2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include "config-win32.h"
45 /* Redefine the top level directory of the filesystem
46 to restrict access to files for security */
48 do_chroot (const char *path
)
53 const char *top
= "/";
55 msg (M_ERR
, "chroot to '%s' failed", path
);
56 if (openvpn_chdir (top
))
57 msg (M_ERR
, "cd to '%s' failed", top
);
58 msg (M_INFO
, "chroot to '%s' and cd to '%s' succeeded", path
, top
);
60 msg (M_FATAL
, "Sorry but I can't chroot to '%s' because this operating system doesn't appear to support the chroot() system call", path
);
65 /* Get/Set UID of process */
68 get_user (const char *username
, struct user_state
*state
)
74 #if defined(HAVE_GETPWNAM) && defined(HAVE_SETUID)
75 state
->pw
= getpwnam (username
);
77 msg (M_ERR
, "failed to find UID for user %s", username
);
78 state
->username
= username
;
81 msg (M_FATAL
, "Sorry but I can't setuid to '%s' because this operating system doesn't appear to support the getpwname() or setuid() system calls", username
);
88 set_user (const struct user_state
*state
)
90 #if defined(HAVE_GETPWNAM) && defined(HAVE_SETUID)
91 if (state
->username
&& state
->pw
)
93 if (setuid (state
->pw
->pw_uid
))
94 msg (M_ERR
, "setuid('%s') failed", state
->username
);
95 msg (M_INFO
, "UID set to %s", state
->username
);
100 /* Get/Set GID of process */
103 get_group (const char *groupname
, struct group_state
*state
)
109 #if defined(HAVE_GETGRNAM) && defined(HAVE_SETGID)
110 state
->gr
= getgrnam (groupname
);
112 msg (M_ERR
, "failed to find GID for group %s", groupname
);
113 state
->groupname
= groupname
;
116 msg (M_FATAL
, "Sorry but I can't setgid to '%s' because this operating system doesn't appear to support the getgrnam() or setgid() system calls", groupname
);
123 set_group (const struct group_state
*state
)
125 #if defined(HAVE_GETGRNAM) && defined(HAVE_SETGID)
126 if (state
->groupname
&& state
->gr
)
128 if (setgid (state
->gr
->gr_gid
))
129 msg (M_ERR
, "setgid('%s') failed", state
->groupname
);
130 msg (M_INFO
, "GID set to %s", state
->groupname
);
131 #ifdef HAVE_SETGROUPS
134 gr_list
[0] = state
->gr
->gr_gid
;
135 if (setgroups (1, gr_list
))
136 msg (M_ERR
, "setgroups('%s') failed", state
->groupname
);
143 /* Change process priority */
145 set_nice (int niceval
)
153 msg (M_WARN
| M_ERRNO
, "WARNING: nice %d failed", niceval
);
155 msg (M_INFO
, "nice %d succeeded", niceval
);
157 msg (M_WARN
, "WARNING: nice %d failed (function not implemented)", niceval
);
163 * Pass tunnel endpoint and MTU parms to a user-supplied script.
164 * Used to execute the up/down script/plugins.
