1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
|
/* environment.h -- Function for extracting data from the OpenVPN environment table
*
* GPLv2 only - Copyright (C) 2008 - 2012
* David Sommerseth <dazo@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; version 2
* of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/**
* @file environment.h
* @author David Sommerseth <dazo@users.sourceforge.net>
* @date 2008-08-06
*
* @brief Function for extracting data from the OpenVPN environment table.
*
* A lot of the macros defined here are the preferred way how to access
* information from the environment table. This is to make sure the same
* variable names are used and the same limitations to the value length
* is kept.
*
*/
#ifndef _ENVIRONMENT_H
#define _ENVIRONMENT_H
/**
* get_env() retrieve values from the openvpn environment table
*
* @param ctx eurephiaCTX context
* @param logmasking If 1, the value will be masked in the log files (eg. to hide password)
* @param len How many bytes to copy out of the environment variable
* @param envp the environment table
* @param fmt The key to look for (stdarg)
*
* @return Returns a const char * with the value, or NULL if not found
*/
char *get_env(eurephiaCTX *ctx, int logmasking, size_t len, const char *envp[], const char *fmt, ... );
#define MAXLEN_DEVNAME 64 /**< Maximum allowed length of the device name of the tunnel device */
/**
* Macro for retrieving the OpenVPN tunnel device name (openvpn --dev option)
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_DEVNAME(ctx, env) get_env(ctx, 0, MAXLEN_DEVNAME, env, "dev");
#define MAXLEN_DEVTYPE 8 /**< Maximum allowed length of the device type of the tunnel device */
/**
* Macro for retrieving the OpenVPN tunnel device type (openvpn --dev-type option)
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_DEVTYPE(ctx, env) get_env(ctx, 0, MAXLEN_DEVTYPE, env, "dev_type");
#define MAXLEN_TLSID 2048 /**< Maximum allowed length of the TLS ID string*/
/**
* Macro for retrieving the TLS ID string of the clients certificate
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
* @param id Which TLS ID to retrieve. 0 is the clients certificate, >=1 are CA certificates.
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_TLSID(ctx, env, id) get_env(ctx, 0, MAXLEN_TLSID, env, "tls_id_%i", id)
#define MAXLEN_TLSDIGEST 60 /**< Maximum allowed length of the certificate digest/fingerprint*/
/**
* Macro for retrieving the certificate digest/fingerprint
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
* @param id Which TLS digest to retrieve. 0 is the clients certificate, >=1 are CA certificates.
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_TLSDIGEST(ctx, env, id) get_env(ctx, 0, MAXLEN_TLSDIGEST, env, "tls_digest_%i", id)
#define MAXLEN_UNTRUSTEDIP 34 /**< Maximum allowed length of the untrusted public IP address of the client*/
/**
* Macro for retrieving the IP address of the OpenVPN client. The untrusted IP is available before the
* client has been authenticated.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_UNTRUSTEDIP(ctx, env) get_env(ctx, 0, MAXLEN_UNTRUSTEDIP, env, "untrusted_ip")
#define MAXLEN_USERNAME 34 /**< Maximum allowed length of the username*/
/**
* Macro for retrieving the username the OpenVPN client wants to authenticate her/himself as.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_USERNAME(ctx, env) get_env(ctx, 0, MAXLEN_USERNAME, env, "username")
#define MAXLEN_PASSWORD 64 /**< Maximum allowed length of the password*/
/**
* Macro for retrieving the password the OpenVPN client uses for the authentication.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_PASSWORD(ctx, env) get_env(ctx, 1, MAXLEN_PASSWORD, env, "password")
#define MAXLEN_BYTESRECEIVED 21 /**< Maximum allowed length of the received bytes value*/
/**
* Macro for retrieving the number of bytes the OpenVPN server has received from the client. This
