Browse code
Remove MANAGMENT_EXTERNAL_KEY, MANAGMENT_IN_EXTRA, ENABLE_CLIENT_CR
These defines are always defined when management is enabled.
We still have --disable-management as configure option, so we need
to replace these with ENABLE_MANAGEMENT in some cases.
PATCH v3: Rebase directly on master
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20181010142527.27025-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20181010142527.27025-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2018/10/10 23:25:27Showing 15 changed files
- src/openvpn/init.c
- src/openvpn/manage.c
- src/openvpn/manage.h
- src/openvpn/misc.c
- src/openvpn/misc.h
- src/openvpn/options.c
- src/openvpn/options.h
- src/openvpn/push.c
- src/openvpn/ssl.c
- src/openvpn/ssl.h
- src/openvpn/ssl_backend.h
- src/openvpn/ssl_common.h
- src/openvpn/ssl_mbedtls.c
- src/openvpn/ssl_openssl.c
- src/openvpn/syshead.h
| ... | ... |
@@ -540,7 +540,7 @@ init_query_passwords(const struct context *c) |
| 540 | 540 |
/* Auth user/pass input */ |
| 541 | 541 |
if (c->options.auth_user_pass_file) |
| 542 | 542 |
{
|
| 543 |
-#ifdef ENABLE_CLIENT_CR |
|
| 543 |
+#ifdef ENABLE_MANAGEMENT |
|
| 544 | 544 |
auth_user_pass_setup(c->options.auth_user_pass_file, &c->options.sc_info); |
| 545 | 545 |
#else |
| 546 | 546 |
auth_user_pass_setup(c->options.auth_user_pass_file, NULL); |
| ... | ... |
@@ -2800,7 +2800,7 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) |
| 2800 | 2800 |
to.x509_track = options->x509_track; |
| 2801 | 2801 |
|
| 2802 | 2802 |
#if P2MP |
| 2803 |
-#ifdef ENABLE_CLIENT_CR |
|
| 2803 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2804 | 2804 |
to.sci = &options->sc_info; |
| 2805 | 2805 |
#endif |
| 2806 | 2806 |
#endif |
| ... | ... |
@@ -110,14 +110,12 @@ man_help(void) |
| 110 | 110 |
msg(M_CLIENT, "client-pf CID : Define packet filter for client CID (MULTILINE)"); |
| 111 | 111 |
#endif |
| 112 | 112 |
#endif |
| 113 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 114 | 113 |
msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge"); |
| 115 | 114 |
msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END"); |
| 116 | 115 |
msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge"); |
| 117 | 116 |
msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END"); |
| 118 | 117 |
msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge"); |
| 119 | 118 |
msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END"); |
| 120 |
-#endif |
|
| 121 | 119 |
msg(M_CLIENT, "signal s : Send signal s to daemon,"); |
| 122 | 120 |
msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2."); |
| 123 | 121 |
msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history."); |
| ... | ... |
@@ -847,8 +845,6 @@ man_hold(struct management *man, const char *cmd) |
| 847 | 847 |
} |
| 848 | 848 |
} |
| 849 | 849 |
|
| 850 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
| 851 |
- |
|
| 852 | 850 |
#define IER_RESET 0 |
| 853 | 851 |
#define IER_NEW 1 |
| 854 | 852 |
|
| ... | ... |
@@ -936,7 +932,6 @@ in_extra_dispatch(struct management *man) |
| 936 | 936 |
break; |
| 937 | 937 |
|
| 938 | 938 |
#endif /* ifdef MANAGEMENT_PF */ |
| 939 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 940 | 939 |
case IEC_PK_SIGN: |
| 941 | 940 |
man->connection.ext_key_state = EKS_READY; |
| 942 | 941 |
buffer_list_free(man->connection.ext_key_input); |
| ... | ... |
@@ -950,13 +945,10 @@ in_extra_dispatch(struct management *man) |
| 950 | 950 |
man->connection.ext_cert_input = man->connection.in_extra; |
| 951 | 951 |
man->connection.in_extra = NULL; |
| 952 | 952 |
return; |
| 953 |
-#endif |
|
| 954 | 953 |
