/* * OpenVPN -- An application to securely tunnel IP networks * over a single TCP/UDP port, with support for SSL/TLS-based * session authentication and key exchange, * packet encryption, packet authentication, and * packet compression. * * Copyright (C) 2002-2018 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef MISC_H #define MISC_H #include "argv.h" #include "basic.h" #include "common.h" #include "env_set.h" #include "integer.h" #include "buffer.h" #include "platform.h" /* socket descriptor passed by inetd/xinetd server to us */ #define INETD_SOCKET_DESCRIPTOR 0 /* forward declarations */ struct plugin_list; /* Set standard file descriptors to /dev/null */ void set_std_files_to_null(bool stdin_only); /* dup inetd/xinetd socket descriptor and save */ extern int inetd_socket_descriptor; void save_inetd_socket_descriptor(void); /* Make arrays of strings */ const char **make_arg_array(const char *first, const char *parms, struct gc_arena *gc); const char **make_extended_arg_array(char **p, struct gc_arena *gc); /* an analogue to the random() function, but use OpenSSL functions if available */ long int get_random(void); /* prepend a random prefix to hostname */ const char *hostname_randomize(const char *hostname, struct gc_arena *gc); /* * Get and store a username/password */ struct user_pass { bool defined; bool nocache; bool tokenized; /* true if password has been substituted by a token */ bool wait_for_push; /* true if this object is waiting for a push-reply */ /* max length of username/password */ #ifdef ENABLE_PKCS11 #define USER_PASS_LEN 4096 #else #define USER_PASS_LEN 128 #endif char username[USER_PASS_LEN]; char password[USER_PASS_LEN]; }; #ifdef ENABLE_CLIENT_CR /* * Challenge response info on client as pushed by server. */ struct auth_challenge_info { #define CR_ECHO (1<<0) /* echo response when typed by user */ #define CR_RESPONSE (1<<1) /* response needed */ unsigned int flags; const char *user; const char *state_id; const char *challenge_text; }; struct auth_challenge_info *get_auth_challenge(const char *auth_challenge, struct gc_arena *gc); /* * Challenge response info on client as pushed by server. */ struct static_challenge_info { #define SC_ECHO (1<<0) /* echo response when typed by user */ unsigned int flags; const char *challenge_text; }; #else /* ifdef ENABLE_CLIENT_CR */ struct auth_challenge_info {}; struct static_challenge_info {}; #endif /* ifdef ENABLE_CLIENT_CR */ /* * Flags for get_user_pass and management_query_user_pass */ #define GET_USER_PASS_MANAGEMENT (1<<0) /* GET_USER_PASS_SENSITIVE (1<<1) not used anymore */ #define GET_USER_PASS_PASSWORD_ONLY (1<<2) #define GET_USER_PASS_NEED_OK (1<<3) #define GET_USER_PASS_NOFATAL (1<<4) #define GET_USER_PASS_NEED_STR (1<<5) #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6) #define GET_USER_PASS_DYNAMIC_CHALLENGE (1<<7) /* CRV1 protocol -- dynamic challenge */ #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge); static inline bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags) { return get_user_pass_cr(up, auth_file, prefix, flags, NULL); } void fail_user_pass(const char *prefix, const unsigned int flags, const char *reason); void purge_user_pass(struct user_pass *up, const bool force); void set_auth_token(struct user_pass *up, const char *token); /* * Process string received by untrusted peer before * printing to console or log file. * Assumes that string has been null terminated. */ const char *safe_print(const char *str, struct gc_arena *gc); void configure_path(void); const char *sanitize_control_message(const char *str, struct gc_arena *gc); #if AUTO_USERID void get_user_pass_auto_userid(struct user_pass *up, const char *tag); #endif /* * /sbin/ip path, may be overridden */ #ifdef ENABLE_IPROUTE extern const char *iproute_path; #endif #define COMPAT_FLAG_QUERY 0 /** compat_flags operator: Query for a flag */ #define COMPAT_FLAG_SET (1<<0) /** compat_flags operator: Set a compat flag */ #define COMPAT_NAMES (1<<1) /** compat flag: --compat-names set */ #define COMPAT_NO_NAME_REMAPPING (1<<2) /** compat flag: --compat-names without char remapping */ bool compat_flag(unsigned int flag); #if P2MP_SERVER /* helper to parse peer_info received from multi client, validate * (this is untrusted data) and put into environment */ bool validate_peer_info_line(char *line); void output_peer_info_env(struct env_set *es, const char *peer_info); #endif /* P2MP_SERVER */ #endif /* ifndef MISC_H */