 |
} |
1138 | 1138 |
|
1139 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
1140 |
- |
|
1141 | 1139 |
static void |
1142 | 1140 |
man_load_stats(struct management *man) |
1143 | 1141 |
{ |
... | ... |
@@ -1526,7 +1514,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha |
1526 | 1526 |
} |
1527 | 1527 |
#endif |
1528 | 1528 |
#endif /* ifdef MANAGEMENT_DEF_AUTH */ |
1529 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
1530 | 1529 |
else if (streq(p[0], "rsa-sig")) |
1531 | 1530 |
{ |
1532 | 1531 |
man_pk_sig(man, "rsa-sig"); |
... | ... |
@@ -1539,7 +1526,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha |
1539 | 1539 |
{ |
1540 | 1540 |
man_certificate(man); |
1541 | 1541 |
} |
1542 |
-#endif |
|
1543 | 1542 |
#ifdef ENABLE_PKCS11 |
1544 | 1543 |
else if (streq(p[0], "pkcs11-id-count")) |
1545 | 1544 |
{ |
... | ... |
@@ -1928,9 +1914,7 @@ man_reset_client_socket(struct management *man, const bool exiting) |
1928 | 1928 |
man->connection.state = MS_INITIAL; |
1929 | 1929 |
command_line_reset(man->connection.in); |
1930 | 1930 |
buffer_list_reset(man->connection.out); |
1931 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
1932 | 1931 |
in_extra_reset(&man->connection, IER_RESET); |
1933 |
-#endif |
|
1934 | 1932 |
msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected"); |
1935 | 1933 |
} |
1936 | 1934 |
if (!exiting) |
... | ... |
@@ -1972,9 +1956,7 @@ man_process_command(struct management *man, const char *line) |
1972 | 1972 |
|
1973 | 1973 |
CLEAR(parms); |
1974 | 1974 |
so = status_open(NULL, 0, -1, &man->persist.vout, 0); |
1975 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
1976 | 1975 |
in_extra_reset(&man->connection, IER_RESET); |
1977 |
-#endif |
|
1978 | 1976 |
|
1979 | 1977 |
if (man_password_needed(man)) |
1980 | 1978 |
{ |
... | ... |
@@ -2212,7 +2194,6 @@ man_read(struct management *man) |
2212 | 2212 |
const char *line; |
2213 | 2213 |
while ((line = command_line_get(man->connection.in))) |
2214 | 2214 |
{ |
2215 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
2216 | 2215 |
if (man->connection.in_extra) |
2217 | 2216 |
{ |
2218 | 2217 |
if (!strcmp(line, "END")) |
... | ... |
@@ -2225,8 +2206,9 @@ man_read(struct management *man) |
2225 | 2225 |
} |
2226 | 2226 |
} |
2227 | 2227 |
else |
2228 |
-#endif |
|
2229 |
- man_process_command(man, (char *) line); |
|
2228 |
+ { |
|
2229 |
+ man_process_command(man, (char *) line); |
|
2230 |
+ } |
|
2230 | 2231 |
if (man->connection.halt) |
2231 | 2232 |
{ |
2232 | 2233 |
break; |
... | ... |
@@ -2572,12 +2554,8 @@ man_connection_close(struct management *man) |
2572 | 2572 |
{ |
2573 | 2573 |
buffer_list_free(mc->out); |
2574 | 2574 |
} |
2575 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
2576 | 2575 |
in_extra_reset(&man->connection, IER_RESET); |
2577 |
-#endif |
|
2578 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2579 | 2576 |
buffer_list_free(mc->ext_key_input); |
2580 |
-#endif |
|
2581 | 2577 |
man_connection_clear(mc); |
2582 | 2578 |
} |
2583 | 2579 |
|
... | ... |
@@ -3412,9 +3390,7 @@ management_query_user_pass(struct management *man, |
3412 | 3412 |
const char *alert_type = NULL; |
3413 | 3413 |
const char *prefix = NULL; |
3414 | 3414 |
unsigned int up_query_mode = 0; |
3415 |
-#ifdef ENABLE_CLIENT_CR |
|
3416 | 3415 |
const char *sc = NULL; |
3417 |
-#endif |
|
3418 | 3416 |