167 run_up_down (const char *command
,
168 const struct plugin_list
*plugins
,
173 const char *ifconfig_local
,
174 const char* ifconfig_remote
,
176 const char *signal_text
,
177 const char *script_type
,
180 struct gc_arena gc
= gc_new ();
183 setenv_str (es
, "signal", signal_text
);
184 setenv_str (es
, "script_context", context
);
185 setenv_int (es
, "tun_mtu", tun_mtu
);
186 setenv_int (es
, "link_mtu", link_mtu
);
187 setenv_str (es
, "dev", arg
);
191 if (!ifconfig_remote
)
192 ifconfig_remote
= "";
196 if (plugin_defined (plugins
, plugin_type
))
198 struct buffer cmd
= alloc_buf_gc (256, &gc
);
206 ifconfig_local
, ifconfig_remote
,
209 if (plugin_call (plugins
, plugin_type
, BSTR (&cmd
), es
))
210 msg (M_FATAL
, "ERROR: up/down plugin call failed");
215 struct buffer cmd
= alloc_buf_gc (256, &gc
);
219 setenv_str (es
, "script_type", script_type
);
222 "%s %s %d %d %s %s %s",
226 ifconfig_local
, ifconfig_remote
,
228 msg (M_INFO
, "%s", BSTR (&cmd
));
229 system_check (BSTR (&cmd
), es
, S_SCRIPT
|S_FATAL
, "script failed");
235 /* Get the file we will later write our process ID to */
237 get_pid_file (const char* filename
, struct pid_state
*state
)
242 state
->fp
= fopen (filename
, "w");
244 msg (M_ERR
, "Open error on pid file %s", filename
);
245 state
->filename
= filename
;
249 /* Write our PID to a file */
251 write_pid (const struct pid_state
*state
)
253 if (state
->filename
&& state
->fp
)
255 unsigned int pid
= openvpn_getpid ();
256 fprintf(state
->fp
, "%u\n", pid
);
257 if (fclose (state
->fp
))
258 msg (M_ERR
, "Close error on pid file %s", state
->filename
);
262 /* Get current PID */
267 return (unsigned int) GetCurrentProcessId ();
270 return (unsigned int) getpid ();
279 do_mlockall(bool print_msg
)
282 if (mlockall (MCL_CURRENT
| MCL_FUTURE
))
283 msg (M_WARN
| M_ERRNO
, "WARNING: mlockall call failed");
285 msg (M_INFO
, "mlockall call succeeded");
287 msg (M_WARN
, "WARNING: mlockall call failed (function not implemented)");
294 daemon(int nochdir
, int noclose
)
296 #if defined(HAVE_FORK) && defined(HAVE_SETSID)
304 openvpn_exit (OPENVPN_EXIT_STATUS_GOOD
); /* exit point */
314 set_std_files_to_null (false);
316 msg (M_FATAL
, "Sorry but I can't become a daemon because this operating system doesn't appear to support either the daemon() or fork() system calls");
324 * Set standard file descriptors to /dev/null
327 set_std_files_to_null (bool stdin_only
)
329 #if defined(HAVE_DUP) && defined(HAVE_DUP2)
331 if ((fd
= open ("/dev/null", O_RDWR
, 0)) != -1)
346 * Wrapper for chdir library function
349 openvpn_chdir (const char* dir
)
359 * dup inetd/xinetd socket descriptor and save
362 int inetd_socket_descriptor
= SOCKET_UNDEFINED
; /* GLOBAL */
365 save_inetd_socket_descriptor (void)
367 inetd_socket_descriptor
= INETD_SOCKET_DESCRIPTOR
;
368 #if defined(HAVE_DUP) && defined(HAVE_DUP2)
369 /* use handle passed by inetd/xinetd */
370 if ((inetd_socket_descriptor
= dup (INETD_SOCKET_DESCRIPTOR
)) < 0)
371 msg (M_ERR
, "INETD_SOCKET_DESCRIPTOR dup(%d) failed", INETD_SOCKET_DESCRIPTOR
);
372 set_std_files_to_null (true);
377 * Wrapper around the system() call.
380 openvpn_system (const char *command
, const struct env_set
*es
, unsigned int flags
)
386 * We need to bracket this code by mutex because system() doesn't
387 * accept an environment list, so we have to use the process-wide
388 * list which is shared between all threads.
390 mutex_lock_static (L_SYSTEM
);
391 perf_push (PERF_SCRIPT
);
394 * add env_set to environment.
