virtual void execute()
{
if (!argv.empty())
{
OPENVPN_LOG(to_string());
system_cmd(argv[0], argv);
}
else
OPENVPN_LOG("WARNING: Command::execute called with empty argv");
}
virtual bool filter(const Option& opt)
{
const bool ret = filt(opt);
if (!ret)
OPENVPN_LOG("Ignored due to route-nopull: " << opt.render(Option::RENDER_TRUNC_64|Option::RENDER_BRACKET));
return ret;
}
void parse(const std::string& cert_txt, const std::string& title)
{
alloc();
if (cert_txt.empty())
throw PolarSSLException(title + " certificate is undefined");
const int status = x509_crt_parse(chain,
(const unsigned char *)cert_txt.c_str(),
cert_txt.length());
if (status < 0)
{
throw PolarSSLException("error parsing " + title + " certificate", status);
}
if (status > 0)
{
std::ostringstream os;
os << status << " certificate(s) in " << title << " bundle failed to parse";
#if 1 // PolarSSL cert parse error
throw PolarSSLException(os.str());
#else
OPENVPN_LOG("POLARSSL: " << os.str());
#endif
}
}
bool execute()
{
for (iterator i = begin(); i != end(); ++i)
{
Action& a = **i;
if (halt_)
return false;
try {
a.execute();
}
catch (const std::exception& e)
{
OPENVPN_LOG("action exception: " << e.what());
}
}
return true;
}
// do UDP connect
void start_connect_()
{
config->remote_list->get_endpoint(server_endpoint);
OPENVPN_LOG("Contacting " << server_endpoint << " via UDP");
parent.transport_wait();
parent.ip_hole_punch(server_endpoint_addr());
socket.open(server_endpoint.protocol());
#ifdef OPENVPN_PLATFORM_TYPE_UNIX
if (config->socket_protect)
{
if (!config->socket_protect->socket_protect(socket.native_handle()))
{
config->stats->error(Error::SOCKET_PROTECT_ERROR);
stop();
parent.transport_error(Error::UNDEF, "socket_protect error (UDP)");
return;
}
}
#endif
socket.async_connect(server_endpoint, asio_dispatch_connect(&Client::start_impl_, this));
}
/* sign arbitrary data */
static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
{
ExternalPKIImpl* self = (ExternalPKIImpl*)rsa->meth->app_data;
try {
if (padding != RSA_PKCS1_PADDING)
{
RSAerr (RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
throw openssl_external_pki("bad padding size");
}
/* convert 'from' to base64 */
ConstBuffer from_buf(from, flen, true);
const std::string from_b64 = base64->encode(from_buf);
/* get signature */
std::string sig_b64;
const bool status = self->external_pki->sign("RSA_RAW", from_b64, sig_b64);
if (!status)
throw openssl_external_pki("could not obtain signature");
/* decode base64 signature to binary */
const int len = RSA_size(rsa);
Buffer sig(to, len, false);
base64->decode(sig, sig_b64);
/* verify length */
if (sig.size() != len)
throw openssl_external_pki("incorrect signature length");
/* return length of signature */
return len;
}
catch (const std::exception& e)
{
OPENVPN_LOG("OpenSSLContext::ExternalPKIImpl::rsa_priv_enc: " << e.what());
++self->n_errors;
return -1;
}
}
virtual void client_start(const OptionList& opt, TransportClient& transcli)
{
if (!impl)
{
halt = false;
if (config->tun_persist)
tun_persist = config->tun_persist; // long-term persistent
else
tun_persist.reset(new TunPersist(false, config->retain_sd, config->builder)); // short-term
try {
int sd = -1;
const IP::Addr server_addr = transcli.server_endpoint_addr();
// Check if persisted tun session matches properties of to-be-created session
if (tun_persist->use_persisted_tun(server_addr, config->tun_prop, opt))
{
sd = tun_persist->obj();
state = tun_persist->state();
OPENVPN_LOG("TunPersist: reused tun context");
}
else
{
TunBuilderBase* tb = config->builder;
// reset target tun builder object
if (!tb->tun_builder_new())
throw tun_builder_error("tun_builder_new failed");
// notify parent
parent.tun_pre_tun_config();
// configure the tun builder
TunProp::configure_builder(tb, state.get(), config->stats.get(), server_addr,
config->tun_prop, opt, false);
// start tun
sd = tb->tun_builder_establish();
}
if (sd == -1)
{
parent.tun_error(Error::TUN_IFACE_CREATE, "cannot acquire tun interface socket");
return;
}
// persist state
if (tun_persist->persist_tun_state(sd, state))
OPENVPN_LOG("TunPersist: saving tun context:" << std::endl << tun_persist->options());
impl.reset(new TunImpl(io_service,
sd,
true,
config->tun_prefix,
this,
config->frame,
config->stats
));
impl->start(config->n_parallel);
// signal that we are connected
parent.tun_connected();
}
catch (const std::exception& e)
{
if (tun_persist)
tun_persist->close();
stop();
parent.tun_error(Error::TUN_SETUP_FAILED, e.what());
}
}
}