ret = true; |
3419 | 3417 |
man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ |
3420 | 3418 |
man->persist.special_state_msg = NULL; |
... | ... |
@@ -3444,12 +3420,10 @@ management_query_user_pass(struct management *man, |
3444 | 3444 |
up_query_mode = UP_QUERY_USER_PASS; |
3445 | 3445 |
prefix = "PASSWORD"; |
3446 | 3446 |
alert_type = "username/password"; |
3447 |
-#ifdef ENABLE_CLIENT_CR |
|
3448 | 3447 |
if (static_challenge) |
3449 | 3448 |
{ |
3450 | 3449 |
sc = static_challenge; |
3451 | 3450 |
} |
3452 |
-#endif |
|
3453 | 3451 |
} |
3454 | 3452 |
buf_printf(&alert_msg, ">%s:Need '%s' %s", |
3455 | 3453 |
prefix, |
... | ... |
@@ -3461,14 +3435,12 @@ management_query_user_pass(struct management *man, |
3461 | 3461 |
buf_printf(&alert_msg, " MSG:%s", up->username); |
3462 | 3462 |
} |
3463 | 3463 |
|
3464 |
-#ifdef ENABLE_CLIENT_CR |
|
3465 | 3464 |
if (sc) |
3466 | 3465 |
{ |
3467 | 3466 |
buf_printf(&alert_msg, " SC:%d,%s", |
3468 | 3467 |
BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO), |
3469 | 3468 |
sc); |
3470 | 3469 |
} |
3471 |
-#endif |
|
3472 | 3470 |
|
3473 | 3471 |
man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT); |
3474 | 3472 |
if (signal_received) |
... | ... |
@@ -3531,8 +3503,6 @@ management_query_user_pass(struct management *man, |
3531 | 3531 |
return ret; |
3532 | 3532 |
} |
3533 | 3533 |
|
3534 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
3535 |
- |
|
3536 | 3534 |
static int |
3537 | 3535 |
management_query_multiline(struct management *man, |
3538 | 3536 |
const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input) |
... | ... |
@@ -3699,8 +3669,6 @@ management_query_cert(struct management *man, const char *cert_name) |
3699 | 3699 |
return result; |
3700 | 3700 |
} |
3701 | 3701 |
|
3702 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
3703 |
- |
|
3704 | 3702 |
/* |
3705 | 3703 |
* Return true if management_hold() would block |
3706 | 3704 |
*/ |
... | ... |
@@ -275,7 +275,6 @@ struct man_connection { |
275 | 275 |
struct command_line *in; |
276 | 276 |
struct buffer_list *out; |
277 | 277 |
|
278 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
279 | 278 |
#define IEC_UNDEF 0 |
280 | 279 |
#define IEC_CLIENT_AUTH 1 |
281 | 280 |
#define IEC_CLIENT_PF 2 |
... | ... |
@@ -288,7 +287,6 @@ struct man_connection { |
288 | 288 |
unsigned long in_extra_cid; |
289 | 289 |
unsigned int in_extra_kid; |
290 | 290 |
#endif |
291 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
292 | 291 |
#define EKS_UNDEF 0 |
293 | 292 |
#define EKS_SOLICIT 1 |
294 | 293 |
#define EKS_INPUT 2 |
... | ... |
@@ -297,8 +295,6 @@ struct man_connection { |
297 | 297 |
struct buffer_list *ext_key_input; |
298 | 298 |
int ext_cert_state; |
299 | 299 |
struct buffer_list *ext_cert_input; |
300 |
-#endif |
|
301 |
-#endif /* ifdef MANAGEMENT_IN_EXTRA */ |
|
302 | 300 |
struct event_set *es; |
303 | 301 |
int env_filter_level; |
304 | 302 |
|
... | ... |
@@ -346,9 +342,7 @@ struct management *management_init(void); |
346 | 346 |
#define MF_CLIENT_PF (1<<7) |
347 | 347 |
#endif |
348 | 348 |
#define MF_UNIX_SOCK (1<<8) |
349 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
350 | 349 |
#define MF_EXTERNAL_KEY (1<<9) |
351 |
-#endif |
|
352 | 350 |
#define MF_UP_DOWN (1<<10) |
353 | 351 |
#define MF_QUERY_REMOTE (1<<11) |
354 | 352 |
#define MF_QUERY_PROXY (1<<12) |