396 if (flags
& S_SCRIPT
)
397 env_set_add_to_environment (es
);
401 dmsg (D_SCRIPT
, "SYSTEM[%u] '%s'", flags
, command
);
402 if (flags
& S_SCRIPT
)
403 env_set_print (D_SCRIPT
, es
);
406 * execute the command
408 ret
= system (command
);
411 dmsg (D_SCRIPT
, "SYSTEM return=%u", ret
);
414 * remove env_set from environment
416 if (flags
& S_SCRIPT
)
417 env_set_remove_from_environment (es
);
420 mutex_unlock_static (L_SYSTEM
);
424 msg (M_FATAL
, "Sorry but I can't execute the shell command '%s' because this operating system doesn't appear to support the system() call", command
);
425 return -1; /* NOTREACHED */
430 * Warn if a given file is group/others accessible.
433 warn_if_group_others_accessible (const char* filename
)
437 if (stat (filename
, &st
))
439 msg (M_WARN
| M_ERRNO
, "WARNING: cannot stat file '%s'", filename
);
443 if (st
.st_mode
& (S_IRWXG
|S_IRWXO
))
444 msg (M_WARN
, "WARNING: file '%s' is group or others accessible", filename
);
450 * convert system() return into a success/failure value
458 return stat
!= -1 && WIFEXITED (stat
) && WEXITSTATUS (stat
) == 0;
463 * did system() call execute the given command?
466 system_executed (int stat
)
471 return stat
!= -1 && WEXITSTATUS (stat
) != 127;
476 * Print an error message based on the status code returned by system().
479 system_error_message (int stat
, struct gc_arena
*gc
)
481 struct buffer out
= alloc_buf_gc (256, gc
);
484 buf_printf (&out
, "shell command did not execute -- ");
485 buf_printf (&out
, "system() returned error code %d", stat
);
488 buf_printf (&out
, "shell command fork failed");
489 else if (!WIFEXITED (stat
))
490 buf_printf (&out
, "shell command did not exit normally");
493 const int cmd_ret
= WEXITSTATUS (stat
);
495 buf_printf (&out
, "shell command exited normally");
496 else if (cmd_ret
== 127)
497 buf_printf (&out
, "could not execute shell command");
499 buf_printf (&out
, "shell command exited with error status: %d", cmd_ret
);
502 return (const char *)out
.data
;
506 * Run system(), exiting on error.
509 system_check (const char *command
, const struct env_set
*es
, unsigned int flags
, const char *error_message
)
511 struct gc_arena gc
= gc_new ();
512 const int stat
= openvpn_system (command
, es
, flags
);
515 if (system_ok (stat
))
520 msg (((flags
& S_FATAL
) ? M_FATAL
: M_WARN
), "%s: %s",
522 system_error_message (stat
, &gc
));
529 * Initialize random number seed. random() is only used
530 * when "weak" random numbers are acceptable.
531 * OpenSSL routines are always used when cryptographically
532 * strong random numbers are required.
536 init_random_seed(void)
538 #ifdef HAVE_GETTIMEOFDAY
541 if (!gettimeofday (&tv
, NULL
))
543 const unsigned int seed
= (unsigned int) tv
.tv_sec
^ tv
.tv_usec
;
546 #else /* HAVE_GETTIMEOFDAY */
547 const time_t current
= time (NULL
);
548 srandom ((unsigned int)current
);
549 #endif /* HAVE_GETTIMEOFDAY */
552 /* thread-safe strerror */
555 strerror_ts (int errnum
, struct gc_arena
*gc
)
558 struct buffer out
= alloc_buf_gc (256, gc
);
560 mutex_lock_static (L_STRERR
);
561 buf_printf (&out
, "%s", openvpn_strerror (errnum
, gc
));
562 mutex_unlock_static (L_STRERR
);
565 return "[error string unavailable]";
570 * Set environmental variable (int or string).
572 * On Posix, we use putenv for portability,
573 * and put up with its painful semantics
574 * that require all the support code below.
