/* * Handle incoming configuration * messages on the control channel. */ void check_incoming_control_channel_dowork (struct context *c) { const int len = tls_test_payload_len (c->c2.tls_multi); if (len) { struct gc_arena gc = gc_new (); struct buffer buf = alloc_buf_gc (len, &gc); if (tls_rec_payload (c->c2.tls_multi, &buf)) { /* force null termination of message */ buf_null_terminate (&buf); /* enforce character class restrictions */ string_mod (BSTR (&buf), CC_PRINT, CC_CRLF, 0); if (buf_string_match_head_str (&buf, "AUTH_FAILED")) receive_auth_failed (c, &buf); else if (buf_string_match_head_str (&buf, "PUSH_")) incoming_push_message (c, &buf); else if (buf_string_match_head_str (&buf, "RESTART")) server_pushed_signal (c, &buf, true, 7); else if (buf_string_match_head_str (&buf, "HALT")) server_pushed_signal (c, &buf, false, 4); else msg (D_PUSH_ERRORS, "WARNING: Received unknown control message: %s", BSTR (&buf)); } else { msg (D_PUSH_ERRORS, "WARNING: Receive control message failed"); } gc_free (&gc); } }
bool buf_string_compare_advance (struct buffer *src, const char *match) { if (buf_string_match_head_str (src, match)) { buf_advance (src, strlen (match)); return true; } else return false; }
/* * Auth username/password * * Client received an authentication failed message from server. * Runs on client. */ void receive_auth_failed(struct context *c, const struct buffer *buffer) { msg(M_VERB0, "AUTH: Received control message: %s", BSTR(buffer)); c->options.no_advance = true; if (c->options.pull) { switch (auth_retry_get()) { case AR_NONE: c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */ break; case AR_INTERACT: ssl_purge_auth(false); case AR_NOINTERACT: c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */ break; default: ASSERT(0); } c->sig->signal_text = "auth-failure"; #ifdef ENABLE_MANAGEMENT if (management) { const char *reason = NULL; struct buffer buf = *buffer; if (buf_string_compare_advance(&buf, "AUTH_FAILED,") && BLEN(&buf)) { reason = BSTR(&buf); } management_auth_failure(management, UP_TYPE_AUTH, reason); } #endif /* * Save the dynamic-challenge text even when management is defined */ { #ifdef ENABLE_CLIENT_CR struct buffer buf = *buffer; if (buf_string_match_head_str(&buf, "AUTH_FAILED,CRV1:") && BLEN(&buf)) { buf_advance(&buf, 12); /* Length of "AUTH_FAILED," substring */ ssl_put_auth_challenge(BSTR(&buf)); } #endif } } }