... | ... |
@@ -436,14 +430,10 @@ void management_learn_addr(struct management *management, |
436 | 436 |
|
437 | 437 |
#endif |
438 | 438 |
|
439 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
440 |
- |
|
441 | 439 |
char *management_query_pk_sig(struct management *man, const char *b64_data); |
442 | 440 |
|
443 | 441 |
char *management_query_cert(struct management *man, const char *cert_name); |
444 | 442 |
|
445 |
-#endif |
|
446 |
- |
|
447 | 443 |
static inline bool |
448 | 444 |
management_connected(const struct management *man) |
449 | 445 |
{ |
... | ... |
@@ -157,12 +157,10 @@ get_user_pass_cr(struct user_pass *up, |
157 | 157 |
management_auth_failure(management, prefix, "previous auth credentials failed"); |
158 | 158 |
} |
159 | 159 |
|
160 |
-#ifdef ENABLE_CLIENT_CR |
|
161 | 160 |
if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) |
162 | 161 |
{ |
163 | 162 |
sc = auth_challenge; |
164 | 163 |
} |
165 |
-#endif |
|
166 | 164 |
if (!management_query_user_pass(management, up, prefix, flags, sc)) |
167 | 165 |
{ |
168 | 166 |
if ((flags & GET_USER_PASS_NOFATAL) != 0) |
... | ... |
@@ -272,7 +270,7 @@ get_user_pass_cr(struct user_pass *up, |
272 | 272 |
*/ |
273 | 273 |
if (username_from_stdin || password_from_stdin || response_from_stdin) |
274 | 274 |
{ |
275 |
-#ifdef ENABLE_CLIENT_CR |
|
275 |
+#ifdef ENABLE_MANAGEMENT |
|
276 | 276 |
if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE) && response_from_stdin) |
277 | 277 |
{ |
278 | 278 |
struct auth_challenge_info *ac = get_auth_challenge(auth_challenge, &gc); |
... | ... |
@@ -299,7 +297,7 @@ get_user_pass_cr(struct user_pass *up, |
299 | 299 |
} |
300 | 300 |
} |
301 | 301 |
else |
302 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
302 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
303 | 303 |
{ |
304 | 304 |
struct buffer user_prompt = alloc_buf_gc(128, &gc); |
305 | 305 |
struct buffer pass_prompt = alloc_buf_gc(128, &gc); |
... | ... |
@@ -333,7 +331,7 @@ get_user_pass_cr(struct user_pass *up, |
333 | 333 |
} |
334 | 334 |
} |
335 | 335 |
|
336 |
-#ifdef ENABLE_CLIENT_CR |
|
336 |
+#ifdef ENABLE_MANAGEMENT |
|
337 | 337 |
if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE) && response_from_stdin) |
338 | 338 |
{ |
339 | 339 |
char *response = (char *) gc_malloc(USER_PASS_LEN, false, &gc); |
... | ... |
@@ -361,7 +359,7 @@ get_user_pass_cr(struct user_pass *up, |
361 | 361 |
string_clear(resp64); |
362 | 362 |
free(resp64); |
363 | 363 |
} |
364 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
364 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
365 | 365 |
} |
366 | 366 |
} |
367 | 367 |
|
... | ... |
@@ -380,7 +378,7 @@ get_user_pass_cr(struct user_pass *up, |
380 | 380 |
return true; |
381 | 381 |
} |
382 | 382 |
|
383 |
-#ifdef ENABLE_CLIENT_CR |
|
383 |
+#ifdef ENABLE_MANAGEMENT |
|
384 | 384 |
|
385 | 385 |
/* |
386 | 386 |
* See management/management-notes.txt for more info on the |
... | ... |
@@ -455,7 +453,7 @@ get_auth_challenge(const char *auth_challenge, struct gc_arena *gc) |
455 | 455 |
} |
456 | 456 |
} |
457 | 457 |
|
458 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
458 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
459 | 459 |
|
460 | 460 |
void |
461 | 461 |
purge_user_pass(struct user_pass *up, const bool force) |
... | ... |
@@ -76,7 +76,7 @@ struct user_pass |