} |
| 955 | 954 |
in_extra_reset(&man->connection, IER_RESET); |
| 956 | 955 |
} |
| 957 | 956 |
|
| 958 |
-#endif /* MANAGEMENT_IN_EXTRA */ |
|
| 959 |
- |
|
| 960 | 957 |
#ifdef MANAGEMENT_DEF_AUTH |
| 961 | 958 |
|
| 962 | 959 |
static bool |
| ... | ... |
@@ -1102,8 +1094,6 @@ man_client_pf(struct management *man, const char *cid_str) |
| 1102 | 1102 |
#endif /* MANAGEMENT_PF */ |
| 1103 | 1103 |
#endif /* MANAGEMENT_DEF_AUTH */ |
| 1104 | 1104 |
|
| 1105 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 1106 |
- |
|
| 1107 | 1105 |
static void |
| 1108 | 1106 |
man_pk_sig(struct management *man, const char *cmd_name) |
| 1109 | 1107 |
{
|
| ... | ... |
@@ -1136,8 +1126,6 @@ man_certificate(struct management *man) |
| 1136 | 1136 |
} |
| 1137 | 1137 |
} |
| 1138 | 1138 |
|
| 1139 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
| 1140 |
- |
|
| 1141 | 1139 |
static void |
| 1142 | 1140 |
man_load_stats(struct management *man) |
| 1143 | 1141 |
{
|
| ... | ... |
@@ -1526,7 +1514,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha |
| 1526 | 1526 |
} |
| 1527 | 1527 |
#endif |
| 1528 | 1528 |
#endif /* ifdef MANAGEMENT_DEF_AUTH */ |
| 1529 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 1530 | 1529 |
else if (streq(p[0], "rsa-sig")) |
| 1531 | 1530 |
{
|
| 1532 | 1531 |
man_pk_sig(man, "rsa-sig"); |
| ... | ... |
@@ -1539,7 +1526,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha |
| 1539 | 1539 |
{
|
| 1540 | 1540 |
man_certificate(man); |
| 1541 | 1541 |
} |
| 1542 |
-#endif |
|
| 1543 | 1542 |
#ifdef ENABLE_PKCS11 |
| 1544 | 1543 |
else if (streq(p[0], "pkcs11-id-count")) |
| 1545 | 1544 |
{
|
| ... | ... |
@@ -1928,9 +1914,7 @@ man_reset_client_socket(struct management *man, const bool exiting) |
| 1928 | 1928 |
man->connection.state = MS_INITIAL; |
| 1929 | 1929 |
command_line_reset(man->connection.in); |
| 1930 | 1930 |
buffer_list_reset(man->connection.out); |
| 1931 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
| 1932 | 1931 |
in_extra_reset(&man->connection, IER_RESET); |
| 1933 |
-#endif |
|
| 1934 | 1932 |
msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected"); |
| 1935 | 1933 |
} |
| 1936 | 1934 |
if (!exiting) |
| ... | ... |
@@ -1972,9 +1956,7 @@ man_process_command(struct management *man, const char *line) |
| 1972 | 1972 |
|
| 1973 | 1973 |
CLEAR(parms); |
| 1974 | 1974 |
so = status_open(NULL, 0, -1, &man->persist.vout, 0); |
| 1975 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
| 1976 | 1975 |
in_extra_reset(&man->connection, IER_RESET); |
| 1977 |
-#endif |
|
| 1978 | 1976 |
|
| 1979 | 1977 |
if (man_password_needed(man)) |
| 1980 | 1978 |
{
|
| ... | ... |
@@ -2212,7 +2194,6 @@ man_read(struct management *man) |
| 2212 | 2212 |
const char *line; |
| 2213 | 2213 |
while ((line = command_line_get(man->connection.in))) |
| 2214 | 2214 |
{
|
| 2215 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
| 2216 | 2215 |
if (man->connection.in_extra) |
| 2217 | 2216 |
{
|
| 2218 | 2217 |
if (!strcmp(line, "END")) |
| ... | ... |
@@ -2225,8 +2206,9 @@ man_read(struct management *man) |
| 2225 | 2225 |
} |
| 2226 | 2226 |
} |
| 2227 | 2227 |
else |
| 2228 |
-#endif |
|
| 2229 |
- man_process_command(man, (char *) line); |
|
| 2228 |
+ {
|
|
| 2229 |
+ man_process_command(man, (char *) line); |
|
| 2230 |
+ } |
|
| 2230 | 2231 |
if (man->connection.halt) |
| 2231 | 2232 |
{
|
| 2232 | 2233 |
break; |
| ... | ... |
@@ -2572,12 +2554,8 @@ man_connection_close(struct management *man) |
| 2572 | 2572 |
{
|
| 2573 | 2573 |
buffer_list_free(mc->out); |
| 2574 | 2574 |
} |
| 2575 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
