diff options
| author | David Sommerseth <davids@redhat.com> | 2011-07-25 01:44:27 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2011-08-19 08:46:43 +0200 |
| commit | 576dc96ca1ef1badb651e05ac694f07c91e02518 (patch) | |
| tree | f1d71d43a93853a6d44f34e6e38238ada1a9eb8b /init.c | |
| parent | b7e0d372e3aeb07d129642473d274d7d590eea1a (diff) | |
| parent | 9a105405a32cd3d7c4abafdb91e85494687392e9 (diff) | |
| download | openvpn-576dc96ca1ef1badb651e05ac694f07c91e02518.tar.gz openvpn-576dc96ca1ef1badb651e05ac694f07c91e02518.tar.xz openvpn-576dc96ca1ef1badb651e05ac694f07c91e02518.zip | |
Merge remote branch SVN 2.1 into the git tree
Hopefully the last SVN merge we need to do, as these merges are getting
more and more difficult. Most of the files had minor changes, but due to
the CRLF unification patch (commit 6b2883a637fe73492) we got an increased
number of conflicts. In addition inclusion of IPv6 support makes the
creates a lot of merge issues in route.c and socket.c
This merge also reverts commit 7c18c6353904f8c6e7 which merged
add_bypass_address() into add_host_route_if_nonlocal(). However the SVN
tree began to use add_bypass_address() another place, where at first glance
it did not be appropriate to use add_host_route_if_nonlocal().
This merge has gone through a 'make check' without any errors, but have
not been tested more thoroughly yet.
Conflicts:
ChangeLog
INSTALL
INSTALL-win32.txt
Makefile.am
acinclude.m4
base64.c
buffer.c
buffer.h
common.h
configure.ac
contrib/pull-resolv-conf/client.down
contrib/pull-resolv-conf/client.up
crypto.c
cryptoapi.c
easy-rsa/2.0/Makefile
easy-rsa/2.0/README
easy-rsa/2.0/build-ca
easy-rsa/2.0/build-dh
easy-rsa/2.0/build-inter
easy-rsa/2.0/build-key
easy-rsa/2.0/build-key-pass
easy-rsa/2.0/build-key-pkcs12
easy-rsa/2.0/build-key-server
easy-rsa/2.0/build-req
easy-rsa/2.0/build-req-pass
easy-rsa/2.0/clean-all
easy-rsa/2.0/inherit-inter
easy-rsa/2.0/list-crl
easy-rsa/2.0/pkitool
easy-rsa/2.0/revoke-full
easy-rsa/2.0/sign-req
easy-rsa/2.0/vars
easy-rsa/2.0/whichopensslcnf
easy-rsa/Windows/build-ca-pass.bat
easy-rsa/Windows/build-key-pass.bat
easy-rsa/Windows/build-key-server-pass.bat
easy-rsa/Windows/init-config.bat
easy-rsa/Windows/vars.bat.sample
error.c
error.h
forward.c
helper.c
httpdigest.c
httpdigest.h
ieproxy.c
init.c
init.h
install-win32/Makefile.am
install-win32/makeopenvpn
install-win32/openssl/openssl097.patch
install-win32/openssl/openssl098.patch
install-win32/openvpn.nsi
list.c
list.h
manage.c
manage.h
management/management-notes.txt
mbuf.c
mbuf.h
misc.c
misc.h
mroute.c
mroute.h
msvc/autodefs.h.in
msvc/config.py
msvc/msvc.mak
mtcp.c
mudp.c
multi.c
multi.h
occ.c
openvpn-plugin.h
openvpn.8
openvpn.h
options.c
options.h
otime.c
otime.h
perf.c
pf.c
ping.c
pkcs11.c
plugin.c
plugin.h
plugin/auth-pam/README
plugin/auth-pam/auth-pam.c
pool.c
pool.h
proto.h
proxy.c
ps.c
push.c
reliable.c
route.c
route.h
sample-config-files/firewall.sh
sample-scripts/bridge-start
sample-scripts/bridge-stop
sample-scripts/openvpn.init
sample-scripts/verify-cn
schedule.c
schedule.h
service-win32/openvpnserv.c
sig.c
socket.c
socket.h
socks.c
socks.h
ssl.c
ssl.h
status.c
syshead.h
tap-win32/SOURCES.in
tap-win32/common.h
tap-win32/proto.h
tap-win32/tapdrvr.c
tap-win32/types.h
tun.c
tun.h
version.m4
win/autodefs.h.in
win/build.py
win/build_all.py
win/build_ddk.py
win/build_exe.py
win/config.py
win/config_all.py
win/config_tap.py
win/config_ti.py
win/js.py
win/make_dist.py
win/msvc.mak.in
win/settings.in
win/show.py
win/sign.py
win/tap_span.py
win/wb.py
win32.c
win32.h
Signed-off-by: David Sommerseth <davids@redhat.com>
Reviewed-by: Gert Doering <gert@greenie.muc.de>
Reviewed-by: James Yonan <james@openvpn.net>
Reviewed-by: Adriaan de Jong <dejong@fox-it.com>
Diffstat (limited to 'init.c')
| -rw-r--r-- | init.c | 128 |
1 files changed, 111 insertions, 17 deletions