577 /* General-purpose environmental variable set functions */
580 construct_name_value (const char *name
, const char *value
, struct gc_arena
*gc
)
587 out
= alloc_buf_gc (strlen (name
) + strlen (value
) + 2, gc
);
588 buf_printf (&out
, "%s=%s", name
, value
);
593 deconstruct_name_value (const char *str
, const char **name
, const char **value
, struct gc_arena
*gc
)
598 ASSERT (name
&& value
);
600 *name
= cp
= string_alloc (str
, gc
);
605 if (*cp
== '=' && !*value
)
612 return *name
&& *value
;
616 env_string_equal (const char *s1
, const char *s2
)
639 remove_env_item (const char *str
, const bool do_free
, struct env_item
**list
)
641 struct env_item
*current
, *prev
;
646 for (current
= *list
, prev
= NULL
; current
!= NULL
; current
= current
->next
)
648 if (env_string_equal (current
->string
, str
))
651 prev
->next
= current
->next
;
653 *list
= current
->next
;
656 memset (current
->string
, 0, strlen (current
->string
));
657 free (current
->string
);
668 add_env_item (char *str
, const bool do_alloc
, struct env_item
**list
, struct gc_arena
*gc
)
670 struct env_item
*item
;
675 ALLOC_OBJ_GC (item
, struct env_item
, gc
);
676 item
->string
= do_alloc
? string_alloc (str
, gc
): str
;
681 /* struct env_set functions */
684 env_set_del_nolock (struct env_set
*es
, const char *str
)
686 return remove_env_item (str
, false, &es
->list
);
690 env_set_add_nolock (struct env_set
*es
, const char *str
)
692 remove_env_item (str
, false, &es
->list
);
693 add_env_item ((char *)str
, true, &es
->list
, es
->gc
);
697 env_set_create (struct gc_arena
*gc
)
701 mutex_lock_static (L_ENV_SET
);
702 ALLOC_OBJ_CLEAR_GC (es
, struct env_set
, gc
);
705 mutex_unlock_static (L_ENV_SET
);
710 env_set_del (struct env_set
*es
, const char *str
)
715 mutex_lock_static (L_ENV_SET
);
716 ret
= env_set_del_nolock (es
, str
);
717 mutex_unlock_static (L_ENV_SET
);
722 env_set_add (struct env_set
*es
, const char *str
)
726 mutex_lock_static (L_ENV_SET
);
727 env_set_add_nolock (es
, str
);
728 mutex_unlock_static (L_ENV_SET
);
732 env_set_print (int msglevel
, const struct env_set
*es
)
734 if (check_debug_level (msglevel
))
736 const struct env_item
*e
;
741 mutex_lock_static (L_ENV_SET
);
747 msg (msglevel
, "ENV [%d] '%s'", i
, e
->string
);
751 mutex_unlock_static (L_ENV_SET
);
757 env_set_inherit (struct env_set
*es
, const struct env_set
*src
)
759 const struct env_item
*e
;
765 mutex_lock_static (L_ENV_SET
);
769 env_set_add_nolock (es
, e
->string
);
772 mutex_unlock_static (L_ENV_SET
);
777 env_set_add_to_environment (const struct env_set
*es
)
781 struct gc_arena gc
= gc_new ();
782 const struct env_item
*e
;
784 mutex_lock_static (L_ENV_SET
);
792 if (deconstruct_name_value (e
->string
, &name
, &value
, &gc
))
793 setenv_str (NULL
, name
, value
);
797 mutex_unlock_static (L_ENV_SET
);
803 env_set_remove_from_environment (const struct env_set
*es
)
807 struct gc_arena gc
= gc_new ();
808 const struct env_item
*e
;
810 mutex_lock_static (L_ENV_SET
);
818 if (deconstruct_name_value (e
->string
, &name
, &value
, &gc
))
819 setenv_del (NULL
, name
);
823 mutex_unlock_static (L_ENV_SET
);
830 /* companion functions to putenv */
832 static struct env_item
*global_env
= NULL
; /* GLOBAL */
835 manage_env (char *str
)
837 remove_env_item (str
, true, &global_env
);
838 add_env_item (str
, false, &global_env
, NULL
);
843 /* add/modify/delete environmental strings */