| 2576 | 2575 |
in_extra_reset(&man->connection, IER_RESET); |
| 2577 |
-#endif |
|
| 2578 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2579 | 2576 |
buffer_list_free(mc->ext_key_input); |
| 2580 |
-#endif |
|
| 2581 | 2577 |
man_connection_clear(mc); |
| 2582 | 2578 |
} |
| 2583 | 2579 |
|
| ... | ... |
@@ -3412,9 +3390,7 @@ management_query_user_pass(struct management *man, |
| 3412 | 3412 |
const char *alert_type = NULL; |
| 3413 | 3413 |
const char *prefix = NULL; |
| 3414 | 3414 |
unsigned int up_query_mode = 0; |
| 3415 |
-#ifdef ENABLE_CLIENT_CR |
|
| 3416 | 3415 |
const char *sc = NULL; |
| 3417 |
-#endif |
|
| 3418 | 3416 |
ret = true; |
| 3419 | 3417 |
man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ |
| 3420 | 3418 |
man->persist.special_state_msg = NULL; |
| ... | ... |
@@ -3444,12 +3420,10 @@ management_query_user_pass(struct management *man, |
| 3444 | 3444 |
up_query_mode = UP_QUERY_USER_PASS; |
| 3445 | 3445 |
prefix = "PASSWORD"; |
| 3446 | 3446 |
alert_type = "username/password"; |
| 3447 |
-#ifdef ENABLE_CLIENT_CR |
|
| 3448 | 3447 |
if (static_challenge) |
| 3449 | 3448 |
{
|
| 3450 | 3449 |
sc = static_challenge; |
| 3451 | 3450 |
} |
| 3452 |
-#endif |
|
| 3453 | 3451 |
} |
| 3454 | 3452 |
buf_printf(&alert_msg, ">%s:Need '%s' %s", |
| 3455 | 3453 |
prefix, |
| ... | ... |
@@ -3461,14 +3435,12 @@ management_query_user_pass(struct management *man, |
| 3461 | 3461 |
buf_printf(&alert_msg, " MSG:%s", up->username); |
| 3462 | 3462 |
} |
| 3463 | 3463 |
|
| 3464 |
-#ifdef ENABLE_CLIENT_CR |
|
| 3465 | 3464 |
if (sc) |
| 3466 | 3465 |
{
|
| 3467 | 3466 |
buf_printf(&alert_msg, " SC:%d,%s", |
| 3468 | 3467 |
BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO), |
| 3469 | 3468 |
sc); |
| 3470 | 3469 |
} |
| 3471 |
-#endif |
|
| 3472 | 3470 |
|
| 3473 | 3471 |
man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT); |
| 3474 | 3472 |
if (signal_received) |
| ... | ... |
@@ -3531,8 +3503,6 @@ management_query_user_pass(struct management *man, |
| 3531 | 3531 |
return ret; |
| 3532 | 3532 |
} |
| 3533 | 3533 |
|
| 3534 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 3535 |
- |
|
| 3536 | 3534 |
static int |
| 3537 | 3535 |
management_query_multiline(struct management *man, |
| 3538 | 3536 |
const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input) |
| ... | ... |
@@ -3699,8 +3669,6 @@ management_query_cert(struct management *man, const char *cert_name) |
| 3699 | 3699 |
return result; |
| 3700 | 3700 |
} |
| 3701 | 3701 |
|
| 3702 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
| 3703 |
- |
|
| 3704 | 3702 |
/* |
| 3705 | 3703 |
* Return true if management_hold() would block |
| 3706 | 3704 |
*/ |
| ... | ... |
@@ -275,7 +275,6 @@ struct man_connection {
|
| 275 | 275 |
struct command_line *in; |
| 276 | 276 |
struct buffer_list *out; |
| 277 | 277 |
|
| 278 |
-#ifdef MANAGEMENT_IN_EXTRA |
|
| 279 | 278 |
#define IEC_UNDEF 0 |
| 280 | 279 |
#define IEC_CLIENT_AUTH 1 |
| 281 | 280 |
#define IEC_CLIENT_PF 2 |
| ... | ... |
@@ -288,7 +287,6 @@ struct man_connection {
|
| 288 | 288 |
unsigned long in_extra_cid; |
| 289 | 289 |
unsigned int in_extra_kid; |
| 290 | 290 |
#endif |
| 291 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 292 | 291 |
#define EKS_UNDEF 0 |
| 293 | 292 |
#define EKS_SOLICIT 1 |
| 294 | 293 |
#define EKS_INPUT 2 |
| ... | ... |
@@ -297,8 +295,6 @@ struct man_connection {
|
| 297 | 297 |
struct buffer_list *ext_key_input; |
| 298 | 298 |
int ext_cert_state; |
| 299 | 299 |
struct buffer_list *ext_cert_input; |
| 300 |
-#endif |
|
| 301 |
-#endif /* ifdef MANAGEMENT_IN_EXTRA */ |
|
| 302 | 300 |
struct event_set *es; |
