openvpn/manage.h

   1 /*
   2  *  OpenVPN -- An application to securely tunnel IP networks
   3  *             over a single TCP/UDP port, with support for SSL/TLS-based
   4  *             session authentication and key exchange,
   5  *             packet encryption, packet authentication, and
   6  *             packet compression.
   7  *
   8  *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
   9  *
  10  *  This program is free software; you can redistribute it and/or modify
  11  *  it under the terms of the GNU General Public License version 2
  12  *  as published by the Free Software Foundation.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program (see the file COPYING included with this
  21  *  distribution); if not, write to the Free Software Foundation, Inc.,
  22  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 #ifndef MANAGE_H
  26 #define MANAGE_H
  27
  28 #ifdef ENABLE_MANAGEMENT
  29
  30 #include "misc.h"
  31 #include "event.h"
  32 #include "socket.h"
  33
  34 #define MANAGEMENT_VERSION                      1
  35 #define MANAGEMENT_N_PASSWORD_RETRIES           3
  36 #define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE   100
  37 #define MANAGEMENT_ECHO_BUFFER_SIZE           100
  38 #define MANAGEMENT_STATE_BUFFER_SIZE          100
  39
  40 /*
  41  * Manage build-up of command line
  42  */
  43 struct command_line
  44 {
  45   struct buffer buf;
  46   struct buffer residual;
  47 };
  48
  49 struct command_line *command_line_new (const int buf_len);
  50 void command_line_free (struct command_line *cl);
  51
  52 void command_line_add (struct command_line *cl, const unsigned char *buf, const int len);
  53 const unsigned char *command_line_get (struct command_line *cl);
  54 void command_line_reset (struct command_line *cl);
  55 void command_line_next (struct command_line *cl);
  56
  57 /*
  58  * Manage lists of output strings
  59  */
  60
  61 struct output_entry
  62 {
  63   struct buffer buf;
  64   struct output_entry *next;
  65 };
  66
  67 struct output_list
  68 {
  69   struct output_entry *head; /* next item to pop/peek */
  70   struct output_entry *tail; /* last item pushed */
  71   int size;                  /* current number of entries */
  72   int max_size;              /* maximum size list should grow to */
  73 };
  74
  75 struct output_list *output_list_new (const int max_size);
  76 void output_list_free (struct output_list *ol);
  77
  78 bool output_list_defined (const struct output_list *ol);
  79 void output_list_reset (struct output_list *ol);
  80
  81 void output_list_push (struct output_list *ol, const unsigned char *str);
  82 const struct buffer *output_list_peek (struct output_list *ol);
  83 void output_list_advance (struct output_list *ol, int n);
  84
  85 /*
  86  * Manage log file history
  87  */
  88
  89 union log_entry_union {
  90   unsigned int msg_flags;
  91   int state;
  92 };
  93
  94 struct log_entry
  95 {
  96   time_t timestamp;
  97   const char *string;
  98   in_addr_t local_ip;
  99   union log_entry_union u;
 100 };
 101
 102 #define LOG_PRINT_LOG_PREFIX   (1<<0)
 103 #define LOG_PRINT_ECHO_PREFIX  (1<<1)
 104 #define LOG_PRINT_STATE_PREFIX (1<<2)
 105
 106 #define LOG_PRINT_INT_DATE     (1<<3)
 107 #define LOG_PRINT_MSG_FLAGS    (1<<4)
 108 #define LOG_PRINT_STATE        (1<<5)
 109 #define LOG_PRINT_LOCAL_IP     (1<<6)
 110
 111 #define LOG_PRINT_CRLF         (1<<7)
 112 #define LOG_FATAL_NOTIFY       (1<<8)
 113
 114 const char *log_entry_print (const struct log_entry *e, unsigned int flags, struct gc_arena *gc);
 115
 116 struct log_history
 117 {
 118   int base;
 119   int size;
 120   int capacity;
 121   struct log_entry *array;
 122 };
 123
 124 struct log_history *log_history_init (const int capacity);
 125 void log_history_close (struct log_history *h);
 126 void log_history_add (struct log_history *h, const struct log_entry *le);
 127 void log_history_resize (struct log_history *h, const int capacity);
 128 const struct log_entry *log_history_ref (const struct log_history *h, const int index);
 129
 130 static inline int
 131 log_history_size (const struct log_history *h)
 132 {
 133   return h->size;
 134 }
 135
 136 static inline int
 137 log_history_capacity (const struct log_history *h)
 138 {
 139   return h->capacity;
 140 }
 141
 142 /*
 143  * Callbacks for 'status' and 'kill' commands
 144  */
 145 struct management_callback
 146 {
 147   void *arg;
 148   void (*status) (void *arg, const int version, struct status_output *so);
 149   void (*show_net) (void *arg, const int msglevel);
 150   int (*kill_by_cn) (void *arg, const char *common_name);
 151   int (*kill_by_addr) (void *arg, const in_addr_t addr, const int port);
 152   void (*delete_event) (void *arg, event_t event);
 153 };
 154
 155 /*
 156  * Management object, split into three components:
 157  *
 158  * struct man_persist : Data elements which are persistent across
 159  *                      man_connection open and close.
 160  *
 161  * struct man_settings : management parameters.
 162  *
 163  * struct man_connection : created on socket binding and listen,
 164  *                         deleted on socket unbind, may
 165  *                         handle multiple sequential client
 166  *                         connections.
