diff options
| -rw-r--r-- | init.c | 17 | ||||
| -rw-r--r-- | manage.c | 43 | ||||
| -rw-r--r-- | manage.h | 3 | ||||
| -rw-r--r-- | openvpn.8 | 5 | ||||
| -rw-r--r-- | options.c | 6 | ||||
| -rw-r--r-- | version.m4 | 2 |
6 files changed, 55 insertions, 21 deletions
@@ -1177,7 +1177,14 @@ do_route (const struct options *options, struct env_set *es) { if (!options->route_noexec && route_list) - add_routes (route_list, tt, ROUTE_OPTION_FLAGS (options), es); + { + add_routes (route_list, tt, ROUTE_OPTION_FLAGS (options), es); + setenv_int (es, "redirect_gateway", route_list->did_redirect_default_gateway); + } +#ifdef ENABLE_MANAGEMENT + if (management) + management_up_down (management, "UP", es); +#endif if (plugin_defined (plugins, OPENVPN_PLUGIN_ROUTE_UP)) { @@ -1385,7 +1392,10 @@ do_close_tun (struct context *c, bool force) #ifdef ENABLE_MANAGEMENT /* tell management layer we are about to close the TUN/TAP device */ if (management) - management_pre_tunnel_close (management); + { + management_pre_tunnel_close (management); + management_up_down (management, "DOWN", c->c2.es); + } #endif /* delete any routes we added */ @@ -1527,7 +1537,6 @@ pull_permission_mask (const struct context *c) unsigned int flags = OPT_P_UP | OPT_P_ROUTE_EXTRAS - | OPT_P_IPWIN32 | OPT_P_SOCKBUF | OPT_P_SOCKFLAGS | OPT_P_SETENV @@ -1541,7 +1550,7 @@ pull_permission_mask (const struct context *c) | OPT_P_PULL_MODE; if (!c->options.route_nopull) - flags |= OPT_P_ROUTE; + flags |= (OPT_P_ROUTE | OPT_P_IPWIN32); return flags; } @@ -2252,8 +2252,6 @@ management_set_state (struct management *man, } } -#ifdef MANAGEMENT_DEF_AUTH - static bool env_filter_match (const char *env_str, const int env_filter_level) { @@ -2275,9 +2273,11 @@ env_filter_match (const char *env_str, const int env_filter_level) "bytes_received=" }; - if (env_filter_level >= 2 && !strncmp(env_str, "X509_", 5)) + if (env_filter_level == 0) return true; - else if (env_filter_level >= 1) + else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5)) + return true; + else if (env_filter_level <= 2) { size_t i; for (i = 0; i < SIZE(env_names); ++i) @@ -2289,12 +2289,11 @@ env_filter_match (const char *env_str, const int env_filter_level) } return false; } - else - return true; + return false; } static void -man_output_env (const struct env_set *es, const bool tail, const int env_filter_level) +man_output_env (const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix) { if (es) { @@ -2302,15 +2301,15 @@ man_output_env (const struct env_set *es, const bool tail, const int env_filter_ for (e = es->list; e != NULL; e = e->next) { if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level))) - msg (M_CLIENT, ">CLIENT:ENV,%s", e->string); + msg (M_CLIENT, ">%s:ENV,%s", prefix, e->string); } } if (tail) - msg (M_CLIENT, ">CLIENT:ENV,END"); + msg (M_CLIENT, ">%s:ENV,END", prefix); } static void -man_output_extra_env (struct management *man) +man_output_extra_env (struct management *man, const char *prefix) { struct gc_arena gc = gc_new (); struct env_set *es = env_set_create (&gc); @@ -2319,10 +2318,22 @@ man_output_extra_env (struct management *man) const int nclients = (*man->persist.callback.n_clients) (man->persist.callback.arg); setenv_int (es, "n_clients", nclients); } - man_output_env (es, false, man->connection.env_filter_level); + man_output_env (es, false, man->connection.env_filter_level, prefix); gc_free (&gc); } +void +management_up_down(struct management *man, const char *updown, const struct env_set *es) +{ + if (man->settings.flags & MF_UP_DOWN) + { + msg (M_CLIENT, ">UPDOWN:%s", updown); + man_output_env (es, true, 0, "UPDOWN"); + } +} + +#ifdef MANAGEMENT_DEF_AUTH + static bool validate_peer_info_line(const char *line) { @@ -2387,9 +2398,9 @@ management_notify_client_needing_auth (struct management *management, if (mdac->flags & DAF_CONNECTION_ESTABLISHED) mode = "REAUTH"; msg (M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id); - man_output_extra_env (management); + man_output_extra_env (management, "CLIENT"); man_output_peer_info_env(management, mdac); - man_output_env (es, true, management->connection.env_filter_level); + man_output_env (es, true, management->connection.env_filter_level, "CLIENT"); mdac->flags |= DAF_INITIAL_AUTH; } } @@ -2401,8 +2412,8 @@ management_connection_established (struct management *management, { mdac->flags |= DAF_CONNECTION_ESTABLISHED; msg (M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid); - man_output_extra_env (management); - man_output_env (es, true, management->connection.env_filter_level); + man_output_extra_env (management, "CLIENT"); + man_output_env (es, true, management->connection.env_filter_level, "CLIENT"); } void @@ -2413,7 +2424,7 @@ management_notify_client_close (struct management *management, if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED)) { msg (M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid); - man_output_env (es, true, management->connection.env_filter_level); + man_output_env (es, true, management->connection.env_filter_level, "CLIENT"); mdac->flags |= DAF_CONNECTION_CLOSED; } } @@ -332,6 +332,7 @@ struct management *management_init (void); #ifdef MANAGMENT_EXTERNAL_KEY # define MF_EXTERNAL_KEY (1<<9) #endif +#define MF_UP_DOWN (1<<10) bool management_open (struct management *man, const char *addr, @@ -372,6 +373,8 @@ bool management_hold (struct management *man); void management_event_loop_n_seconds (struct management *man, int sec); +void management_up_down(struct management *man, const char *updown, const struct env_set *es); + #ifdef MANAGEMENT_DEF_AUTH void management_notify_client_needing_auth (struct management *management, const unsigned int auth_id, @@ -2367,6 +2367,11 @@ lines of log file history for usage by the management channel. .\"********************************************************* .TP +.B --management-up-down +Report tunnel up/down events to management interface. +.B +.\"********************************************************* +.TP .B --management-client-auth Gives management interface client the responsibility to authenticate clients after their client certificate @@ -341,6 +341,7 @@ static const char usage_message[] = "--management-signal : Issue SIGUSR1 when management disconnect event occurs.\n" "--management-forget-disconnect : Forget passwords when management disconnect\n" " event occurs.\n" + "--management-up-down : Report tunnel up/down events to management interface.\n" "--management-log-cache n : Cache n lines of log file history for usage\n" " by the management channel.\n" #if UNIX_SOCK_SUPPORT @@ -3632,6 +3633,11 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL); options->management_flags |= MF_FORGET_DISCONNECT; } + else if (streq (p[0], "management-up-down")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + options->management_flags |= MF_UP_DOWN; + } else if (streq (p[0], "management-client")) { VERIFY_PERMISSION (OPT_P_GENERAL); @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1.3e]) +define(PRODUCT_VERSION,[2.1.3f]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) |