846 setenv_counter (struct env_set
*es
, const char *name
, counter_type value
)
849 openvpn_snprintf (buf
, sizeof(buf
), counter_format
, value
);
850 setenv_str (es
, name
, buf
);
854 setenv_int (struct env_set
*es
, const char *name
, int value
)
857 openvpn_snprintf (buf
, sizeof(buf
), "%d", value
);
858 setenv_str (es
, name
, buf
);
862 setenv_str (struct env_set
*es
, const char *name
, const char *value
)
864 setenv_str_ex (es
, name
, value
, CC_NAME
, 0, 0, CC_PRINT
, 0, 0);
868 setenv_del (struct env_set
*es
, const char *name
)
871 setenv_str (es
, name
, NULL
);
875 setenv_str_ex (struct env_set
*es
,
878 const unsigned int name_include
,
879 const unsigned int name_exclude
,
880 const char name_replace
,
881 const unsigned int value_include
,
882 const unsigned int value_exclude
,
883 const char value_replace
)
885 struct gc_arena gc
= gc_new ();
886 const char *name_tmp
;
887 const char *val_tmp
= NULL
;
889 ASSERT (name
&& strlen (name
) > 1);
891 name_tmp
= string_mod_const (name
, name_include
, name_exclude
, name_replace
, &gc
);
894 val_tmp
= string_mod_const (value
, value_include
, value_exclude
, value_replace
, &gc
);
900 const char *str
= construct_name_value (name_tmp
, val_tmp
, &gc
);
901 env_set_add (es
, str
);
904 env_set_del (es
, name_tmp
);
910 /*msg (M_INFO, "SetEnvironmentVariable '%s' '%s'", name_tmp, val_tmp ? val_tmp : "NULL");*/
911 if (!SetEnvironmentVariable (name_tmp
, val_tmp
))
912 msg (M_WARN
| M_ERRNO
, "SetEnvironmentVariable failed, name='%s', value='%s'",
914 val_tmp
? val_tmp
: "NULL");
916 #elif defined(HAVE_PUTENV)
918 char *str
= construct_name_value (name_tmp
, val_tmp
, NULL
);
921 mutex_lock_static (L_PUTENV
);
922 status
= putenv (str
);
923 /*msg (M_INFO, "PUTENV '%s'", str);*/
926 mutex_unlock_static (L_PUTENV
);
928 msg (M_WARN
| M_ERRNO
, "putenv('%s') failed", str
);
937 * taken from busybox networking/ifupdown.c
940 count_bits(unsigned int a
)
943 result
= (a
& 0x55) + ((a
>> 1) & 0x55);
944 result
= (result
& 0x33) + ((result
>> 2) & 0x33);
945 return((result
& 0x0F) + ((result
>> 4) & 0x0F));
949 count_netmask_bits(const char *dotted_quad
)
951 unsigned int result
, a
, b
, c
, d
;
952 /* Found a netmask... Check if it is dotted quad */
953 if (sscanf(dotted_quad
, "%u.%u.%u.%u", &a
, &b
, &c
, &d
) != 4)
955 result
= count_bits(a
);
956 result
+= count_bits(b
);
957 result
+= count_bits(c
);
958 result
+= count_bits(d
);
959 return ((int)result
);
963 * Go to sleep for n milliseconds.
966 sleep_milliseconds (unsigned int n
)
972 tv
.tv_sec
= n
/ 1000;
973 tv
.tv_usec
= (n
% 1000) * 1000;
974 select (0, NULL
, NULL
, NULL
, &tv
);
979 * Go to sleep indefinitely.
982 sleep_until_signal (void)
987 select (0, NULL
, NULL
, NULL
, NULL
);
991 /* return true if filename can be opened for read */
993 test_file (const char *filename
)
998 FILE *fp
= fopen (filename
, "r");
1006 dmsg (D_TEST_FILE
, "TEST FILE '%s' [%d]",
1007 filename
? filename
: "UNDEF",
1013 /* create a temporary filename in directory */
1015 create_temp_filename (const char *directory
, struct gc_arena
*gc
)
1017 static unsigned int counter
;
1018 struct buffer fname
= alloc_buf_gc (256, gc
);
1020 mutex_lock_static (L_CREATE_TEMP
);
1022 mutex_unlock_static (L_CREATE_TEMP
);
1024 buf_printf (&fname
, PACKAGE
"_%u_%u.tmp",
1028 return gen_path (directory
, BSTR (&fname
), gc
);
1032 * Put a directory and filename together.