| 303 | 301 |
int env_filter_level; |
| 304 | 302 |
|
| ... | ... |
@@ -346,9 +342,7 @@ struct management *management_init(void); |
| 346 | 346 |
#define MF_CLIENT_PF (1<<7) |
| 347 | 347 |
#endif |
| 348 | 348 |
#define MF_UNIX_SOCK (1<<8) |
| 349 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 350 | 349 |
#define MF_EXTERNAL_KEY (1<<9) |
| 351 |
-#endif |
|
| 352 | 350 |
#define MF_UP_DOWN (1<<10) |
| 353 | 351 |
#define MF_QUERY_REMOTE (1<<11) |
| 354 | 352 |
#define MF_QUERY_PROXY (1<<12) |
| ... | ... |
@@ -436,14 +430,10 @@ void management_learn_addr(struct management *management, |
| 436 | 436 |
|
| 437 | 437 |
#endif |
| 438 | 438 |
|
| 439 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 440 |
- |
|
| 441 | 439 |
char *management_query_pk_sig(struct management *man, const char *b64_data); |
| 442 | 440 |
|
| 443 | 441 |
char *management_query_cert(struct management *man, const char *cert_name); |
| 444 | 442 |
|
| 445 |
-#endif |
|
| 446 |
- |
|
| 447 | 443 |
static inline bool |
| 448 | 444 |
management_connected(const struct management *man) |
| 449 | 445 |
{
|
| ... | ... |
@@ -157,12 +157,10 @@ get_user_pass_cr(struct user_pass *up, |
| 157 | 157 |
management_auth_failure(management, prefix, "previous auth credentials failed"); |
| 158 | 158 |
} |
| 159 | 159 |
|
| 160 |
-#ifdef ENABLE_CLIENT_CR |
|
| 161 | 160 |
if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) |
| 162 | 161 |
{
|
| 163 | 162 |
sc = auth_challenge; |
| 164 | 163 |
} |
| 165 |
-#endif |
|
| 166 | 164 |
if (!management_query_user_pass(management, up, prefix, flags, sc)) |
| 167 | 165 |
{
|
| 168 | 166 |
if ((flags & GET_USER_PASS_NOFATAL) != 0) |
| ... | ... |
@@ -272,7 +270,7 @@ get_user_pass_cr(struct user_pass *up, |
| 272 | 272 |
*/ |
| 273 | 273 |
if (username_from_stdin || password_from_stdin || response_from_stdin) |
| 274 | 274 |
{
|
| 275 |
-#ifdef ENABLE_CLIENT_CR |
|
| 275 |
+#ifdef ENABLE_MANAGEMENT |
|
| 276 | 276 |
if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE) && response_from_stdin) |
| 277 | 277 |
{
|
| 278 | 278 |
struct auth_challenge_info *ac = get_auth_challenge(auth_challenge, &gc); |
| ... | ... |
@@ -299,7 +297,7 @@ get_user_pass_cr(struct user_pass *up, |
| 299 | 299 |
} |
| 300 | 300 |
} |
| 301 | 301 |
else |
| 302 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
| 302 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
| 303 | 303 |
{
|
| 304 | 304 |
struct buffer user_prompt = alloc_buf_gc(128, &gc); |
| 305 | 305 |
struct buffer pass_prompt = alloc_buf_gc(128, &gc); |
| ... | ... |
@@ -333,7 +331,7 @@ get_user_pass_cr(struct user_pass *up, |
| 333 | 333 |
} |
| 334 | 334 |
} |
| 335 | 335 |
|
| 336 |
-#ifdef ENABLE_CLIENT_CR |
|
| 336 |
+#ifdef ENABLE_MANAGEMENT |
|
| 337 | 337 |
if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE) && response_from_stdin) |
| 338 | 338 |
{
|
| 339 | 339 |
char *response = (char *) gc_malloc(USER_PASS_LEN, false, &gc); |
| ... | ... |
@@ -361,7 +359,7 @@ get_user_pass_cr(struct user_pass *up, |
| 361 | 361 |
string_clear(resp64); |
| 362 | 362 |
free(resp64); |
| 363 | 363 |
} |
| 364 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
| 364 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
| 365 | 365 |
} |
| 366 | 366 |
} |
| 367 | 367 |
|
| ... | ... |
@@ -380,7 +378,7 @@ get_user_pass_cr(struct user_pass *up, |
| 380 | 380 |
return true; |
| 381 | 381 |
} |
| 382 | 382 |
|
| 383 |
-#ifdef ENABLE_CLIENT_CR |
|
| 383 |
+#ifdef ENABLE_MANAGEMENT |
|
| 384 | 384 |
|
| 385 | 385 |
/* |
| 386 | 386 |
* See management/management-notes.txt for more info on the |
| ... | ... |