* is only available when the OpenVPN decides to disconnect the client session.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_BYTESRECEIVED(ctx, env) get_env(ctx, 0, MAXLEN_BYTESRECEIVED, env, "bytes_received");
#define MAXLEN_BYTESSENT 21 /**< Maximum allowed length of the sent bytes value*/
/**
* Macro for retrieving the number of bytes the OpenVPN server has sent to the client. This
* is only available when the OpenVPN decides to disconnect the client session.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_BYTESSENT(ctx, env) get_env(ctx, 0, MAXLEN_BYTESSENT, env, "bytes_sent");
#define MAXLEN_TIMEDURATION 21 /**< Maximum allowed length of the session time value*/
/**
* Macro for retrieving the number of seconds the OpenVPN session lasted. This
* is only available when the OpenVPN decides to disconnect the client session.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_TIMEDURATION(ctx, env) get_env(ctx, 0, MAXLEN_TIMEDURATION, env, "time_duration");
#define MAXLEN_POOLNETMASK 34 /**< Maximum allowed length of the clients VPN netmask*/
/**
* Macro for retrieving the network mask of the tunnelled VPN network for the current session.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_POOLNETMASK(ctx, env) get_env(ctx, 0, MAXLEN_POOLNETMASK, env, "ifconfig_pool_netmask");
#define MAXLEN_POOLIPADDR 34 /**< Maximum allowed length of the clients VPN IP address*/
/**
* Macro for retrieving the the IP address of the tunnelled VPN network for the current session.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_POOLIPADDR(ctx, env) get_env(ctx, 0, MAXLEN_POOLIPADDR, env, "ifconfig_pool_remote_ip");
#define MAXLEN_TRUSTEDIP 34 /**< Maximum allowed length of the trusted public IP of the client*/
/**
* Macro for retrieving the OpenVPN clients public IP address. This is available after the client
* has authenticatied successfully
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_TRUSTEDIP(ctx, env) get_env(ctx, 0, MAXLEN_TRUSTEDIP, env, "trusted_ip");
#define MAXLEN_PROTO1 4 /**< Maximum allowed length of protocol value (tcp/udp)*/
/**
* Macro for retrieving the protocol the user is using. Normally, this value will be 'udp' or 'tcp'
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_PROTO1(ctx, env) get_env(ctx, 0, MAXLEN_PROTO1, env, "proto_1");
#define MAXLEN_CNAME 64 /**< Maximum allowed length of X.509 Common Name field*/
/**
* Macro for retrieving the X.509 Common Name field from the clients certificate.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_CNAME(ctx, env) get_env(ctx, 0, MAXLEN_CNAME, env, "common_name");
#define MAXLEN_TRUSTEDPORT 6 /**< Maximum allowed length of the clients OpenVPN port */
/**
* Macro for retrieving the port a authenticated OpenVPN client is connecting from.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_TRUSTEDPORT(ctx, env) get_env(ctx, 0, MAXLEN_TRUSTEDPORT, env, "trusted_port");
#define MAXLEN_UNTRUSTEDPORT 6 /**< Maximum allowed length of the clients OpenVPN port*/
/**
* Macro for retrieving the port a unauthenticated OpenVPN client is connecting from.
*
* @param ctx eurephiaCTX
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_UNTRUSTEDPORT(ctx, env) get_env(ctx, 0, MAXLEN_UNTRUSTEDPORT, env, "untrusted_port");
#define MAXLEN_DAEMON 32 /**< Maximum allowed length of the daemon configuration value*/
/**
* Macro for retrieving a configuration parameter, which defines if the OpenVPN server
* started as a daemon.
*
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_DAEMON(env) get_env(NULL, 0, MAXLEN_DAEMON, env, "daemon");
#define MAXLEN_DAEMONLOGREDIR 32 /**< Maximum allowed length of daemon_log_redirect config value*/
/**
* Macro for retrieving a configuration parameter, which defines if the OpenVPN server
* is redirecting the logs or not.
*
* @param env Char array pointer to the environment table where the value resides
*
* @return Returns a pointer to a new memory region with the value. This region must be freed after use.
* @see get_env()
*/
#define GETENV_DAEMONLOGREDIR(env) get_env(NULL, 0, MAXLEN_DAEMONLOGREDIR, env, "daemon_log_redirect");
#endif
|