release/src/router/openvpn/misc.h

   1 /*
   2  *  OpenVPN -- An application to securely tunnel IP networks
   3  *             over a single TCP/UDP port, with support for SSL/TLS-based
   4  *             session authentication and key exchange,
   5  *             packet encryption, packet authentication, and
   6  *             packet compression.
   7  *
   8  *  Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
   9  *
  10  *  This program is free software; you can redistribute it and/or modify
  11  *  it under the terms of the GNU General Public License version 2
  12  *  as published by the Free Software Foundation.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program (see the file COPYING included with this
  21  *  distribution); if not, write to the Free Software Foundation, Inc.,
  22  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 #ifndef MISC_H
  26 #define MISC_H
  27
  28 #include "basic.h"
  29 #include "common.h"
  30 #include "integer.h"
  31 #include "buffer.h"
  32
  33 /* socket descriptor passed by inetd/xinetd server to us */
  34 #define INETD_SOCKET_DESCRIPTOR 0
  35
  36 /* forward declarations */
  37 struct plugin_list;
  38
  39 /* used by argv_x functions */
  40 struct argv {
  41   size_t capacity;
  42   size_t argc;
  43   char **argv;
  44   char *system_str;
  45 };
  46
  47 /*
  48  * Handle environmental variable lists
  49  */
  50
  51 struct env_item {
  52   char *string;
  53   struct env_item *next;
  54 };
  55
  56 struct env_set {
  57   struct gc_arena *gc;
  58   struct env_item *list;
  59 };
  60
  61 /* Get/Set UID of process */
  62
  63 struct user_state {
  64 #if defined(HAVE_GETPWNAM) && defined(HAVE_SETUID)
  65   const char *username;
  66   struct passwd *pw;
  67 #else
  68   int dummy;
  69 #endif
  70 };
  71
  72 bool get_user (const char *username, struct user_state *state);
  73 void set_user (const struct user_state *state);
  74
  75 /* Get/Set GID of process */
  76
  77 struct group_state {
  78 #if defined(HAVE_GETGRNAM) && defined(HAVE_SETGID)
  79   const char *groupname;
  80   struct group *gr;
  81 #else
  82   int dummy;
  83 #endif
  84 };
  85
  86 bool get_group (const char *groupname, struct group_state *state);
  87 void set_group (const struct group_state *state);
  88
  89 void set_nice (int niceval);
  90 void do_chroot (const char *path);
  91
  92 void run_up_down (const char *command,
  93                   const struct plugin_list *plugins,
  94                   int plugin_type,
  95                   const char *arg,
  96                   int tun_mtu,
  97                   int link_mtu,
  98                   const char *ifconfig_local,
  99                   const char* ifconfig_remote,
 100                   const char *context,
 101                   const char *signal_text,
 102                   const char *script_type,
 103                   struct env_set *es);
 104
 105 /* workspace for get_pid_file/write_pid */
 106 struct pid_state {
 107   FILE *fp;
 108   const char *filename;
 109 };
 110
 111 void get_pid_file (const char* filename, struct pid_state *state);
 112 void write_pid (const struct pid_state *state);
 113 unsigned int openvpn_getpid (void);
 114
 115 void do_mlockall (bool print_msg); /* Disable paging */
 116
 117 #ifndef HAVE_DAEMON
 118 int daemon (int nochdir, int noclose);
 119 #endif
 120
 121 /* check file protections */
 122 void warn_if_group_others_accessible(const char* filename);
 123
 124 /* system flags */
 125 #define S_SCRIPT (1<<0)
 126 #define S_FATAL  (1<<1)
 127
 128 /* interpret the status code returned by system()/execve() */
 129 bool system_ok(int);
 130 bool system_executed (int stat);
 131 const char *system_error_message (int, struct gc_arena *gc);
 132
 133 /* wrapper around the execve() call */
 134 int openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned int flags);
 135 bool openvpn_execve_check (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message);
 136 bool openvpn_execve_allowed (const unsigned int flags);
 137 int openvpn_system (const char *command, const struct env_set *es, unsigned int flags);
 138
 139 #ifdef HAVE_STRERROR
 140 /* a thread-safe version of strerror */
 141 const char* strerror_ts (int errnum, struct gc_arena *gc);
 142 #endif
 143
 144 /* Set standard file descriptors to /dev/null */
 145 void set_std_files_to_null (bool stdin_only);
 146
 147 /* Wrapper for chdir library function */
 148 int openvpn_chdir (const char* dir);
 149
 150 /* dup inetd/xinetd socket descriptor and save */
 151 extern int inetd_socket_descriptor;
 152 void save_inetd_socket_descriptor (void);
 153
 154 /* init random() function, only used as source for weak random numbers, when !USE_CRYPTO */