@@ -455,7 +453,7 @@ get_auth_challenge(const char *auth_challenge, struct gc_arena *gc) |
| 455 | 455 |
} |
| 456 | 456 |
} |
| 457 | 457 |
|
| 458 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
| 458 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
| 459 | 459 |
|
| 460 | 460 |
void |
| 461 | 461 |
purge_user_pass(struct user_pass *up, const bool force) |
| ... | ... |
@@ -76,7 +76,7 @@ struct user_pass |
| 76 | 76 |
char password[USER_PASS_LEN]; |
| 77 | 77 |
}; |
| 78 | 78 |
|
| 79 |
-#ifdef ENABLE_CLIENT_CR |
|
| 79 |
+#ifdef ENABLE_MANAGEMENT |
|
| 80 | 80 |
/* |
| 81 | 81 |
* Challenge response info on client as pushed by server. |
| 82 | 82 |
*/ |
| ... | ... |
@@ -102,10 +102,10 @@ struct static_challenge_info {
|
| 102 | 102 |
const char *challenge_text; |
| 103 | 103 |
}; |
| 104 | 104 |
|
| 105 |
-#else /* ifdef ENABLE_CLIENT_CR */ |
|
| 105 |
+#else /* ifdef ENABLE_MANAGEMENT */ |
|
| 106 | 106 |
struct auth_challenge_info {};
|
| 107 | 107 |
struct static_challenge_info {};
|
| 108 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
| 108 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
| 109 | 109 |
|
| 110 | 110 |
/* |
| 111 | 111 |
* Flags for get_user_pass and management_query_user_pass |
| ... | ... |
@@ -1735,7 +1735,7 @@ show_settings(const struct options *o) |
| 1735 | 1735 |
SHOW_STR(ca_file); |
| 1736 | 1736 |
SHOW_STR(ca_path); |
| 1737 | 1737 |
SHOW_STR(dh_file); |
| 1738 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 1738 |
+#ifdef ENABLE_MANAGEMENT |
|
| 1739 | 1739 |
if ((o->management_flags & MF_EXTERNAL_CERT)) |
| 1740 | 1740 |
{
|
| 1741 | 1741 |
SHOW_PARM("cert_file","EXTERNAL_CERT","%s");
|
| ... | ... |
@@ -1745,7 +1745,7 @@ show_settings(const struct options *o) |
| 1745 | 1745 |
SHOW_STR(cert_file); |
| 1746 | 1746 |
SHOW_STR(extra_certs_file); |
| 1747 | 1747 |
|
| 1748 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 1748 |
+#ifdef ENABLE_MANAGEMENT |
|
| 1749 | 1749 |
if ((o->management_flags & MF_EXTERNAL_KEY)) |
| 1750 | 1750 |
{
|
| 1751 | 1751 |
SHOW_PARM("priv_key_file","EXTERNAL_PRIVATE_KEY","%s");
|
| ... | ... |
@@ -2567,7 +2567,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
| 2567 | 2567 |
{
|
| 2568 | 2568 |
msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); |
| 2569 | 2569 |
} |
| 2570 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2570 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2571 | 2571 |
if (options->management_flags & MF_EXTERNAL_KEY) |
| 2572 | 2572 |
{
|
| 2573 | 2573 |
msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); |
| ... | ... |
@@ -2590,7 +2590,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
| 2590 | 2590 |
} |
| 2591 | 2591 |
else |
| 2592 | 2592 |
#endif /* ifdef ENABLE_PKCS11 */ |
| 2593 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2593 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2594 | 2594 |
if ((options->management_flags & MF_EXTERNAL_KEY) && options->priv_key_file) |
| 2595 | 2595 |
{
|
| 2596 | 2596 |
msg(M_USAGE, "--key and --management-external-key are mutually exclusive"); |
| ... | ... |
@@ -2627,7 +2627,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
| 2627 | 2627 |
{
|
| 2628 | 2628 |
msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); |
| 2629 | 2629 |
} |
| 2630 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2630 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2631 | 2631 |
if (options->management_flags & MF_EXTERNAL_KEY) |
| 2632 | 2632 |
{
|
| 2633 | 2633 |
msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); |
| ... | ... |
@@ -2657,7 +2657,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