 167  */
 168
 169 struct man_persist {
 170   bool defined;
 171
 172   struct log_history *log;
 173   struct virtual_output vout;
 174
 175   bool standalone_disabled;
 176   struct management_callback callback;
 177
 178   struct log_history *echo; /* saved --echo strings */
 179   struct log_history *state;
 180
 181   bool hold_release;
 182
 183   const char *special_state_msg;
 184 };
 185
 186 struct man_settings {
 187   bool defined;
 188   struct sockaddr_in local;
 189   bool up_query_passwords;
 190   bool management_over_tunnel;
 191   struct user_pass up;
 192   int log_history_cache;
 193   int echo_buffer_size;
 194   int state_buffer_size;
 195   bool server;
 196   bool hold;
 197 };
 198
 199 /* up_query modes */
 200 #define UP_QUERY_DISABLED  0
 201 #define UP_QUERY_USER_PASS 1
 202 #define UP_QUERY_PASS      2
 203
 204 /* states */
 205 #define MS_INITIAL          0  /* all sockets are closed */
 206 #define MS_LISTEN           1  /* no client is connected */
 207 #define MS_CC_WAIT_READ     2  /* client is connected, waiting for read on socket */
 208 #define MS_CC_WAIT_WRITE    3  /* client is connected, waiting for ability to write to socket */
 209
 210 struct man_connection {
 211   int state;
 212
 213   socket_descriptor_t sd_top;
 214   socket_descriptor_t sd_cli;
 215   struct sockaddr_in remote;
 216
 217 #ifdef WIN32
 218   struct net_event_win32 ne32;
 219 #endif
 220
 221   bool halt;
 222   bool password_verified;
 223   int password_tries;
 224
 225   struct command_line *in;
 226   struct output_list *out;
 227
 228   struct event_set *es;
 229
 230   bool state_realtime;
 231   bool log_realtime;
 232   bool echo_realtime;
 233
 234   const char *up_query_type;
 235   int up_query_mode;
 236   struct user_pass up_query;
 237 };
 238
 239 struct management
 240 {
 241   struct man_persist persist;
 242   struct man_settings settings;
 243   struct man_connection connection;
 244 };
 245
 246 extern struct management *management;
 247
 248 struct user_pass;
 249
 250 struct management *management_init (void);
 251
 252 bool management_open (struct management *man,
 253                       const char *addr,
 254                       const int port,
 255                       const char *pass_file,
 256                       const bool server,
 257                       const bool query_passwords,
 258                       const int log_history_cache,
 259                       const int echo_buffer_size,
 260                       const int state_buffer_size,
 261                       const bool hold);
 262
 263
 264 void management_close (struct management *man);
 265
 266 void management_post_tunnel_open (struct management *man, const in_addr_t tun_local_ip);
 267
 268 void management_pre_tunnel_close (struct management *man);
 269
 270 void management_socket_set (struct management *man,
 271                             struct event_set *es,
 272                             void *arg,
 273                             unsigned int *persistent);
 274
 275 void management_io (struct management *man);
 276
 277 void management_set_callback (struct management *man,
 278                               const struct management_callback *cb);
 279
 280 void management_clear_callback (struct management *man);
 281
 282 bool management_query_user_pass (struct management *man, struct user_pass *up, const char *type, const bool password_only);
 283
 284 bool management_should_daemonize (struct management *man);
 285 bool management_would_hold (struct management *man);
 286 bool management_hold (struct management *man);
 287
 288 void management_event_loop_n_seconds (struct management *man, int sec);
 289
 290 static inline bool
 291 management_connected (const struct management *man)
 292 {
 293   return man->connection.state == MS_CC_WAIT_READ || man->connection.state == MS_CC_WAIT_WRITE;
 294 }
 295
 296 static inline bool
 297 management_query_user_pass_enabled (const struct management *man)
 298 {
 299   return man->settings.up_query_passwords;
 300 }
 301
 302 /*
 303  * OpenVPN tells the management layer what state it's in
 304  */
 305
 306 /* client/server states */
 307 #define OPENVPN_STATE_INITIAL       0  /* Initial, undefined state */
 308 #define OPENVPN_STATE_CONNECTING    1  /* Management interface has been initialized */
 309 #define OPENVPN_STATE_ASSIGN_IP     2  /* Assigning IP address to virtual network interface */
 310 #define OPENVPN_STATE_ADD_ROUTES    3  /* Adding routes to system */
 311 #define OPENVPN_STATE_CONNECTED     4  /* Initialization sequence completed */
 312 #define OPENVPN_STATE_RECONNECTING  5  /* Restart */
 313 #define OPENVPN_STATE_EXITING       6  /* Exit */
 314
 315 /* client-only states */
 316 #define OPENVPN_STATE_WAIT          7  /* Waiting for initial response from server */
 317 #define OPENVPN_STATE_AUTH          8  /* Authenticating with server */
 318 #define OPENVPN_STATE_GET_CONFIG    9  /* Downloading configuration from server */
 319
 320 #define OPENVPN_STATE_CLIENT_BASE   7  /* Base index of client-only states */
 321
 322 void management_set_state (struct management *man,
 323                            const int state,
 324                            const char *detail,
 325                            const in_addr_t tun_local_ip);
 326
 327 /*
 328  * The management object keeps track of OpenVPN --echo
 329  * parameters.
 330  */
 331 void management_echo (struct management *man, const char *string);
 332
 333 /*
 334  * OpenVPN calls here to indicate a password failure
 335  */
 336
 337 void management_auth_failure (struct management *man, const char *type);
 338
 339 #endif
 340
 341 #endif