diff options
| author | David Sommerseth <davids@redhat.com> | 2011-07-25 01:44:27 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2011-08-19 08:46:43 +0200 |
| commit | 576dc96ca1ef1badb651e05ac694f07c91e02518 (patch) | |
| tree | f1d71d43a93853a6d44f34e6e38238ada1a9eb8b /manage.c | |
| parent | b7e0d372e3aeb07d129642473d274d7d590eea1a (diff) | |
| parent | 9a105405a32cd3d7c4abafdb91e85494687392e9 (diff) | |
| download | openvpn-576dc96ca1ef1badb651e05ac694f07c91e02518.tar.gz openvpn-576dc96ca1ef1badb651e05ac694f07c91e02518.tar.xz openvpn-576dc96ca1ef1badb651e05ac694f07c91e02518.zip | |
Merge remote branch SVN 2.1 into the git tree
Hopefully the last SVN merge we need to do, as these merges are getting
more and more difficult. Most of the files had minor changes, but due to
the CRLF unification patch (commit 6b2883a637fe73492) we got an increased
number of conflicts. In addition inclusion of IPv6 support makes the
creates a lot of merge issues in route.c and socket.c
This merge also reverts commit 7c18c6353904f8c6e7 which merged
add_bypass_address() into add_host_route_if_nonlocal(). However the SVN
tree began to use add_bypass_address() another place, where at first glance
it did not be appropriate to use add_host_route_if_nonlocal().
This merge has gone through a 'make check' without any errors, but have
not been tested more thoroughly yet.
Conflicts:
ChangeLog
INSTALL
INSTALL-win32.txt
Makefile.am
acinclude.m4
base64.c
buffer.c
buffer.h
common.h
configure.ac
contrib/pull-resolv-conf/client.down
contrib/pull-resolv-conf/client.up
crypto.c
cryptoapi.c
easy-rsa/2.0/Makefile
easy-rsa/2.0/README
easy-rsa/2.0/build-ca
easy-rsa/2.0/build-dh
easy-rsa/2.0/build-inter
easy-rsa/2.0/build-key
easy-rsa/2.0/build-key-pass
easy-rsa/2.0/build-key-pkcs12
easy-rsa/2.0/build-key-server
easy-rsa/2.0/build-req
easy-rsa/2.0/build-req-pass
easy-rsa/2.0/clean-all
easy-rsa/2.0/inherit-inter
easy-rsa/2.0/list-crl
easy-rsa/2.0/pkitool
easy-rsa/2.0/revoke-full
easy-rsa/2.0/sign-req
easy-rsa/2.0/vars
easy-rsa/2.0/whichopensslcnf
easy-rsa/Windows/build-ca-pass.bat
easy-rsa/Windows/build-key-pass.bat
easy-rsa/Windows/build-key-server-pass.bat
easy-rsa/Windows/init-config.bat
easy-rsa/Windows/vars.bat.sample
error.c
error.h
forward.c
helper.c
httpdigest.c
httpdigest.h
ieproxy.c
init.c
init.h
install-win32/Makefile.am
install-win32/makeopenvpn
install-win32/openssl/openssl097.patch
install-win32/openssl/openssl098.patch
install-win32/openvpn.nsi
list.c
list.h
manage.c
manage.h
management/management-notes.txt
mbuf.c
mbuf.h
misc.c
misc.h
mroute.c
mroute.h
msvc/autodefs.h.in
msvc/config.py
msvc/msvc.mak
mtcp.c
mudp.c
multi.c
multi.h
occ.c
openvpn-plugin.h
openvpn.8
openvpn.h
options.c
options.h
otime.c
otime.h
perf.c
pf.c
ping.c
pkcs11.c
plugin.c
plugin.h
plugin/auth-pam/README
plugin/auth-pam/auth-pam.c
pool.c
pool.h
proto.h
proxy.c
ps.c
push.c
reliable.c
route.c
route.h
sample-config-files/firewall.sh
sample-scripts/bridge-start
sample-scripts/bridge-stop
sample-scripts/openvpn.init
sample-scripts/verify-cn
schedule.c
schedule.h
service-win32/openvpnserv.c
sig.c
socket.c
socket.h
socks.c
socks.h
ssl.c
ssl.h
status.c
syshead.h
tap-win32/SOURCES.in
tap-win32/common.h
tap-win32/proto.h
tap-win32/tapdrvr.c
tap-win32/types.h
tun.c
tun.h
version.m4
win/autodefs.h.in
win/build.py
win/build_all.py
win/build_ddk.py
win/build_exe.py
win/config.py
win/config_all.py
win/config_tap.py
win/config_ti.py
win/js.py
win/make_dist.py
win/msvc.mak.in
win/settings.in
win/show.py
win/sign.py
win/tap_span.py
win/wb.py
win32.c
win32.h
Signed-off-by: David Sommerseth <davids@redhat.com>
Reviewed-by: Gert Doering <gert@greenie.muc.de>
Reviewed-by: James Yonan <james@openvpn.net>
Reviewed-by: Adriaan de Jong <dejong@fox-it.com>
Diffstat (limited to 'manage.c')
| -rw-r--r-- | manage.c | 88 |
1 files changed, 69 insertions, 19 deletions
@@ -86,6 +86,9 @@ man_help () msg (M_CLIENT, " where action is reply string."); msg (M_CLIENT, "net : (Windows only) Show network info and routing table."); msg (M_CLIENT, "password type p : Enter password p for a queried OpenVPN password."); +#if MANAGEMENT_QUERY_REMOTE + msg (M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP."); +#endif msg (M_CLIENT, "pid : Show process ID of the current OpenVPN process."); #ifdef ENABLE_PKCS11 msg (M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities."); @@ -606,25 +609,19 @@ man_up_finalize (struct management *man) { switch (man->connection.up_query_mode) { - case UP_QUERY_DISABLED: - man->connection.up_query.defined = false; - break; case UP_QUERY_USER_PASS: - if (strlen (man->connection.up_query.username) && strlen (man->connection.up_query.password)) - man->connection.up_query.defined = true; - break; + if (!strlen (man->connection.up_query.username)) + break; + /* fall through */ case UP_QUERY_PASS: - if (strlen (man->connection.up_query.password)) - man->connection.up_query.defined = true; - break; case UP_QUERY_NEED_OK: - if (strlen (man->connection.up_query.password)) - man->connection.up_query.defined = true; - break; case UP_QUERY_NEED_STR: if (strlen (man->connection.up_query.password)) man->connection.up_query.defined = true; break; + case UP_QUERY_DISABLED: + man->connection.up_query.defined = false; + break; default: ASSERT (0); } @@ -665,16 +662,17 @@ man_query_user_pass (struct management *man, static void man_query_username (struct management *man, const char *type, const char *string) { - const bool needed = (man->connection.up_query_mode == UP_QUERY_USER_PASS && man->connection.up_query_type); + const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS + ) && man->connection.up_query_type); man_query_user_pass (man, type, string, needed, "username", man->connection.up_query.username, USER_PASS_LEN); } static void man_query_password (struct management *man, const char *type, const char *string) { - const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS - || man->connection.up_query_mode == UP_QUERY_PASS) - && man->connection.up_query_type); + const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS + || man->connection.up_query_mode == UP_QUERY_USER_PASS + ) && man->connection.up_query_type); if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */ string = blank_up; man_query_user_pass (man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN); @@ -1090,6 +1088,31 @@ man_http_proxy_fallback (struct management *man, const char *server, const char #endif +#if MANAGEMENT_QUERY_REMOTE + +static void +man_remote (struct management *man, const char **p) +{ + if (man->persist.callback.remote_cmd) + { + const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p); + if (status) + { + msg (M_CLIENT, "SUCCESS: remote command succeeded"); + } + else + { + msg (M_CLIENT, "ERROR: remote command failed"); + } + } + else + { + msg (M_CLIENT, "ERROR: The remote command is not supported by the current daemon mode"); + } +} + +#endif + static void man_dispatch_command (struct management *man, struct status_output *so, const char **p, const int nparms) { @@ -1319,6 +1342,13 @@ man_dispatch_command (struct management *man, struct status_output *so, const ch man_http_proxy_fallback (man, NULL, NULL, NULL); } #endif +#if MANAGEMENT_QUERY_REMOTE + else if (streq (p[0], "remote")) + { + if (man_need (man, p, 1, MN_AT_LEAST)) + man_remote (man, p); + } +#endif #if 1 else if (streq (p[0], "test")) { @@ -2339,6 +2369,12 @@ management_notify(struct management *man, const char *severity, const char *type msg (M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text); } +void +management_notify_generic (struct management *man, const char *str) +{ + msg (M_CLIENT, "%s", str); +} + #ifdef MANAGEMENT_DEF_AUTH static bool @@ -2843,7 +2879,8 @@ bool management_query_user_pass (struct management *man, struct user_pass *up, const char *type, - const unsigned int flags) + const unsigned int flags, + const char *static_challenge) { struct gc_arena gc = gc_new (); bool ret = false; @@ -2856,7 +2893,9 @@ management_query_user_pass (struct management *man, const char *alert_type = NULL; const char *prefix = NULL; unsigned int up_query_mode = 0; - +#ifdef ENABLE_CLIENT_CR + const char *sc = NULL; +#endif ret = true; man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ man->persist.special_state_msg = NULL; @@ -2886,6 +2925,10 @@ management_query_user_pass (struct management *man, up_query_mode = UP_QUERY_USER_PASS; prefix = "PASSWORD"; alert_type = "username/password"; +#ifdef ENABLE_CLIENT_CR + if (static_challenge) + sc = static_challenge; +#endif } buf_printf (&alert_msg, ">%s:Need '%s' %s", prefix, @@ -2895,6 +2938,13 @@ management_query_user_pass (struct management *man, if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR)) buf_printf (&alert_msg, " MSG:%s", up->username); +#ifdef ENABLE_CLIENT_CR + if (sc) + buf_printf (&alert_msg, " SC:%d,%s", + BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO), + sc); +#endif + man_wait_for_client_connection (man, &signal_received, 0, MWCC_PASSWORD_WAIT); if (signal_received) ret = false; @@ -2908,7 +2958,7 @@ management_query_user_pass (struct management *man, man->connection.up_query_mode = up_query_mode; man->connection.up_query_type = type; - /* run command processing event loop until we get our username/password */ + /* run command processing event loop until we get our username/password/response */ do { man_standalone_event_loop (man, &signal_received, 0); |