| 2657 | 2657 |
{
|
| 2658 | 2658 |
msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); |
| 2659 | 2659 |
} |
| 2660 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2660 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2661 | 2661 |
if (options->management_flags & MF_EXTERNAL_KEY) |
| 2662 | 2662 |
{
|
| 2663 | 2663 |
msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs12 is also specified."); |
| ... | ... |
@@ -2690,7 +2690,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
| 2690 | 2690 |
{
|
| 2691 | 2691 |
|
| 2692 | 2692 |
const int sum = |
| 2693 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2693 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2694 | 2694 |
((options->cert_file != NULL) || (options->management_flags & MF_EXTERNAL_CERT)) |
| 2695 | 2695 |
+((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); |
| 2696 | 2696 |
#else |
| ... | ... |
@@ -2714,11 +2714,11 @@ options_postprocess_verify_ce(const struct options *options, const struct connec |
| 2714 | 2714 |
} |
| 2715 | 2715 |
else |
| 2716 | 2716 |
{
|
| 2717 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2717 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2718 | 2718 |
if (!(options->management_flags & MF_EXTERNAL_CERT)) |
| 2719 | 2719 |
#endif |
| 2720 | 2720 |
notnull(options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); |
| 2721 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 2721 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2722 | 2722 |
if (!(options->management_flags & MF_EXTERNAL_KEY)) |
| 2723 | 2723 |
#endif |
| 2724 | 2724 |
notnull(options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); |
| ... | ... |
@@ -3308,7 +3308,7 @@ options_postprocess_filechecks(struct options *options) |
| 3308 | 3308 |
errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->cert_file, R_OK, "--cert"); |
| 3309 | 3309 |
errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK, |
| 3310 | 3310 |
"--extra-certs"); |
| 3311 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 3311 |
+#ifdef ENABLE_MANAGEMENT |
|
| 3312 | 3312 |
if (!(options->management_flags & MF_EXTERNAL_KEY)) |
| 3313 | 3313 |
#endif |
| 3314 | 3314 |
{
|
| ... | ... |
@@ -5155,7 +5155,7 @@ add_option(struct options *options, |
| 5155 | 5155 |
options->management_flags |= MF_CONNECT_AS_CLIENT; |
| 5156 | 5156 |
options->management_write_peer_info_file = p[1]; |
| 5157 | 5157 |
} |
| 5158 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 5158 |
+#ifdef ENABLE_MANAGEMENT |
|
| 5159 | 5159 |
else if (streq(p[0], "management-external-key") && !p[1]) |
| 5160 | 5160 |
{
|
| 5161 | 5161 |
VERIFY_PERMISSION(OPT_P_GENERAL); |
| ... | ... |
@@ -7023,7 +7023,7 @@ add_option(struct options *options, |
| 7023 | 7023 |
VERIFY_PERMISSION(OPT_P_GENERAL); |
| 7024 | 7024 |
auth_retry_set(msglevel, p[1]); |
| 7025 | 7025 |
} |
| 7026 |
-#ifdef ENABLE_CLIENT_CR |
|
| 7026 |
+#ifdef ENABLE_MANAGEMENT |
|
| 7027 | 7027 |
else if (streq(p[0], "static-challenge") && p[1] && p[2] && !p[3]) |
| 7028 | 7028 |
{
|
| 7029 | 7029 |
VERIFY_PERMISSION(OPT_P_GENERAL); |
| ... | ... |
@@ -88,7 +88,7 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) |
| 88 | 88 |
* Save the dynamic-challenge text even when management is defined |
| 89 | 89 |
*/ |
| 90 | 90 |
{
|
| 91 |
-#ifdef ENABLE_CLIENT_CR |
|
| 91 |
+#ifdef ENABLE_MANAGEMENT |
|
| 92 | 92 |
struct buffer buf = *buffer; |
| 93 | 93 |
if (buf_string_match_head_str(&buf, "AUTH_FAILED,CRV1:") && BLEN(&buf)) |
| 94 | 94 |
{
|
| ... | ... |
@@ -399,7 +399,7 @@ pem_password_callback(char *buf, int size, int rwflag, void *u) |
| 399 | 399 |