76 | 76 |
char password[USER_PASS_LEN]; |
77 | 77 |
}; |
78 | 78 |
|
79 |
-#ifdef ENABLE_CLIENT_CR |
|
79 |
+#ifdef ENABLE_MANAGEMENT |
|
80 | 80 |
/* |
81 | 81 |
* Challenge response info on client as pushed by server. |
82 | 82 |
*/ |
... | ... |
@@ -102,10 +102,10 @@ struct static_challenge_info { |
102 | 102 |
const char *challenge_text; |
103 | 103 |
}; |
104 | 104 |
|
105 |
-#else /* ifdef ENABLE_CLIENT_CR */ |
|
105 |
+#else /* ifdef ENABLE_MANAGEMENT */ |
|
106 | 106 |
struct auth_challenge_info {}; |
107 | 107 |
struct static_challenge_info {}; |
108 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
108 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
109 | 109 |
|
110 | 110 |
/* |
111 | 111 |
* Flags for get_user_pass and management_query_user_pass |
... | ... |
@@ -1735,7 +1735,7 @@ show_settings(const struct options *o) |
1735 | 1735 |
SHOW_STR(ca_file); |
1736 | 1736 |
SHOW_STR(ca_path); |
1737 | 1737 |
SHOW_STR(dh_file); |
1738 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
1738 |
+#ifdef ENABLE_MANAGEMENT |
|
1739 | 1739 |
if ((o->management_flags & MF_EXTERNAL_CERT)) |
1740 | 1740 |
{ |
1741 | 1741 |
SHOW_PARM("cert_file","EXTERNAL_CERT","%s"); |
... | ... |
@@ -1745,7 +1745,7 @@ show_settings(const struct options *o) |
1745 | 1745 |
SHOW_STR(cert_file); |
1746 | 1746 |
SHOW_STR(extra_certs_file); |
1747 | 1747 |
|
1748 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
1748 |
+#ifdef ENABLE_MANAGEMENT |
|
1749 | 1749 |
if ((o->management_flags & MF_EXTERNAL_KEY)) |
1750 | 1750 |
{ |
1751 | 1751 |
SHOW_PARM("priv_key_file","EXTERNAL_PRIVATE_KEY","%s"); |
... | ... |
@@ -2567,7 +2567,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
2567 | 2567 |
{ |
2568 | 2568 |
msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); |
2569 | 2569 |
} |
2570 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2570 |
+#ifdef ENABLE_MANAGEMENT |
|
2571 | 2571 |
if (options->management_flags & MF_EXTERNAL_KEY) |
2572 | 2572 |
{ |
2573 | 2573 |
msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); |
... | ... |
@@ -2590,7 +2590,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
2590 | 2590 |
} |
2591 | 2591 |
else |
2592 | 2592 |
#endif /* ifdef ENABLE_PKCS11 */ |
2593 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2593 |
+#ifdef ENABLE_MANAGEMENT |
|
2594 | 2594 |
if ((options->management_flags & MF_EXTERNAL_KEY) && options->priv_key_file) |
2595 | 2595 |
{ |
2596 | 2596 |
msg(M_USAGE, "--key and --management-external-key are mutually exclusive"); |
... | ... |
@@ -2627,7 +2627,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
2627 | 2627 |
{ |
2628 | 2628 |
msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); |
2629 | 2629 |
} |
2630 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2630 |
+#ifdef ENABLE_MANAGEMENT |
|
2631 | 2631 |
if (options->management_flags & MF_EXTERNAL_KEY) |
2632 | 2632 |
{ |
2633 | 2633 |
msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); |
... | ... |
@@ -2657,7 +2657,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
2657 | 2657 |
{ |
2658 | 2658 |
msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); |
2659 | 2659 |
} |
2660 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2660 |
+#ifdef ENABLE_MANAGEMENT |
|
2661 | 2661 |
if (options->management_flags & MF_EXTERNAL_KEY) |
2662 | 2662 |
{ |
2663 | 2663 |
msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs12 is also specified."); |
... | ... |
@@ -2690,7 +2690,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
2690 | 2690 |
{ |
2691 | 2691 |
|
2692 | 2692 |
const int sum = |
2693 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2693 |
+#ifdef ENABLE_MANAGEMENT |
|
2694 | 2694 |
((options->cert_file != NULL) || (options->management_flags & MF_EXTERNAL_CERT)) |
2695 | 2695 |
+((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); |
2696 | 2696 |
#else |
... | ... |
@@ -2714,11 +2714,11 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
2714 | 2714 |
} |
2715 | 2715 |
else |
2716 | 2716 |
{ |
2717 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2717 |
+#ifdef ENABLE_MANAGEMENT |
|
2718 | 2718 |
if (!(options->management_flags & MF_EXTERNAL_CERT)) |
2719 | 2719 |
#endif |
2720 | 2720 |
notnull(options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); |
2721 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
2721 |
+#ifdef ENABLE_MANAGEMENT |
|
2722 | 2722 |
if (!(options->management_flags & MF_EXTERNAL_KEY)) |
2723 | 2723 |
#endif |
2724 | 2724 |
notnull(options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); |
... | ... |
@@ -3308,7 +3308,7 @@ options_postprocess_filechecks(struct options *options) |
3308 | 3308 |
errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->cert_file, R_OK, "--cert"); |
3309 | 3309 |
errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK, |
3310 | 3310 |
"--extra-certs"); |
3311 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
3311 |
+#ifdef ENABLE_MANAGEMENT |
|
3312 | 3312 |
if (!(options->management_flags & MF_EXTERNAL_KEY)) |
3313 | 3313 |
#endif |
3314 | 3314 |
{ |
... | ... |
@@ -5155,7 +5155,7 @@ add_option(struct options *options, |
5155 | 5155 |
options->management_flags |= MF_CONNECT_AS_CLIENT; |
5156 | 5156 |
options->management_write_peer_info_file = p[1]; |
5157 | 5157 |
} |
5158 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
5158 |
+#ifdef ENABLE_MANAGEMENT |
|
5159 | 5159 |
else if (streq(p[0], "management-external-key") && !p[1]) |
5160 | 5160 |
{ |
5161 | 5161 |
VERIFY_PERMISSION(OPT_P_GENERAL); |
... | ... |
@@ -7023,7 +7023,7 @@ add_option(struct options *options, |
7023 | 7023 |
VERIFY_PERMISSION(OPT_P_GENERAL); |
7024 | 7024 |
auth_retry_set(msglevel, p[1]); |
7025 | 7025 |
} |
7026 |
-#ifdef ENABLE_CLIENT_CR |
|
7026 |
+#ifdef ENABLE_MANAGEMENT |
|
7027 | 7027 |
else if (streq(p[0], "static-challenge") && p[1] && p[2] && !p[3]) |
7028 | 7028 |
{ |
7029 | 7029 |
VERIFY_PERMISSION(OPT_P_GENERAL); |
... | ... |
@@ -88,7 +88,7 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) |
88 | 88 |
* Save the dynamic-challenge text even when management is defined |
89 | 89 |
*/ |
90 | 90 |
{ |
91 |
-#ifdef ENABLE_CLIENT_CR |
|
91 |
+#ifdef ENABLE_MANAGEMENT |
|
92 | 92 |
struct buffer buf = *buffer; |
93 | 93 |
if (buf_string_match_head_str(&buf, "AUTH_FAILED,CRV1:") && BLEN(&buf)) |
94 | 94 |
{ |
... | ... |
@@ -399,7 +399,7 @@ pem_password_callback(char *buf, int size, int rwflag, void *u) |
399 | 399 |
static bool auth_user_pass_enabled; /* GLOBAL */ |
400 | 400 |
static struct user_pass auth_user_pass; /* GLOBAL */ |
401 | 401 |
|
402 |
-#ifdef ENABLE_CLIENT_CR |
|
402 |
+#ifdef ENABLE_MANAGEMENT |
|
403 | 403 |
static char *auth_challenge; /* GLOBAL */ |
404 | 404 |
