2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #ifdef ENABLE_MANAGEMENT
34 #define MANAGEMENT_VERSION 1
35 #define MANAGEMENT_N_PASSWORD_RETRIES 3
36 #define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE 100
37 #define MANAGEMENT_ECHO_BUFFER_SIZE 100
38 #define MANAGEMENT_STATE_BUFFER_SIZE 100
41 * Manage build-up of command line
46 struct buffer residual
;
49 struct command_line
*command_line_new (const int buf_len
);
50 void command_line_free (struct command_line
*cl
);
52 void command_line_add (struct command_line
*cl
, const unsigned char *buf
, const int len
);
53 const unsigned char *command_line_get (struct command_line
*cl
);
54 void command_line_reset (struct command_line
*cl
);
55 void command_line_next (struct command_line
*cl
);
58 * Manage lists of output strings
64 struct output_entry
*next
;
69 struct output_entry
*head
; /* next item to pop/peek */
70 struct output_entry
*tail
; /* last item pushed */
71 int size
; /* current number of entries */
72 int max_size
; /* maximum size list should grow to */
75 struct output_list
*output_list_new (const int max_size
);
76 void output_list_free (struct output_list
*ol
);
78 bool output_list_defined (const struct output_list
*ol
);
79 void output_list_reset (struct output_list
*ol
);
81 void output_list_push (struct output_list
*ol
, const unsigned char *str
);
82 const struct buffer
*output_list_peek (struct output_list
*ol
);
83 void output_list_advance (struct output_list
*ol
, int n
);
86 * Manage log file history
89 union log_entry_union
{
90 unsigned int msg_flags
;
99 union log_entry_union u
;
102 #define LOG_PRINT_LOG_PREFIX (1<<0)
103 #define LOG_PRINT_ECHO_PREFIX (1<<1)
104 #define LOG_PRINT_STATE_PREFIX (1<<2)
106 #define LOG_PRINT_INT_DATE (1<<3)
107 #define LOG_PRINT_MSG_FLAGS (1<<4)
108 #define LOG_PRINT_STATE (1<<5)
109 #define LOG_PRINT_LOCAL_IP (1<<6)
111 #define LOG_PRINT_CRLF (1<<7)
112 #define LOG_FATAL_NOTIFY (1<<8)
114 const char *log_entry_print (const struct log_entry
*e
, unsigned int flags
, struct gc_arena
*gc
);
121 struct log_entry
*array
;
124 struct log_history
*log_history_init (const int capacity
);
125 void log_history_close (struct log_history
*h
);
126 void log_history_add (struct log_history
*h
, const struct log_entry
*le
);
127 void log_history_resize (struct log_history
*h
, const int capacity
);
128 const struct log_entry
*log_history_ref (const struct log_history
*h
, const int index
);
131 log_history_size (const struct log_history
*h
)
137 log_history_capacity (const struct log_history
*h
)
143 * Callbacks for 'status' and 'kill' commands
145 struct management_callback
148 void (*status
) (void *arg
, const int version
, struct status_output
*so
);
149 void (*show_net
) (void *arg
, const int msglevel
);
150 int (*kill_by_cn
) (void *arg
, const char *common_name
);
151 int (*kill_by_addr
) (void *arg
, const in_addr_t addr
, const int port
);
152 void (*delete_event
) (void *arg
, event_t event
);
156 * Management object, split into three components:
158 * struct man_persist : Data elements which are persistent across
159 * man_connection open and close.
161 * struct man_settings : management parameters.