static bool auth_user_pass_enabled; /* GLOBAL */ |
| 400 | 400 |
static struct user_pass auth_user_pass; /* GLOBAL */ |
| 401 | 401 |
|
| 402 |
-#ifdef ENABLE_CLIENT_CR |
|
| 402 |
+#ifdef ENABLE_MANAGEMENT |
|
| 403 | 403 |
static char *auth_challenge; /* GLOBAL */ |
| 404 | 404 |
#endif |
| 405 | 405 |
|
| ... | ... |
@@ -409,7 +409,7 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * |
| 409 | 409 |
auth_user_pass_enabled = true; |
| 410 | 410 |
if (!auth_user_pass.defined) |
| 411 | 411 |
{
|
| 412 |
-#ifdef ENABLE_CLIENT_CR |
|
| 412 |
+#ifdef ENABLE_MANAGEMENT |
|
| 413 | 413 |
if (auth_challenge) /* dynamic challenge/response */ |
| 414 | 414 |
{
|
| 415 | 415 |
get_user_pass_cr(&auth_user_pass, |
| ... | ... |
@@ -432,7 +432,7 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * |
| 432 | 432 |
sci->challenge_text); |
| 433 | 433 |
} |
| 434 | 434 |
else |
| 435 |
-#endif /* ifdef ENABLE_CLIENT_CR */ |
|
| 435 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
| 436 | 436 |
get_user_pass(&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT); |
| 437 | 437 |
} |
| 438 | 438 |
} |
| ... | ... |
@@ -480,12 +480,12 @@ ssl_purge_auth(const bool auth_user_pass_only) |
| 480 | 480 |
purge_user_pass(&passbuf, true); |
| 481 | 481 |
} |
| 482 | 482 |
purge_user_pass(&auth_user_pass, true); |
| 483 |
-#ifdef ENABLE_CLIENT_CR |
|
| 483 |
+#ifdef ENABLE_MANAGEMENT |
|
| 484 | 484 |
ssl_purge_auth_challenge(); |
| 485 | 485 |
#endif |
| 486 | 486 |
} |
| 487 | 487 |
|
| 488 |
-#ifdef ENABLE_CLIENT_CR |
|
| 488 |
+#ifdef ENABLE_MANAGEMENT |
|
| 489 | 489 |
|
| 490 | 490 |
void |
| 491 | 491 |
ssl_purge_auth_challenge(void) |
| ... | ... |
@@ -652,7 +652,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) |
| 652 | 652 |
tls_ctx_load_cryptoapi(new_ctx, options->cryptoapi_cert); |
| 653 | 653 |
} |
| 654 | 654 |
#endif |
| 655 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 655 |
+#ifdef ENABLE_MANAGEMENT |
|
| 656 | 656 |
else if (options->management_flags & MF_EXTERNAL_CERT) |
| 657 | 657 |
{
|
| 658 | 658 |
char *cert = management_query_cert(management, |
| ... | ... |
@@ -674,7 +674,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) |
| 674 | 674 |
goto err; |
| 675 | 675 |
} |
| 676 | 676 |
} |
| 677 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 677 |
+#ifdef ENABLE_MANAGEMENT |
|
| 678 | 678 |
else if (options->management_flags & MF_EXTERNAL_KEY) |
| 679 | 679 |
{
|
| 680 | 680 |
if (tls_ctx_use_management_external_key(new_ctx)) |
| ... | ... |
@@ -2364,7 +2364,7 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) |
| 2364 | 2364 |
/* write username/password if specified */ |
| 2365 | 2365 |
if (auth_user_pass_enabled) |
| 2366 | 2366 |
{
|
| 2367 |
-#ifdef ENABLE_CLIENT_CR |
|
| 2367 |
+#ifdef ENABLE_MANAGEMENT |
|
| 2368 | 2368 |
auth_user_pass_setup(session->opt->auth_user_pass_file, session->opt->sci); |
| 2369 | 2369 |
#else |
| 2370 | 2370 |
auth_user_pass_setup(session->opt->auth_user_pass_file, NULL); |
| ... | ... |
@@ -428,7 +428,7 @@ void ssl_purge_auth(const bool auth_user_pass_only); |
| 428 | 428 |
|
| 429 | 429 |
void ssl_set_auth_token(const char *token); |
| 430 | 430 |
|
| 431 |
-#ifdef ENABLE_CLIENT_CR |
|
| 431 |
+#ifdef ENABLE_MANAGEMENT |
|
| 432 | 432 |
/* |
| 433 | 433 |
* ssl_get_auth_challenge will parse the server-pushed auth-failed |
| 434 | 434 |
* reason string and return a dynamically allocated |
| ... | ... |
@@ -272,7 +272,7 @@ void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, |
| 272 | 272 |
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, |
| 273 | 273 |
const char *priv_key_file_inline); |
| 274 | 274 |
|
