static void pf_addr_test_print(const char *prefix, const char *prefix2, const struct context *src, const struct mroute_addr *dest, const bool allow, const struct ipv4_subnet *rule) { struct gc_arena gc = gc_new(); if (rule) { dmsg(D_PF_DEBUG, "PF: %s/%s %s %s %s rule=[%s/%s %s]", prefix, prefix2, tls_common_name(src->c2.tls_multi, false), mroute_addr_print_ex(dest, MAPF_SHOW_ARP, &gc), drop_accept(allow), print_in_addr_t(rule->network, 0, &gc), print_in_addr_t(rule->netmask, 0, &gc), drop_accept(!rule->exclude)); } else { dmsg(D_PF_DEBUG, "PF: %s/%s %s %s %s", prefix, prefix2, tls_common_name(src->c2.tls_multi, false), mroute_addr_print_ex(dest, MAPF_SHOW_ARP, &gc), drop_accept(allow)); } gc_free(&gc); }
/* * Send a string to remote over the TLS control channel. * Used for push/pull messages, passing username/password, * etc. */ bool send_control_channel_string (struct context *c, const char *str, int msglevel) { #if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) if (c->c2.tls_multi) { struct gc_arena gc = gc_new (); bool stat; /* buffered cleartext write onto TLS control channel */ stat = tls_send_payload (c->c2.tls_multi, (uint8_t*) str, strlen (str) + 1); /* * Reschedule tls_multi_process. * NOTE: in multi-client mode, usually the below two statements are * insufficient to reschedule the client instance object unless * multi_schedule_context_wakeup(m, mi) is also called. */ interval_action (&c->c2.tmp_int); context_immediate_reschedule (c); /* ZERO-TIMEOUT */ msg (msglevel, "SENT CONTROL [%s]: '%s' (status=%d)", tls_common_name (c->c2.tls_multi, false), sanitize_control_message (str, &gc), (int) stat); gc_free (&gc); return stat; } #endif return true; }
/* * Send a string to remote over the TLS control channel. * Used for push/pull messages, passing username/password, * etc. */ bool send_control_channel_string (struct context *c, const char *str, int msglevel) { #if defined(USE_CRYPTO) && defined(USE_SSL) if (c->c2.tls_multi) { bool stat; /* buffered cleartext write onto TLS control channel */ stat = tls_send_payload (c->c2.tls_multi, (uint8_t*) str, strlen (str) + 1); /* reschedule tls_multi_process */ interval_action (&c->c2.tmp_int); context_immediate_reschedule (c); /* ZERO-TIMEOUT */ msg (msglevel, "SENT CONTROL [%s]: '%s' (status=%d)", tls_common_name (c->c2.tls_multi, false), str, (int) stat); return stat; } #endif return true; }
bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix) { if (pfs && !pfs->kill) { const char *cn; uint32_t cn_hash; if (tls_common_name_hash(tm, &cn, &cn_hash)) { const struct pf_cn *rule = lookup_cn_rule(pfs->cns.hash_table, cn, cn_hash); if (rule) { #ifdef ENABLE_DEBUG if (check_debug_level(D_PF_DEBUG)) { pf_cn_test_print("PF_CN_MATCH", type, prefix, cn, !rule->exclude, rule); } #endif if (!rule->exclude) { return true; } else { return false; } } else { #ifdef ENABLE_DEBUG if (check_debug_level(D_PF_DEBUG)) { pf_cn_test_print("PF_CN_DEFAULT", type, prefix, cn, pfs->cns.default_allow, NULL); } #endif if (pfs->cns.default_allow) { return true; } else { return false; } } } } #ifdef ENABLE_DEBUG if (check_debug_level(D_PF_DEBUG)) { pf_cn_test_print("PF_CN_FAULT", type, prefix, tls_common_name(tm, false), false, NULL); } #endif return false; }