1035 gen_path (const char *directory
, const char *filename
, struct gc_arena
*gc
)
1037 const char *safe_filename
= string_mod_const (filename
, CC_ALNUM
|CC_UNDERBAR
|CC_DASH
|CC_DOT
|CC_AT
, 0, '_', gc
);
1040 && strcmp (safe_filename
, ".")
1041 && strcmp (safe_filename
, ".."))
1043 struct buffer out
= alloc_buf_gc (256, gc
);
1046 dirsep
[0] = OS_SPECIFIC_DIRSEP
;
1050 buf_printf (&out
, "%s%s", directory
, dirsep
);
1051 buf_printf (&out
, "%s", safe_filename
);
1059 /* delete a file, return true if succeeded */
1061 delete_file (const char *filename
)
1064 return (DeleteFile (filename
) != 0);
1065 #elif defined(HAVE_UNLINK)
1066 return (unlink (filename
) == 0);
1073 * Return the next largest power of 2
1074 * or u if u is a power of 2.
1077 adjust_power_of_2 (unsigned int u
)
1079 unsigned int ret
= 1;
1093 open_tty (const bool write
)
1096 ret
= fopen ("/dev/tty", write
? "w" : "r");
1098 ret
= write
? stderr
: stdin
;
1103 close_tty (FILE *fp
)
1105 if (fp
!= stderr
&& fp
!= stdin
)
1112 * Get input from console
1115 get_console_input (const char *prompt
, const bool echo
, char *input
, const int capacity
)
1120 ASSERT (capacity
> 0);
1124 return get_console_input_win32 (prompt
, echo
, input
, capacity
);
1125 #elif defined(HAVE_GETPASS)
1130 fp
= open_tty (true);
1131 fprintf (fp
, "%s", prompt
);
1135 fp
= open_tty (false);
1136 if (fgets (input
, capacity
, fp
) != NULL
)
1145 char *gp
= getpass (prompt
);
1148 strncpynt (input
, gp
, capacity
);
1149 memset (gp
, 0, strlen (gp
));
1154 msg (M_FATAL
, "Sorry, but I can't get console input on this OS");
1160 * Get and store a username/password
1164 get_user_pass (struct user_pass
*up
,
1165 const char *auth_file
,
1166 const bool password_only
,
1168 const unsigned int flags
)
1170 struct gc_arena gc
= gc_new ();
1174 const bool from_stdin
= (!auth_file
|| !strcmp (auth_file
, "stdin"));
1176 #ifdef ENABLE_MANAGEMENT
1178 * Get username/password from standard input?
1181 && ((auth_file
&& streq (auth_file
, "management")) || (from_stdin
&& (flags
& GET_USER_PASS_MANAGEMENT
)))
1182 && management_query_user_pass_enabled (management
))
1184 if (!management_query_user_pass (management
, up
, prefix
, password_only
))
1185 msg (M_FATAL
, "ERROR: could not read %s username/password from management interface", prefix
);
1190 * Get username/password from standard input?
1194 struct buffer user_prompt
= alloc_buf_gc (128, &gc
);
1195 struct buffer pass_prompt
= alloc_buf_gc (128, &gc
);
1197 buf_printf (&user_prompt
, "Enter %s Username:", prefix
);
1198 buf_printf (&pass_prompt
, "Enter %s Password:", prefix
);
1202 if (!get_console_input (BSTR (&user_prompt
), true, up
->username
, USER_PASS_LEN
))
1203 msg (M_FATAL
, "ERROR: could not read %s username from stdin", prefix
);
1204 if (strlen (up
->username
) == 0)
1205 msg (M_FATAL
, "ERROR: %s username is empty", prefix
);
1208 if (!get_console_input (BSTR (&pass_prompt
), false, up
->password
, USER_PASS_LEN
))
1209 msg (M_FATAL
, "ERROR: could not not read %s password from stdin", prefix
);
1214 * Get username/password from a file.