| 275 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 275 |
+#ifdef ENABLE_MANAGEMENT |
|
| 276 | 276 |
|
| 277 | 277 |
/** |
| 278 | 278 |
* Tell the management interface to load the given certificate and the external |
| ... | ... |
@@ -284,7 +284,7 @@ int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, |
| 284 | 284 |
*/ |
| 285 | 285 |
int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx); |
| 286 | 286 |
|
| 287 |
-#endif /* MANAGMENT_EXTERNAL_KEY */ |
|
| 287 |
+#endif /* ENABLE_MANAGEMENT */ |
|
| 288 | 288 |
|
| 289 | 289 |
/** |
| 290 | 290 |
* Load certificate authority certificates from the given file or path. |
| ... | ... |
@@ -605,7 +605,7 @@ tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, |
| 605 | 605 |
return 0; |
| 606 | 606 |
} |
| 607 | 607 |
|
| 608 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 608 |
+#ifdef ENABLE_MANAGEMENT |
|
| 609 | 609 |
|
| 610 | 610 |
/** Query the management interface for a signature, see external_sign_func. */ |
| 611 | 611 |
static bool |
| ... | ... |
@@ -645,7 +645,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) |
| 645 | 645 |
return tls_ctx_use_external_signing_func(ctx, management_sign_func, NULL); |
| 646 | 646 |
} |
| 647 | 647 |
|
| 648 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
| 648 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
| 649 | 649 |
|
| 650 | 650 |
void |
| 651 | 651 |
tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, |
| ... | ... |
@@ -997,7 +997,7 @@ end: |
| 997 | 997 |
} |
| 998 | 998 |
|
| 999 | 999 |
|
| 1000 |
-#ifdef MANAGMENT_EXTERNAL_KEY |
|
| 1000 |
+#ifdef ENABLE_MANAGEMENT |
|
| 1001 | 1001 |
|
| 1002 | 1002 |
/* encrypt */ |
| 1003 | 1003 |
static int |
| ... | ... |
@@ -1340,7 +1340,7 @@ cleanup: |
| 1340 | 1340 |
return ret; |
| 1341 | 1341 |
} |
| 1342 | 1342 |
|
| 1343 |
-#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ |
|
| 1343 |
+#endif /* ifdef ENABLE_MANAGEMENT */ |
|
| 1344 | 1344 |
|
| 1345 | 1345 |
static int |
| 1346 | 1346 |
sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b) |
| ... | ... |
@@ -548,27 +548,12 @@ socket_defined(const socket_descriptor_t sd) |
| 548 | 548 |
#undef ENABLE_DEF_AUTH |
| 549 | 549 |
#endif |
| 550 | 550 |
|
| 551 |
-/* |
|
| 552 |
- * Enable external private key |
|
| 553 |
- */ |
|
| 554 |
-#if defined(ENABLE_MANAGEMENT) |
|
| 555 |
-#define MANAGMENT_EXTERNAL_KEY |
|
| 556 |
-#endif |
|
| 557 |
- |
|
| 558 | 551 |
/* Enable mbed TLS RNG prediction resistance support */ |
| 559 | 552 |
#ifdef ENABLE_CRYPTO_MBEDTLS |
| 560 | 553 |
#define ENABLE_PREDICTION_RESISTANCE |
| 561 | 554 |
#endif /* ENABLE_CRYPTO_MBEDTLS */ |
| 562 | 555 |
|
| 563 | 556 |
/* |
| 564 |
- * MANAGEMENT_IN_EXTRA allows the management interface to |
|
| 565 |
- * read multi-line inputs from clients. |
|
| 566 |
- */ |
|
| 567 |
-#if defined(MANAGEMENT_DEF_AUTH) || defined(MANAGMENT_EXTERNAL_KEY) |
|
| 568 |
-#define MANAGEMENT_IN_EXTRA |
|
| 569 |
-#endif |
|
| 570 |
- |
|
| 571 |
-/* |
|
| 572 | 557 |
* Enable packet filter? |
| 573 | 558 |
*/ |
| 574 | 559 |
#if defined(ENABLE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && defined(HAVE_STAT) |
| ... | ... |
@@ -659,13 +644,6 @@ socket_defined(const socket_descriptor_t sd) |
| 659 | 659 |
#endif |
| 660 | 660 |
|
| 661 | 661 |
/* |
| 662 |
- * Do we support challenge/response authentication as client? |
|
| 663 |
- */ |
|
| 664 |
-#if defined(ENABLE_MANAGEMENT) |
|
| 665 |
-#define ENABLE_CLIENT_CR |
|
| 666 |
-#endif |
|
| 667 |
- |
|
| 668 |
-/* |
|
| 669 | 662 |
* Compression support |
| 670 | 663 |
*/ |
| 671 | 664 |
#if defined(ENABLE_LZO) || defined(ENABLE_LZ4) \ |