 155 void init_random_seed(void);
 156
 157 /* set/delete environmental variable */
 158 void setenv_str_ex (struct env_set *es,
 159                     const char *name,
 160                     const char *value,
 161                     const unsigned int name_include,
 162                     const unsigned int name_exclude,
 163                     const char name_replace,
 164                     const unsigned int value_include,
 165                     const unsigned int value_exclude,
 166                     const char value_replace);
 167
 168 void setenv_counter (struct env_set *es, const char *name, counter_type value);
 169 void setenv_int (struct env_set *es, const char *name, int value);
 170 void setenv_unsigned (struct env_set *es, const char *name, unsigned int value);
 171 void setenv_str (struct env_set *es, const char *name, const char *value);
 172 void setenv_str_safe (struct env_set *es, const char *name, const char *value);
 173 void setenv_del (struct env_set *es, const char *name);
 174
 175 void setenv_int_i (struct env_set *es, const char *name, const int value, const int i);
 176 void setenv_str_i (struct env_set *es, const char *name, const char *value, const int i);
 177
 178 /* struct env_set functions */
 179
 180 struct env_set *env_set_create (struct gc_arena *gc);
 181 void env_set_destroy (struct env_set *es);
 182 bool env_set_del (struct env_set *es, const char *str);
 183 void env_set_add (struct env_set *es, const char *str);
 184
 185 void env_set_print (int msglevel, const struct env_set *es);
 186
 187 void env_set_inherit (struct env_set *es, const struct env_set *src);
 188
 189 void env_set_add_to_environment (const struct env_set *es);
 190 void env_set_remove_from_environment (const struct env_set *es);
 191
 192 /* Make arrays of strings */
 193
 194 const char **make_env_array (const struct env_set *es,
 195                              const bool check_allowed,
 196                              struct gc_arena *gc);
 197
 198 const char **make_arg_array (const char *first, const char *parms, struct gc_arena *gc);
 199 const char **make_extended_arg_array (char **p, struct gc_arena *gc);
 200
 201 /* convert netmasks for iproute2 */
 202 int count_netmask_bits(const char *);
 203 unsigned int count_bits(unsigned int );
 204
 205 /* go to sleep for n milliseconds */
 206 void sleep_milliseconds (unsigned int n);
 207
 208 /* go to sleep indefinitely */
 209 void sleep_until_signal (void);
 210
 211 /* an analogue to the random() function, but use OpenSSL functions if available */
 212 #ifdef USE_CRYPTO
 213 long int get_random(void);
 214 #else
 215 #define get_random random
 216 #endif
 217
 218 /* return true if filename can be opened for read */
 219 bool test_file (const char *filename);
 220
 221 /* create a temporary filename in directory */
 222 const char *create_temp_filename (const char *directory, const char *prefix, struct gc_arena *gc);
 223
 224 /* put a directory and filename together */
 225 const char *gen_path (const char *directory, const char *filename, struct gc_arena *gc);
 226
 227 /* delete a file, return true if succeeded */
 228 bool delete_file (const char *filename);
 229
 230 /* return true if pathname is absolute */
 231 bool absolute_pathname (const char *pathname);
 232
 233 /* prepend a random prefix to hostname (need USE_CRYPTO) */
 234 const char *hostname_randomize(const char *hostname, struct gc_arena *gc);
 235
 236 /*
 237  * Get and store a username/password
 238  */
 239
 240 struct user_pass
 241 {
 242   bool defined;
 243   bool nocache;
 244
 245 /* max length of username/password */
 246 # ifdef ENABLE_PKCS11
 247 #   define USER_PASS_LEN 4096
 248 # else
 249 #   define USER_PASS_LEN 128
 250 # endif
 251   char username[USER_PASS_LEN];
 252   char password[USER_PASS_LEN];
 253 };
 254
 255 bool get_console_input (const char *prompt, const bool echo, char *input, const int capacity);
 256
 257 /*
 258  * Flags for get_user_pass and management_query_user_pass
 259  */
 260 #define GET_USER_PASS_MANAGEMENT    (1<<0)
 261 #define GET_USER_PASS_SENSITIVE     (1<<1)
 262 #define GET_USER_PASS_PASSWORD_ONLY (1<<2)
 263 #define GET_USER_PASS_NEED_OK       (1<<3)
 264 #define GET_USER_PASS_NOFATAL       (1<<4)
 265 #define GET_USER_PASS_NEED_STR      (1<<5)
 266
 267 bool get_user_pass (struct user_pass *up,
 268                     const char *auth_file,
 269                     const char *prefix,
 270                     const unsigned int flags);
 271
 272 void purge_user_pass (struct user_pass *up, const bool force);
 273
 274 /*
 275  * Process string received by untrusted peer before
 276  * printing to console or log file.
