virtual void execute() { if (!argv.empty()) { OPENVPN_LOG(to_string()); system_cmd(argv[0], argv); } else OPENVPN_LOG("WARNING: Command::execute called with empty argv"); }
virtual bool filter(const Option& opt) { const bool ret = filt(opt); if (!ret) OPENVPN_LOG("Ignored due to route-nopull: " << opt.render(Option::RENDER_TRUNC_64|Option::RENDER_BRACKET)); return ret; }
void parse(const std::string& cert_txt, const std::string& title) { alloc(); if (cert_txt.empty()) throw PolarSSLException(title + " certificate is undefined"); const int status = x509_crt_parse(chain, (const unsigned char *)cert_txt.c_str(), cert_txt.length()); if (status < 0) { throw PolarSSLException("error parsing " + title + " certificate", status); } if (status > 0) { std::ostringstream os; os << status << " certificate(s) in " << title << " bundle failed to parse"; #if 1 // PolarSSL cert parse error throw PolarSSLException(os.str()); #else OPENVPN_LOG("POLARSSL: " << os.str()); #endif } }
bool execute() { for (iterator i = begin(); i != end(); ++i) { Action& a = **i; if (halt_) return false; try { a.execute(); } catch (const std::exception& e) { OPENVPN_LOG("action exception: " << e.what()); } } return true; }
// do UDP connect void start_connect_() { config->remote_list->get_endpoint(server_endpoint); OPENVPN_LOG("Contacting " << server_endpoint << " via UDP"); parent.transport_wait(); parent.ip_hole_punch(server_endpoint_addr()); socket.open(server_endpoint.protocol()); #ifdef OPENVPN_PLATFORM_TYPE_UNIX if (config->socket_protect) { if (!config->socket_protect->socket_protect(socket.native_handle())) { config->stats->error(Error::SOCKET_PROTECT_ERROR); stop(); parent.transport_error(Error::UNDEF, "socket_protect error (UDP)"); return; } } #endif socket.async_connect(server_endpoint, asio_dispatch_connect(&Client::start_impl_, this)); }
/* sign arbitrary data */ static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { ExternalPKIImpl* self = (ExternalPKIImpl*)rsa->meth->app_data; try { if (padding != RSA_PKCS1_PADDING) { RSAerr (RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); throw openssl_external_pki("bad padding size"); } /* convert 'from' to base64 */ ConstBuffer from_buf(from, flen, true); const std::string from_b64 = base64->encode(from_buf); /* get signature */ std::string sig_b64; const bool status = self->external_pki->sign("RSA_RAW", from_b64, sig_b64); if (!status) throw openssl_external_pki("could not obtain signature"); /* decode base64 signature to binary */ const int len = RSA_size(rsa); Buffer sig(to, len, false); base64->decode(sig, sig_b64); /* verify length */ if (sig.size() != len) throw openssl_external_pki("incorrect signature length"); /* return length of signature */ return len; } catch (const std::exception& e) { OPENVPN_LOG("OpenSSLContext::ExternalPKIImpl::rsa_priv_enc: " << e.what()); ++self->n_errors; return -1; } }
virtual void client_start(const OptionList& opt, TransportClient& transcli) { if (!impl) { halt = false; if (config->tun_persist) tun_persist = config->tun_persist; // long-term persistent else tun_persist.reset(new TunPersist(false, config->retain_sd, config->builder)); // short-term try { int sd = -1; const IP::Addr server_addr = transcli.server_endpoint_addr(); // Check if persisted tun session matches properties of to-be-created session if (tun_persist->use_persisted_tun(server_addr, config->tun_prop, opt)) { sd = tun_persist->obj(); state = tun_persist->state(); OPENVPN_LOG("TunPersist: reused tun context"); } else { TunBuilderBase* tb = config->builder; // reset target tun builder object if (!tb->tun_builder_new()) throw tun_builder_error("tun_builder_new failed"); // notify parent parent.tun_pre_tun_config(); // configure the tun builder TunProp::configure_builder(tb, state.get(), config->stats.get(), server_addr, config->tun_prop, opt, false); // start tun sd = tb->tun_builder_establish(); } if (sd == -1) { parent.tun_error(Error::TUN_IFACE_CREATE, "cannot acquire tun interface socket"); return; } // persist state if (tun_persist->persist_tun_state(sd, state)) OPENVPN_LOG("TunPersist: saving tun context:" << std::endl << tun_persist->options()); impl.reset(new TunImpl(io_service, sd, true, config->tun_prefix, this, config->frame, config->stats )); impl->start(config->n_parallel); // signal that we are connected parent.tun_connected(); } catch (const std::exception& e) { if (tun_persist) tun_persist->close(); stop(); parent.tun_error(Error::TUN_SETUP_FAILED, e.what()); } } }