Example #1
0
    virtual void execute()
    {
      if (!argv.empty())
	{
	  OPENVPN_LOG(to_string());
	  system_cmd(argv[0], argv);
	}
      else
	OPENVPN_LOG("WARNING: Command::execute called with empty argv");
    }
Example #2
0
    virtual bool filter(const Option& opt)
    {
      const bool ret = filt(opt);
      if (!ret)
	OPENVPN_LOG("Ignored due to route-nopull: " << opt.render(Option::RENDER_TRUNC_64|Option::RENDER_BRACKET));
      return ret;
    }
Example #3
0
      void parse(const std::string& cert_txt, const std::string& title)
      {
	alloc();

	if (cert_txt.empty())
	  throw PolarSSLException(title + " certificate is undefined");

	const int status = x509_crt_parse(chain,
					  (const unsigned char *)cert_txt.c_str(),
					  cert_txt.length());
	if (status < 0)
	  {
	    throw PolarSSLException("error parsing " + title + " certificate", status);
	  }
	if (status > 0)
	  {
	    std::ostringstream os;
	    os << status << " certificate(s) in " << title << " bundle failed to parse";
#if 1 // PolarSSL cert parse error
	    throw PolarSSLException(os.str());
#else
	    OPENVPN_LOG("POLARSSL: " << os.str());
#endif
	  }
      }
Example #4
0
    bool execute()
    {
      for (iterator i = begin(); i != end(); ++i)
	{
	  Action& a = **i;
	  if (halt_)
	    return false;
	  try {
	    a.execute();
	  }
	  catch (const std::exception& e)
	    {
	      OPENVPN_LOG("action exception: " << e.what());
	    }
	}
      return true;
    }
Example #5
0
      // do UDP connect
      void start_connect_()
      {
	config->remote_list->get_endpoint(server_endpoint);
	OPENVPN_LOG("Contacting " << server_endpoint << " via UDP");
	parent.transport_wait();
	parent.ip_hole_punch(server_endpoint_addr());
	socket.open(server_endpoint.protocol());
#ifdef OPENVPN_PLATFORM_TYPE_UNIX
	if (config->socket_protect)
	  {
	    if (!config->socket_protect->socket_protect(socket.native_handle()))
	      {
		config->stats->error(Error::SOCKET_PROTECT_ERROR);
		stop();
		parent.transport_error(Error::UNDEF, "socket_protect error (UDP)");
		return;
	      }
	  }
#endif
	socket.async_connect(server_endpoint, asio_dispatch_connect(&Client::start_impl_, this));
      }
Example #6
0
		/* sign arbitrary data */
		static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
		{
			ExternalPKIImpl* self = (ExternalPKIImpl*)rsa->meth->app_data;

			try {
				if (padding != RSA_PKCS1_PADDING)
				{
					RSAerr (RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
					throw openssl_external_pki("bad padding size");
				}

				/* convert 'from' to base64 */
				ConstBuffer from_buf(from, flen, true);
				const std::string from_b64 = base64->encode(from_buf);

				/* get signature */
				std::string sig_b64;
				const bool status = self->external_pki->sign("RSA_RAW", from_b64, sig_b64);
				if (!status)
					throw openssl_external_pki("could not obtain signature");

				/* decode base64 signature to binary */
				const int len = RSA_size(rsa);
				Buffer sig(to, len, false);
				base64->decode(sig, sig_b64);

				/* verify length */
				if (sig.size() != len)
					throw openssl_external_pki("incorrect signature length");

				/* return length of signature */
				return len;
			}
			catch (const std::exception& e)
			{
				OPENVPN_LOG("OpenSSLContext::ExternalPKIImpl::rsa_priv_enc: " << e.what());
				++self->n_errors;
				return -1;
			}
		}
Example #7
0
	virtual void client_start(const OptionList& opt, TransportClient& transcli)
	{
		if (!impl)
		{
			halt = false;
			if (config->tun_persist)
				tun_persist = config->tun_persist; // long-term persistent
			else
				tun_persist.reset(new TunPersist(false, config->retain_sd, config->builder)); // short-term

			try {
				int sd = -1;
				const IP::Addr server_addr = transcli.server_endpoint_addr();

				// Check if persisted tun session matches properties of to-be-created session
				if (tun_persist->use_persisted_tun(server_addr, config->tun_prop, opt))
				{
					sd = tun_persist->obj();
					state = tun_persist->state();
					OPENVPN_LOG("TunPersist: reused tun context");
				}
				else
				{
					TunBuilderBase* tb = config->builder;

					// reset target tun builder object
					if (!tb->tun_builder_new())
						throw tun_builder_error("tun_builder_new failed");

					// notify parent
					parent.tun_pre_tun_config();

					// configure the tun builder
					TunProp::configure_builder(tb, state.get(), config->stats.get(), server_addr,
					                           config->tun_prop, opt, false);

					// start tun
					sd = tb->tun_builder_establish();
				}

				if (sd == -1)
				{
					parent.tun_error(Error::TUN_IFACE_CREATE, "cannot acquire tun interface socket");
					return;
				}

				// persist state
				if (tun_persist->persist_tun_state(sd, state))
					OPENVPN_LOG("TunPersist: saving tun context:" << std::endl << tun_persist->options());

				impl.reset(new TunImpl(io_service,
				                       sd,
				                       true,
				                       config->tun_prefix,
				                       this,
				                       config->frame,
				                       config->stats
				                      ));
				impl->start(config->n_parallel);

				// signal that we are connected
				parent.tun_connected();
			}
			catch (const std::exception& e)
			{
				if (tun_persist)
					tun_persist->close();
				stop();
				parent.tun_error(Error::TUN_SETUP_FAILED, e.what());
			}
		}
	}