1218 #ifndef ENABLE_PASSWORD_SAVE
1220 * Unless ENABLE_PASSWORD_SAVE is defined, don't allow sensitive passwords
1221 * to be read from a file.
1223 if (flags
& GET_USER_PASS_SENSITIVE
)
1224 msg (M_FATAL
, "Sorry, '%s' password cannot be read from a file", prefix
);
1227 warn_if_group_others_accessible (auth_file
);
1229 fp
= fopen (auth_file
, "r");
1231 msg (M_ERR
, "Error opening '%s' auth file: %s", prefix
, auth_file
);
1235 if (fgets (up
->password
, USER_PASS_LEN
, fp
) == NULL
)
1236 msg (M_FATAL
, "Error reading password from %s authfile: %s",
1242 if (fgets (up
->username
, USER_PASS_LEN
, fp
) == NULL
1243 || fgets (up
->password
, USER_PASS_LEN
, fp
) == NULL
)
1244 msg (M_FATAL
, "Error reading username and password (must be on two consecutive lines) from %s authfile: %s",
1251 chomp (up
->username
);
1252 chomp (up
->password
);
1254 if (!password_only
&& strlen (up
->username
) == 0)
1255 msg (M_FATAL
, "ERROR: username from %s authfile '%s' is empty", prefix
, auth_file
);
1258 string_mod (up
->username
, CC_PRINT
, CC_CRLF
, 0);
1259 string_mod (up
->password
, CC_PRINT
, CC_CRLF
, 0);
1265 msg (M_INFO
, "GET_USER_PASS %s u='%s' p='%s'", prefix
, up
->username
, up
->password
);
1272 purge_user_pass (struct user_pass
*up
, const bool force
)
1274 const bool nocache
= up
->nocache
;
1275 if (nocache
|| force
)
1278 up
->nocache
= nocache
;
1283 * Process string received by untrusted peer before
1284 * printing to console or log file.
1286 * Assumes that string has been null terminated.
1289 safe_print (const char *str
, struct gc_arena
*gc
)
1291 return string_mod_const (str
, CC_PRINT
, CC_CRLF
, '.', gc
);
1294 /* Make arrays of strings */
1297 make_env_array (const struct env_set
*es
, struct gc_arena
*gc
)
1300 struct env_item
*e
= NULL
;
1303 /* figure length of es */
1306 for (e
= es
->list
; e
!= NULL
; e
= e
->next
)
1310 /* alloc return array */
1311 ALLOC_ARRAY_CLEAR_GC (ret
, char *, n
+1, gc
);
1313 /* fill return array */
1317 for (i
= 0; i
< n
; ++i
)
1326 return (const char **)ret
;
1330 make_arg_array (const char *first
, const char *parms
, struct gc_arena
*gc
)
1334 const int max_parms
= MAX_PARMS
+ 2;
1337 /* alloc return array */
1338 ALLOC_ARRAY_CLEAR_GC (ret
, char *, max_parms
, gc
);
1340 /* process first parameter, if provided */
1343 ret
[base
++] = string_alloc (first
, gc
);
1348 n
= parse_line (parms
, &ret
[base
], max_parms
- base
- 1, "make_arg_array", 0, M_WARN
, gc
);
1349 ASSERT (n
>= 0 && n
+ base
+ 1 <= max_parms
);
1351 ret
[base
+ n
] = NULL
;
1353 return (const char **)ret
;
1357 openvpn_sleep (const int n
)
1359 #ifdef ENABLE_MANAGEMENT
1362 management_event_loop_n_seconds (management
, n
);