Ejemplo n.º 1
0
Archivo: pf.c Proyecto: benjdag/openvpn
static void
pf_addr_test_print(const char *prefix,
                   const char *prefix2,
                   const struct context *src,
                   const struct mroute_addr *dest,
                   const bool allow,
                   const struct ipv4_subnet *rule)
{
    struct gc_arena gc = gc_new();
    if (rule)
    {
        dmsg(D_PF_DEBUG, "PF: %s/%s %s %s %s rule=[%s/%s %s]",
             prefix,
             prefix2,
             tls_common_name(src->c2.tls_multi, false),
             mroute_addr_print_ex(dest, MAPF_SHOW_ARP, &gc),
             drop_accept(allow),
             print_in_addr_t(rule->network, 0, &gc),
             print_in_addr_t(rule->netmask, 0, &gc),
             drop_accept(!rule->exclude));
    }
    else
    {
        dmsg(D_PF_DEBUG, "PF: %s/%s %s %s %s",
             prefix,
             prefix2,
             tls_common_name(src->c2.tls_multi, false),
             mroute_addr_print_ex(dest, MAPF_SHOW_ARP, &gc),
             drop_accept(allow));
    }
    gc_free(&gc);
}
Ejemplo n.º 2
0
/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, passing username/password,
 * etc.
 */
bool
send_control_channel_string (struct context *c, const char *str, int msglevel)
{
#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL)
  if (c->c2.tls_multi) {
    struct gc_arena gc = gc_new ();
    bool stat;

    /* buffered cleartext write onto TLS control channel */
    stat = tls_send_payload (c->c2.tls_multi, (uint8_t*) str, strlen (str) + 1);

    /*
     * Reschedule tls_multi_process.
     * NOTE: in multi-client mode, usually the below two statements are
     * insufficient to reschedule the client instance object unless
     * multi_schedule_context_wakeup(m, mi) is also called.
     */
    interval_action (&c->c2.tmp_int);
    context_immediate_reschedule (c); /* ZERO-TIMEOUT */

    msg (msglevel, "SENT CONTROL [%s]: '%s' (status=%d)",
	 tls_common_name (c->c2.tls_multi, false),
	 sanitize_control_message (str, &gc),
	 (int) stat);

    gc_free (&gc);
    return stat;
  }
#endif
  return true;
}
Ejemplo n.º 3
0
/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, passing username/password,
 * etc.
 */
bool
send_control_channel_string (struct context *c, const char *str, int msglevel)
{
#if defined(USE_CRYPTO) && defined(USE_SSL)

  if (c->c2.tls_multi) {
    bool stat;

    /* buffered cleartext write onto TLS control channel */
    stat = tls_send_payload (c->c2.tls_multi, (uint8_t*) str, strlen (str) + 1);

    /* reschedule tls_multi_process */
    interval_action (&c->c2.tmp_int);
    context_immediate_reschedule (c); /* ZERO-TIMEOUT */

    msg (msglevel, "SENT CONTROL [%s]: '%s' (status=%d)",
	 tls_common_name (c->c2.tls_multi, false),
	 str,
	 (int) stat);

    return stat;
  }
#endif
  return true;
}
Ejemplo n.º 4
0
Archivo: pf.c Proyecto: benjdag/openvpn
bool
pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix)
{
    if (pfs && !pfs->kill)
    {
        const char *cn;
        uint32_t cn_hash;
        if (tls_common_name_hash(tm, &cn, &cn_hash))
        {
            const struct pf_cn *rule = lookup_cn_rule(pfs->cns.hash_table, cn, cn_hash);
            if (rule)
            {
#ifdef ENABLE_DEBUG
                if (check_debug_level(D_PF_DEBUG))
                {
                    pf_cn_test_print("PF_CN_MATCH", type, prefix, cn, !rule->exclude, rule);
                }
#endif
                if (!rule->exclude)
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }
            else
            {
#ifdef ENABLE_DEBUG
                if (check_debug_level(D_PF_DEBUG))
                {
                    pf_cn_test_print("PF_CN_DEFAULT", type, prefix, cn, pfs->cns.default_allow, NULL);
                }
#endif
                if (pfs->cns.default_allow)
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }
        }
    }
#ifdef ENABLE_DEBUG
    if (check_debug_level(D_PF_DEBUG))
    {
        pf_cn_test_print("PF_CN_FAULT", type, prefix, tls_common_name(tm, false), false, NULL);
    }
#endif
    return false;
}