 277  * Assumes that string has been null terminated.
 278  */
 279 const char *safe_print (const char *str, struct gc_arena *gc);
 280
 281 /* returns true if environmental variable safe to print to log */
 282 bool env_safe_to_print (const char *str);
 283
 284 /* returns true if environmental variable may be passed to an external program */
 285 bool env_allowed (const char *str);
 286
 287 /*
 288  * A sleep function that services the management layer for n
 289  * seconds rather than doing nothing.
 290  */
 291 void openvpn_sleep (const int n);
 292
 293 void configure_path (void);
 294
 295 #if AUTO_USERID
 296 void get_user_pass_auto_userid (struct user_pass *up, const char *tag);
 297 #endif
 298
 299 /*
 300  * /sbin/ip path, may be overridden
 301  */
 302 #ifdef CONFIG_FEATURE_IPROUTE
 303 extern const char *iproute_path;
 304 #endif
 305
 306 #define SSEC_NONE      0 /* strictly no calling of external programs */
 307 #define SSEC_BUILT_IN  1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/
 308 #define SSEC_SCRIPTS   2 /* allow calling of built-in programs and user-defined scripts */
 309 #define SSEC_PW_ENV    3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */
 310 extern int script_security; /* GLOBAL */
 311
 312 #define SM_EXECVE 0      /* call external programs with execve() or CreateProcess() */
 313 #define SM_SYSTEM 1      /* call external programs with system() */
 314 extern int script_method; /* GLOBAL */
 315
 316 /* return the next largest power of 2 */
 317 size_t adjust_power_of_2 (size_t u);
 318
 319 /* return the basename of path */
 320 const char *openvpn_basename (const char *path);
 321
 322 /*
 323  * A printf-like function (that only recognizes a subset of standard printf
 324  * format operators) that prints arguments to an argv list instead
 325  * of a standard string.  This is used to build up argv arrays for passing
 326  * to execve.
 327  */
 328 void argv_init (struct argv *a);
 329 struct argv argv_new (void);
 330 void argv_reset (struct argv *a);
 331 char *argv_term (const char **f);
 332 const char *argv_str (const struct argv *a, struct gc_arena *gc, const unsigned int flags);
 333 struct argv argv_insert_head (const struct argv *a, const char *head);
 334 void argv_msg (const int msglev, const struct argv *a);
 335 void argv_msg_prefix (const int msglev, const struct argv *a, const char *prefix);
 336 const char *argv_system_str (const struct argv *a);
 337
 338 #define APA_CAT (1<<0) /* concatentate onto existing struct argv list */
 339 void argv_printf_arglist (struct argv *a, const char *format, const unsigned int flags, va_list arglist);
 340
 341 void argv_printf (struct argv *a, const char *format, ...)
 342 #ifdef __GNUC__
 343   __attribute__ ((format (printf, 2, 3)))
 344 #endif
 345   ;
 346
 347 void argv_printf_cat (struct argv *a, const char *format, ...)
 348 #ifdef __GNUC__
 349   __attribute__ ((format (printf, 2, 3)))
 350 #endif
 351   ;
 352
 353 /*
 354  * Extract UID or GID
 355  */
 356
 357 static inline int
 358 user_state_uid (const struct user_state *s)
 359 {
 360 #if defined(HAVE_GETPWNAM) && defined(HAVE_SETUID)
 361   if (s->pw)
 362     return s->pw->pw_uid;
 363 #endif
 364   return -1;
 365 }
 366
 367 static inline int
 368 group_state_gid (const struct group_state *s)
 369 {
 370 #if defined(HAVE_GETGRNAM) && defined(HAVE_SETGID)
 371   if (s->gr)
 372     return s->gr->gr_gid;
 373 #endif
 374   return -1;
 375 }
 376
 377 #endif