#endif |
405 | 405 |
|
... | ... |
@@ -409,7 +409,7 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * |
409 | 409 |
auth_user_pass_enabled = true; |
410 | 410 |
if (!auth_user_pass.defined) |
411 | 411 |
{ |
412 |
-#ifdef ENABLE_CLIENT_CR |
|
412 |
+#ifdef ENABLE_MANAGEMENT |
|
413 | 413 |
if (auth_challenge) /* dynamic challenge/response */ |
414 | 414 |
{ |
415 | 415 |
get_user_pass_cr(&auth_user_pass, |
... | ... |
@@ -432,7 +432,7 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * |
432 | 432 |
sci->challenge_text); |
433 | 433 |
} |
434 | 434 |
else |
435 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
435 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
436 | 436 |
get_user_pass(&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT); |
437 | 437 |
} |
438 | 438 |
} |
... | ... |
@@ -480,12 +480,12 @@ ssl_purge_auth(const bool auth_user_pass_only) |
480 | 480 |
purge_user_pass(&passbuf, true); |
481 | 481 |
} |
482 | 482 |
purge_user_pass(&auth_user_pass, true); |
483 |
-#ifdef ENABLE_CLIENT_CR |
|
483 |
+#ifdef ENABLE_MANAGEMENT |
|
484 | 484 |
ssl_purge_auth_challenge(); |
485 | 485 |
#endif |
486 | 486 |
} |
487 | 487 |
|
488 |
-#ifdef ENABLE_CLIENT_CR |
|
488 |
+#ifdef ENABLE_MANAGEMENT |
|
489 | 489 |
|
490 | 490 |
void |
491 | 491 |
ssl_purge_auth_challenge(void) |
... | ... |
@@ -652,7 +652,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) |
652 | 652 |
tls_ctx_load_cryptoapi(new_ctx, options->cryptoapi_cert); |
653 | 653 |
} |
654 | 654 |
#endif |
655 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
655 |
+#ifdef ENABLE_MANAGEMENT |
|
656 | 656 |
else if (options->management_flags & MF_EXTERNAL_CERT) |
657 | 657 |
{ |
658 | 658 |
char *cert = management_query_cert(management, |
... | ... |
@@ -674,7 +674,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) |
674 | 674 |
goto err; |
675 | 675 |
} |
676 | 676 |
} |
677 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
677 |
+#ifdef ENABLE_MANAGEMENT |
|
678 | 678 |
else if (options->management_flags & MF_EXTERNAL_KEY) |
679 | 679 |
{ |
680 | 680 |
if (tls_ctx_use_management_external_key(new_ctx)) |
... | ... |
@@ -2364,7 +2364,7 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) |
2364 | 2364 |
/* write username/password if specified */ |
2365 | 2365 |
if (auth_user_pass_enabled) |
2366 | 2366 |
{ |
2367 |
-#ifdef ENABLE_CLIENT_CR |
|
2367 |
+#ifdef ENABLE_MANAGEMENT |
|
2368 | 2368 |
auth_user_pass_setup(session->opt->auth_user_pass_file, session->opt->sci); |
2369 | 2369 |
#else |
2370 | 2370 |
auth_user_pass_setup(session->opt->auth_user_pass_file, NULL); |
... | ... |
@@ -428,7 +428,7 @@ void ssl_purge_auth(const bool auth_user_pass_only); |
428 | 428 |
|
429 | 429 |
void ssl_set_auth_token(const char *token); |
430 | 430 |
|
431 |
-#ifdef ENABLE_CLIENT_CR |
|
431 |
+#ifdef ENABLE_MANAGEMENT |
|
432 | 432 |
/* |
433 | 433 |
* ssl_get_auth_challenge will parse the server-pushed auth-failed |
434 | 434 |
* reason string and return a dynamically allocated |
... | ... |
@@ -272,7 +272,7 @@ void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, |
272 | 272 |
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, |
273 | 273 |
const char *priv_key_file_inline); |
274 | 274 |
|
275 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
275 |
+#ifdef ENABLE_MANAGEMENT |
|
276 | 276 |
|
277 | 277 |
/** |
