int
process_incoming_push_request(struct context *c)
{
int ret = PUSH_MSG_ERROR;
#ifdef ENABLE_ASYNC_PUSH
c->c2.push_request_received = true;
#endif
if (tls_authentication_status(c->c2.tls_multi, 0) == TLS_AUTHENTICATION_FAILED || c->c2.context_auth == CAS_FAILED)
{
const char *client_reason = tls_client_reason(c->c2.tls_multi);
send_auth_failed(c, client_reason);
ret = PUSH_MSG_AUTH_FAILURE;
}
else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
{
time_t now;
openvpn_time(&now);
if (c->c2.sent_push_reply_expiry > now)
{
ret = PUSH_MSG_ALREADY_REPLIED;
}
else
{
/* per-client push options - peer-id, cipher, ifconfig, ipv6-ifconfig */
struct push_list push_list;
struct gc_arena gc = gc_new();
CLEAR(push_list);
if (prepare_push_reply(c, &gc, &push_list)
&& send_push_reply(c, &push_list))
{
ret = PUSH_MSG_REQUEST;
c->c2.sent_push_reply_expiry = now + 30;
}
gc_free(&gc);
}
}
else
{
ret = PUSH_MSG_REQUEST_DEFERRED;
}
return ret;
}
int
process_incoming_push_request (struct context *c)
{
int ret = PUSH_MSG_ERROR;
#ifdef ENABLE_ASYNC_PUSH
c->c2.push_request_received = true;
#endif
if (tls_authentication_status (c->c2.tls_multi, 0) == TLS_AUTHENTICATION_FAILED || c->c2.context_auth == CAS_FAILED)
{
const char *client_reason = tls_client_reason (c->c2.tls_multi);
send_auth_failed (c, client_reason);
ret = PUSH_MSG_AUTH_FAILURE;
}
else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
{
time_t now;
openvpn_time (&now);
if (c->c2.sent_push_reply_expiry > now)
{
ret = PUSH_MSG_ALREADY_REPLIED;
}
else
{
if (prepare_push_reply(&c->options, c->c2.tls_multi) &&
send_push_reply (c))
{
ret = PUSH_MSG_REQUEST;
c->c2.sent_push_reply_expiry = now + 30;
}
}
}
else
{
ret = PUSH_MSG_REQUEST_DEFERRED;
}
return ret;
}
static
time_t
__mytime(void) {
return openvpn_time(NULL);
}
int
process_incoming_push_msg (struct context *c,
const struct buffer *buffer,
bool honor_received_options,
unsigned int permission_mask,
unsigned int *option_types_found)
{
int ret = PUSH_MSG_ERROR;
struct buffer buf = *buffer;
#if P2MP_SERVER
if (buf_string_compare_advance (&buf, "PUSH_REQUEST"))
{
if (tls_authentication_status (c->c2.tls_multi, 0) == TLS_AUTHENTICATION_FAILED || c->c2.context_auth == CAS_FAILED)
{
const char *client_reason = tls_client_reason (c->c2.tls_multi);
send_auth_failed (c, client_reason);
ret = PUSH_MSG_AUTH_FAILURE;
}
else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
{
time_t now;
openvpn_time(&now);
if (c->c2.sent_push_reply_expiry > now)
{
ret = PUSH_MSG_ALREADY_REPLIED;
}
else
{
if (send_push_reply (c))
{
ret = PUSH_MSG_REQUEST;
c->c2.sent_push_reply_expiry = now + 30;
}
}
}
else
{
ret = PUSH_MSG_REQUEST_DEFERRED;
}
}
else
#endif
if (honor_received_options && buf_string_compare_advance (&buf, "PUSH_REPLY"))
{
const uint8_t ch = buf_read_u8 (&buf);
if (ch == ',')
{
struct buffer buf_orig = buf;
if (!c->c2.pulled_options_md5_init_done)
{
md5_state_init (&c->c2.pulled_options_state);
c->c2.pulled_options_md5_init_done = true;
}
if (!c->c2.did_pre_pull_restore)
{
pre_pull_restore (&c->options);
c->c2.did_pre_pull_restore = true;
}
if (apply_push_options (&c->options,
&buf,
permission_mask,
option_types_found,
c->c2.es))
switch (c->options.push_continuation)
{
case 0:
case 1:
md5_state_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig));
md5_state_final (&c->c2.pulled_options_state, &c->c2.pulled_options_digest);
c->c2.pulled_options_md5_init_done = false;
ret = PUSH_MSG_REPLY;
break;
case 2:
md5_state_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig));
ret = PUSH_MSG_CONTINUATION;
break;
}
}
else if (ch == '\0')
{
ret = PUSH_MSG_REPLY;
}
/* show_settings (&c->options); */
}
return ret;
}