@@ -199,6 +199,90 @@ management_callback_http_proxy_fallback_cmd (void *arg, const char *server, cons #endif +#if MANAGEMENT_QUERY_REMOTE + +static bool +management_callback_remote_cmd (void *arg, const char **p) +{ + struct context *c = (struct context *) arg; + struct connection_entry *ce = &c->options.ce; + int ret = false; + if (p[1] && ((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT)&CE_MAN_QUERY_REMOTE_MASK) == CE_MAN_QUERY_REMOTE_QUERY) + { + int flags = 0; + if (!strcmp(p[1], "ACCEPT")) + { + flags = CE_MAN_QUERY_REMOTE_ACCEPT; + ret = true; + } + else if (!strcmp(p[1], "SKIP")) + { + flags = CE_MAN_QUERY_REMOTE_SKIP; + ret = true; + } + else if (!strcmp(p[1], "MOD") && p[2] && p[3]) + { + const int port = atoi(p[3]); + if (strlen(p[2]) < RH_HOST_LEN && legal_ipv4_port(port)) + { + struct remote_host_store *rhs = c->options.rh_store; + if (!rhs) + { + ALLOC_OBJ_CLEAR_GC (rhs, struct remote_host_store, &c->options.gc); + c->options.rh_store = rhs; + } + strncpynt(rhs->host, p[2], RH_HOST_LEN); + ce->remote = rhs->host; + ce->remote_port = port; + flags = CE_MAN_QUERY_REMOTE_MOD; + ret = true; + } + } + if (ret) + { + ce->flags &= ~(CE_MAN_QUERY_REMOTE_MASK<<CE_MAN_QUERY_REMOTE_SHIFT); + ce->flags |= ((flags&CE_MAN_QUERY_REMOTE_MASK)<<CE_MAN_QUERY_REMOTE_SHIFT); + } + } + return ret; +} + +static bool +ce_management_query_remote (struct context *c, const char *remote_ip_hint) +{ + struct gc_arena gc = gc_new (); + volatile struct connection_entry *ce = &c->options.ce; + int ret = true; + update_time(); + if (management) + { + struct buffer out = alloc_buf_gc (256, &gc); + buf_printf (&out, ">REMOTE:%s,%d,%s", np(ce->remote), ce->remote_port, proto2ascii(ce->proto, false)); + management_notify_generic(management, BSTR (&out)); + ce->flags &= ~(CE_MAN_QUERY_REMOTE_MASK<<CE_MAN_QUERY_REMOTE_SHIFT); + ce->flags |= (CE_MAN_QUERY_REMOTE_QUERY<<CE_MAN_QUERY_REMOTE_SHIFT); + while (((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT) & CE_MAN_QUERY_REMOTE_MASK) == CE_MAN_QUERY_REMOTE_QUERY) + { + management_event_loop_n_seconds (management, 1); + if (IS_SIG (c)) + { + ret = false; + break; + } + } + } + { + const int flags = ((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT) & CE_MAN_QUERY_REMOTE_MASK); + if (flags == CE_MAN_QUERY_REMOTE_ACCEPT && remote_ip_hint) + ce->remote = remote_ip_hint; + ret = (flags != CE_MAN_QUERY_REMOTE_SKIP); + } + gc_free (&gc); + return ret; +} + +#endif + /* * Initialize and possibly randomize connection list. */ @@ -313,6 +397,15 @@ next_connection_entry (struct context *c) c->options.ce = *ce; +#if MANAGEMENT_QUERY_REMOTE + if (ce_defined && management && management_query_remote_enabled(management)) + { + /* allow management interface to override connection entry details */ + ce_defined = ce_management_query_remote(c, remote_ip_hint); + if (IS_SIG (c)) + break; + } else +#endif if (remote_ip_hint) c->options.ce.remote = remote_ip_hint; @@ -343,7 +436,13 @@ init_query_passwords (struct context *c) #if P2MP /* Auth user/pass input */ if (c->options.auth_user_pass_file) - auth_user_pass_setup (c->options.auth_user_pass_file); + { +#ifdef ENABLE_CLIENT_CR + auth_user_pass_setup (c->options.auth_user_pass_file, &c->options.sc_info); +#else + auth_user_pass_setup (c->options.auth_user_pass_file, NULL); +#endif + } #endif } @@ -598,21 +697,9 @@ init_static (void) #ifdef TEST_GET_DEFAULT_GATEWAY { - struct gc_arena gc = gc_new (); - in_addr_t addr; - char macaddr[6]; - - if (get_default_gateway(&addr, NULL)) - msg (M_INFO, "GW %s", print_in_addr_t(addr, 0, &gc)); - else - msg (M_INFO, "GDG ERROR"); - - if (get_default_gateway_mac_addr(macaddr)) - msg (M_INFO, "MAC %s", format_hex_ex (macaddr, 6, 0, 1, ":", &gc)); - else - msg (M_INFO, "GDGMA ERROR"); - - gc_free (&gc); + struct route_gateway_info rgi; + get_default_gateway(&rgi); + print_default_gateway(M_INFO, &rgi); return false; } #endif @@ -1241,7 +1328,7 @@ do_route (const struct options *options, if (!options->route_noexec && ( route_list || route_ipv6_list ) ) { add_routes (route_list, route_ipv6_list, tt, ROUTE_OPTION_FLAGS (options), es); - setenv_int (es, "redirect_gateway", route_list->did_redirect_default_gateway); + setenv_int (es, "redirect_gateway", route_did_redirect_default_gateway(route_list)); } #ifdef ENABLE_MANAGEMENT if (management) @@ -2154,6 +2241,10 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) to.x509_track = options->x509_track; #endif +#ifdef ENABLE_CLIENT_CR + to.sci = &options->sc_info; +#endif + /* TLS handshake authentication (--tls-auth) */ if (options->tls_auth_file) { @@ -3046,6 +3137,9 @@ init_management_callback_p2p (struct context *c) #if HTTP_PROXY_FALLBACK cb.http_proxy_fallback_cmd = management_callback_http_proxy_fallback_cmd; #endif +#if MANAGEMENT_QUERY_REMOTE + cb.remote_cmd = management_callback_remote_cmd; +#endif management_set_callback (management, &cb); } #endif |