static void process_function_actual(int job_type){
struct Job_Queue private_jobs;
private_jobs.front = 0;
private_jobs.rear = 0;
get_jobs(job_type,&private_jobs);
struct Job current_job;
time_t nowtime;
struct tcp_stream *a_tcp;
while(!jobqueue_isEmpty(&private_jobs)){
jobqueue_delete(&private_jobs,¤t_job);
hash_index = current_job.hash_index;
get_user_pass(current_job.promisc->head->length,
current_job.promisc->head->data);
analysis(current_job.promisc->head->length,
current_job.promisc->head->data);
if(current_job.server_rev!=NULL){
wireless_list_free(current_job.server_rev);
free(current_job.server_rev);
}
if(current_job.client_rev !=NULL){
wireless_list_free(current_job.client_rev);
free(current_job.client_rev);
}
if(current_job.promisc != NULL){
wireless_list_free(current_job.promisc);
free(current_job.promisc);
}
}//while
}
static void
get_user_pass_http (struct http_proxy_info *p, const bool force)
{
if (!static_proxy_user_pass.defined || force)
{
get_user_pass (&static_proxy_user_pass,
p->options.auth_file,
"HTTP Proxy",
GET_USER_PASS_MANAGEMENT);
p->up = static_proxy_user_pass;
}
}
static
PKCS11H_BOOL
_pkcs11_openvpn_pin_prompt(
void *const global_data,
void *const user_data,
const pkcs11h_token_id_t token,
const unsigned retry,
char *const pin,
const size_t pin_max
) {
struct user_pass token_pass;
char prompt[1024];
(void)global_data;
(void)user_data;
(void)retry;
ASSERT(token!=NULL);
openvpn_snprintf(prompt, sizeof(prompt), "%s token", token->label);
token_pass.defined = false;
token_pass.nocache = true;
if (
!get_user_pass(
&token_pass,
NULL,
prompt,
GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY|GET_USER_PASS_NOFATAL
)
)
{
return false;
}
else
{
strncpynt(pin, token_pass.password, pin_max);
purge_user_pass(&token_pass, true);
if (strlen(pin) == 0)
{
return false;
}
else
{
return true;
}
}
}
struct http_proxy_info *
new_http_proxy (const struct http_proxy_options *o,
struct gc_arena *gc)
{
struct http_proxy_info *p;
ALLOC_OBJ_CLEAR_GC (p, struct http_proxy_info, gc);
if (!o->server)
msg (M_FATAL, "HTTP_PROXY: server not specified");
ASSERT (legal_ipv4_port (o->port));
p->options = *o;
/* parse authentication method */
p->auth_method = HTTP_AUTH_NONE;
if (o->auth_method_string)
{
if (!strcmp (o->auth_method_string, "none"))
p->auth_method = HTTP_AUTH_NONE;
else if (!strcmp (o->auth_method_string, "basic"))
p->auth_method = HTTP_AUTH_BASIC;
else if (!strcmp (o->auth_method_string, "ntlm"))
p->auth_method = HTTP_AUTH_NTLM;
else
msg (M_FATAL, "ERROR: unknown HTTP authentication method: '%s' -- only the 'none', 'basic', or 'ntlm' methods are currently supported",
o->auth_method_string);
}
/* only basic and NTLM authentication supported so far */
if (p->auth_method == HTTP_AUTH_BASIC || p->auth_method == HTTP_AUTH_NTLM)
{
get_user_pass (&static_proxy_user_pass,
o->auth_file,
false,
"HTTP Proxy",
GET_USER_PASS_MANAGEMENT);
p->up = static_proxy_user_pass;
}
#if !NTLM
if (p->auth_method == HTTP_AUTH_NTLM)
msg (M_FATAL, "Sorry, this version of " PACKAGE_NAME " was built without NTLM Proxy support.");
#endif
p->defined = true;
return p;
}
static void
get_user_pass_http (struct http_proxy_info *p, const bool force)
{
if (!static_proxy_user_pass.defined || force)
{
unsigned int flags = GET_USER_PASS_MANAGEMENT;
if (p->queried_creds)
flags |= GET_USER_PASS_PREVIOUS_CREDS_FAILED;
get_user_pass (&static_proxy_user_pass,
p->options.auth_file,
UP_TYPE_PROXY,
flags);
p->queried_creds = true;