278 | 278 |
* Tell the management interface to load the given certificate and the external |
... | ... |
@@ -284,7 +284,7 @@ int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, |
284 | 284 |
*/ |
285 | 285 |
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx); |
286 | 286 |
|
287 |
-#endif /* MANAGMENT_EXTERNAL_KEY */ |
|
287 |
+#endif /* ENABLE_MANAGEMENT */ |
|
288 | 288 |
|
289 | 289 |
/** |
290 | 290 |
* Load certificate authority certificates from the given file or path. |
... | ... |
@@ -605,7 +605,7 @@ tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, |
605 | 605 |
return 0; |
606 | 606 |
} |
607 | 607 |
|
608 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
608 |
+#ifdef ENABLE_MANAGEMENT |
|
609 | 609 |
|
610 | 610 |
/** Query the management interface for a signature, see external_sign_func. */ |
611 | 611 |
static bool |
... | ... |
@@ -645,7 +645,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) |
645 | 645 |
return tls_ctx_use_external_signing_func(ctx, management_sign_func, NULL); |
646 | 646 |
} |
647 | 647 |
|
648 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
648 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
649 | 649 |
|
650 | 650 |
void |
651 | 651 |
tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, |
... | ... |
@@ -997,7 +997,7 @@ end: |
997 | 997 |
} |
998 | 998 |
|
999 | 999 |
|
1000 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
1000 |
+#ifdef ENABLE_MANAGEMENT |
|
1001 | 1001 |
|
1002 | 1002 |
/* encrypt */ |
1003 | 1003 |
static int |
... | ... |
@@ -1340,7 +1340,7 @@ cleanup: |
1340 | 1340 |
return ret; |
1341 | 1341 |
} |
1342 | 1342 |
|
1343 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
1343 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
1344 | 1344 |
|
1345 | 1345 |
static int |
1346 | 1346 |
sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b) |
... | ... |
@@ -548,27 +548,12 @@ socket_defined(const socket_descriptor_t sd) |
548 | 548 |
#undef ENABLE_DEF_AUTH |
549 | 549 |
#endif |
550 | 550 |
|
551 |
-/* |
|
552 |
- * Enable external private key |
|
553 |
- */ |
|
554 |
-#if defined(ENABLE_MANAGEMENT) |
|
555 |
-#define MANAGMENT_EXTERNAL_KEY |
|
556 |
-#endif |
|
557 |
- |
|
558 | 551 |
/* Enable mbed TLS RNG prediction resistance support */ |
559 | 552 |
#ifdef ENABLE_CRYPTO_MBEDTLS |
560 | 553 |
#define ENABLE_PREDICTION_RESISTANCE |
561 | 554 |
#endif /* ENABLE_CRYPTO_MBEDTLS */ |
562 | 555 |
|
563 | 556 |
/* |
564 |
- * MANAGEMENT_IN_EXTRA allows the management interface to |
|
565 |
- * read multi-line inputs from clients. |
|
566 |
- */ |
|
567 |
-#if defined(MANAGEMENT_DEF_AUTH) || defined(MANAGMENT_EXTERNAL_KEY) |
|
568 |
-#define MANAGEMENT_IN_EXTRA |
|
569 |
-#endif |
|
570 |
- |
|
571 |
-/* |
|
572 | 557 |
* Enable packet filter? |
573 | 558 |
*/ |
574 | 559 |
#if defined(ENABLE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && defined(HAVE_STAT) |
... | ... |
@@ -659,13 +644,6 @@ socket_defined(const socket_descriptor_t sd) |
659 | 659 |
#endif |
660 | 660 |
|
661 | 661 |
/* |
662 |
- * Do we support challenge/response authentication as client? |
|
663 |
- */ |
|
664 |
-#if defined(ENABLE_MANAGEMENT) |
|
665 |
-#define ENABLE_CLIENT_CR |
|
666 |
-#endif |
|
667 |
- |
|
668 |
-/* |
|
669 | 662 |
* Compression support |
670 | 663 |
*/ |
671 | 664 |
#if defined(ENABLE_LZO) || defined(ENABLE_LZ4) \ |