163 * struct man_connection : created on socket binding and listen,
164 * deleted on socket unbind, may
165 * handle multiple sequential client
172 struct log_history
*log
;
173 struct virtual_output vout
;
175 bool standalone_disabled
;
176 struct management_callback callback
;
178 struct log_history
*echo
; /* saved --echo strings */
179 struct log_history
*state
;
183 const char *special_state_msg
;
186 struct man_settings
{
188 struct sockaddr_in local
;
189 bool up_query_passwords
;
190 bool management_over_tunnel
;
192 int log_history_cache
;
193 int echo_buffer_size
;
194 int state_buffer_size
;
200 #define UP_QUERY_DISABLED 0
201 #define UP_QUERY_USER_PASS 1
202 #define UP_QUERY_PASS 2
205 #define MS_INITIAL 0 /* all sockets are closed */
206 #define MS_LISTEN 1 /* no client is connected */
207 #define MS_CC_WAIT_READ 2 /* client is connected, waiting for read on socket */
208 #define MS_CC_WAIT_WRITE 3 /* client is connected, waiting for ability to write to socket */
210 struct man_connection
{
213 socket_descriptor_t sd_top
;
214 socket_descriptor_t sd_cli
;
215 struct sockaddr_in remote
;
218 struct net_event_win32 ne32
;
222 bool password_verified
;
225 struct command_line
*in
;
226 struct output_list
*out
;
228 struct event_set
*es
;
234 const char *up_query_type
;
236 struct user_pass up_query
;
241 struct man_persist persist
;
242 struct man_settings settings
;
243 struct man_connection connection
;
246 extern struct management
*management
;
250 struct management
*management_init (void);
252 bool management_open (struct management
*man
,
255 const char *pass_file
,
257 const bool query_passwords
,
258 const int log_history_cache
,
259 const int echo_buffer_size
,
260 const int state_buffer_size
,
264 void management_close (struct management
*man
);
266 void management_post_tunnel_open (struct management
*man
, const in_addr_t tun_local_ip
);
268 void management_pre_tunnel_close (struct management
*man
);
270 void management_socket_set (struct management
*man
,
271 struct event_set
*es
,
273 unsigned int *persistent
);
275 void management_io (struct management
*man
);
277 void management_set_callback (struct management
*man
,
278 const struct management_callback
*cb
);
280 void management_clear_callback (struct management
*man
);
282 bool management_query_user_pass (struct management
*man
, struct user_pass
*up
, const char *type
, const bool password_only
);
284 bool management_should_daemonize (struct management
*man
);
285 bool management_would_hold (struct management
*man
);
286 bool management_hold (struct management
*man
);
288 void management_event_loop_n_seconds (struct management
*man
, int sec
);
291 management_connected (const struct management
*man
)
293 return man
->connection
.state
== MS_CC_WAIT_READ
|| man
->connection
.state
== MS_CC_WAIT_WRITE
;
297 management_query_user_pass_enabled (const struct management
*man
)
299 return man
->settings
.up_query_passwords
;
303 * OpenVPN tells the management layer what state it's in
306 /* client/server states */
307 #define OPENVPN_STATE_INITIAL 0 /* Initial, undefined state */
308 #define OPENVPN_STATE_CONNECTING 1 /* Management interface has been initialized */
309 #define OPENVPN_STATE_ASSIGN_IP 2 /* Assigning IP address to virtual network interface */
310 #define OPENVPN_STATE_ADD_ROUTES 3 /* Adding routes to system */
311 #define OPENVPN_STATE_CONNECTED 4 /* Initialization sequence completed */
312 #define OPENVPN_STATE_RECONNECTING 5 /* Restart */
313 #define OPENVPN_STATE_EXITING 6 /* Exit */
315 /* client-only states */
316 #define OPENVPN_STATE_WAIT 7 /* Waiting for initial response from server */
317 #define OPENVPN_STATE_AUTH 8 /* Authenticating with server */
318 #define OPENVPN_STATE_GET_CONFIG 9 /* Downloading configuration from server */
320 #define OPENVPN_STATE_CLIENT_BASE 7 /* Base index of client-only states */
322 void management_set_state (struct management
*man
,
325 const in_addr_t tun_local_ip
);
328 * The management object keeps track of OpenVPN --echo
331 void management_echo (struct management
*man
, const char *string
);
334 * OpenVPN calls here to indicate a password failure
337 void management_auth_failure (struct management
*man
, const char *type
);