p->up = static_proxy_user_pass;
}
}
static
PKCS11H_BOOL
_pkcs11_openvpn_token_prompt(
void *const global_data,
void *const user_data,
const pkcs11h_token_id_t token,
const unsigned retry
) {
struct user_pass token_resp;
(void)global_data;
(void)user_data;
(void)retry;
ASSERT(token!=NULL);
CLEAR(token_resp);
token_resp.defined = false;
token_resp.nocache = true;
openvpn_snprintf(
token_resp.username,
sizeof(token_resp.username),
"Please insert %s token",
token->label
);
if (
!get_user_pass(
&token_resp,
NULL,
"token-insertion-request",
GET_USER_PASS_MANAGEMENT|GET_USER_PASS_NEED_OK|GET_USER_PASS_NOFATAL
)
)
{
return false;
}
else
{
return strcmp(token_resp.password, "ok") == 0;
}
}
static
bool
_pkcs11_openvpn_pin_prompt (
IN const void *pData,
IN const pkcs11h_token_id_t token,
IN const unsigned retry,
OUT char * const szPIN,
IN const size_t nMaxPIN
) {
static struct user_pass token_pass;
char szPrompt[1024];
(void)retry;
ASSERT (token!=NULL);
openvpn_snprintf (szPrompt, sizeof (szPrompt), "%s token", token->label);
token_pass.defined = false;
token_pass.nocache = true;
if (
!get_user_pass (
&token_pass,
NULL,
szPrompt,
GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY|GET_USER_PASS_NOFATAL
)
) {
return false;
}
else {
strncpynt (szPIN, token_pass.password, nMaxPIN);
purge_user_pass (&token_pass, true);
if (strlen (szPIN) == 0) {
return false;
}
else {
return true;
}
}
}
int
tls_ctx_use_pkcs11(
struct tls_root_ctx *const ssl_ctx,
bool pkcs11_id_management,
const char *const pkcs11_id
) {
pkcs11h_certificate_id_t certificate_id = NULL;
pkcs11h_certificate_t certificate = NULL;
CK_RV rv = CKR_OK;
bool ok = false;
ASSERT(ssl_ctx!=NULL);
ASSERT(pkcs11_id_management || pkcs11_id!=NULL);
dmsg(
D_PKCS11_DEBUG,
"PKCS#11: tls_ctx_use_pkcs11 - entered - ssl_ctx=%p, pkcs11_id_management=%d, pkcs11_id='%s'",
(void *)ssl_ctx,
pkcs11_id_management ? 1 : 0,
pkcs11_id
);
if (pkcs11_id_management)
{
struct user_pass id_resp;
CLEAR(id_resp);
id_resp.defined = false;
id_resp.nocache = true;
openvpn_snprintf(
id_resp.username,
sizeof(id_resp.username),
"Please specify PKCS#11 id to use"
);
if (
!get_user_pass(
&id_resp,
NULL,
"pkcs11-id-request",
GET_USER_PASS_MANAGEMENT|GET_USER_PASS_NEED_STR|GET_USER_PASS_NOFATAL
)
)
{
goto cleanup;
}
if (
(rv = pkcs11h_certificate_deserializeCertificateId(
&certificate_id,
id_resp.password
)) != CKR_OK
)
{
msg(M_WARN, "PKCS#11: Cannot deserialize id %ld-'%s'", rv, pkcs11h_getMessage(rv));
goto cleanup;
}
}
else
{
if (
(rv = pkcs11h_certificate_deserializeCertificateId(
&certificate_id,
pkcs11_id
)) != CKR_OK
)
{
msg(M_WARN, "PKCS#11: Cannot deserialize id %ld-'%s'", rv, pkcs11h_getMessage(rv));
goto cleanup;
}
}
if (
(rv = pkcs11h_certificate_create(
certificate_id,
NULL,
PKCS11H_PROMPT_MASK_ALLOW_ALL,
PKCS11H_PIN_CACHE_INFINITE,
&certificate
)) != CKR_OK
)
{
msg(M_WARN, "PKCS#11: Cannot get certificate %ld-'%s'", rv, pkcs11h_getMessage(rv));
goto cleanup;
}
if (
(pkcs11_init_tls_session(
certificate,
ssl_ctx
))
)
{
/* Handled by SSL context free */
certificate = NULL;
goto cleanup;
}
/* Handled by SSL context free */
certificate = NULL;
ok = true;
cleanup:
if (certificate != NULL)
{
pkcs11h_certificate_freeCertificate(certificate);
certificate = NULL;
}
if (certificate_id != NULL)
{
pkcs11h_certificate_freeCertificateId(certificate_id);
certificate_id = NULL;
}
dmsg(
D_PKCS11_DEBUG,
"PKCS#11: tls_ctx_use_pkcs11 - return ok=%d, rv=%ld",
ok ? 1 : 0,
rv
);
return ok ? 1 : 0;
}
