From patchwork Sun Nov 27 14:25:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 2863 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id OARMGHdzg2N9RQAAIUCqbw (envelope-from ) for ; Sun, 27 Nov 2022 09:25:59 -0500 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id 4G4MGHdzg2NZHwAApN4f7A (envelope-from ) for ; Sun, 27 Nov 2022 09:25:59 -0500 Received: from smtp16.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTPS id KGr2F3dzg2NLCQAAWC7mWg (envelope-from ) for ; Sun, 27 Nov 2022 09:25:59 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp16.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=lichtenheld.com X-Suspicious-Flag: YES X-Classification-ID: 691d4108-6e5f-11ed-ae71-525400ca3ad5-1-1 Received: from [216.105.38.7] ([216.105.38.7:53300] helo=lists.sourceforge.net) by smtp16.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 3E/00-15507-67373836; Sun, 27 Nov 2022 09:25:58 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1ozIb2-0000lF-MD; Sun, 27 Nov 2022 14:25:28 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ozIas-0000kT-Fq for openvpn-devel@lists.sourceforge.net; Sun, 27 Nov 2022 14:25:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=fAoR2Byr3GtvoJI8cvBareaF39p5EpoJrA6HZUlSs/E=; b=SCQEqQ2LViR56ZJmkrEu5YqufA 9MUZyNLGrCEkoJGImIMUk1nHbm3isZfw/Ffp7TBpZmpODeGbjKn3eXbET05ApPEAf6ZxmCG1hBJ7s 3O1qEz0zhR6ViOTyY5HQ02ygln9YxLarX0ODhoQBsK1lISnPMqFH5zPlTt2d3lnGaNeQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=fAoR2Byr3GtvoJI8cvBareaF39p5EpoJrA6HZUlSs/E=; b=S CspVnNxQAEz3uTUyvdq3GWVEsZABSMIdjrWbKDBkRg2aKtGk01sUi2spclCGGJettQ2Eym/K5pGe7 bGDydFZagG2D0di5HvlEZ3jFnmP0jBgxcvI+lBvRsFal86YrnN0LXyp3YwFhnlujl8A1Arr/dYYRa z7FcXDnnHlRD1KXU=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1ozIar-0002OM-AW for openvpn-devel@lists.sourceforge.net; Sun, 27 Nov 2022 14:25:18 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4NKrTv3cBGz9sV2 for ; Sun, 27 Nov 2022 15:25:07 +0100 (CET) From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Sun, 27 Nov 2022 15:25:06 +0100 Message-Id: <20221127142506.41986-1-frank@lichtenheld.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4NKrTv3cBGz9sV2 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: That makes it possible to remove several preprocessor directives which is a good thing. The cost should be negligible. Signed-off-by: Frank Lichtenheld --- src/openvpn/manage.h | 41 +++++++++++++++++++ src/openvpn/options.c | 46 +++++++++++++ src [...] Content analysis details: (-0.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.152 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1ozIar-0002OM-AW Subject: [Openvpn-devel] [PATCH] options: Always define options->management_flags X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox That makes it possible to remove several preprocessor directives which is a good thing. The cost should be negligible. Signed-off-by: Frank Lichtenheld --- src/openvpn/manage.h | 41 +++++++++++++++++++------------------- src/openvpn/options.c | 46 +++++++++++++------------------------------ src/openvpn/options.h | 6 ++++-- 3 files changed, 39 insertions(+), 54 deletions(-) I tried to make options.c less ugly. I didn't get far. But it still might be an incremental improvement. diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index f46274e6..16ac6847 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -24,6 +24,27 @@ #ifndef MANAGE_H #define MANAGE_H +/* management_open flags */ +#define MF_SERVER (1<<0) +#define MF_QUERY_PASSWORDS (1<<1) +#define MF_HOLD (1<<2) +#define MF_SIGNAL (1<<3) +#define MF_FORGET_DISCONNECT (1<<4) +#define MF_CONNECT_AS_CLIENT (1<<5) +#define MF_CLIENT_AUTH (1<<6) +/* #define MF_CLIENT_PF (1<<7) *REMOVED FEATURE* */ +#define MF_UNIX_SOCK (1<<8) +#define MF_EXTERNAL_KEY (1<<9) +#define MF_EXTERNAL_KEY_NOPADDING (1<<10) +#define MF_EXTERNAL_KEY_PKCS1PAD (1<<11) +#define MF_UP_DOWN (1<<12) +#define MF_QUERY_REMOTE (1<<13) +#define MF_QUERY_PROXY (1<<14) +#define MF_EXTERNAL_CERT (1<<15) +#define MF_EXTERNAL_KEY_PSSPAD (1<<16) +#define MF_EXTERNAL_KEY_DIGEST (1<<17) + + #ifdef ENABLE_MANAGEMENT #include "misc.h" @@ -321,26 +342,6 @@ struct user_pass; struct management *management_init(void); -/* management_open flags */ -#define MF_SERVER (1<<0) -#define MF_QUERY_PASSWORDS (1<<1) -#define MF_HOLD (1<<2) -#define MF_SIGNAL (1<<3) -#define MF_FORGET_DISCONNECT (1<<4) -#define MF_CONNECT_AS_CLIENT (1<<5) -#define MF_CLIENT_AUTH (1<<6) -/* #define MF_CLIENT_PF (1<<7) *REMOVED FEATURE* */ -#define MF_UNIX_SOCK (1<<8) -#define MF_EXTERNAL_KEY (1<<9) -#define MF_EXTERNAL_KEY_NOPADDING (1<<10) -#define MF_EXTERNAL_KEY_PKCS1PAD (1<<11) -#define MF_UP_DOWN (1<<12) -#define MF_QUERY_REMOTE (1<<13) -#define MF_QUERY_PROXY (1<<14) -#define MF_EXTERNAL_CERT (1<<15) -#define MF_EXTERNAL_KEY_PSSPAD (1<<16) -#define MF_EXTERNAL_KEY_DIGEST (1<<17) - bool management_open(struct management *man, const char *addr, const char *port, diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b7b34c9c..5eca4a39 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1952,24 +1952,24 @@ show_settings(const struct options *o) SHOW_STR_INLINE(ca_file); SHOW_STR(ca_path); SHOW_STR_INLINE(dh_file); -#ifdef ENABLE_MANAGEMENT if ((o->management_flags & MF_EXTERNAL_CERT)) { SHOW_PARM("cert_file", "EXTERNAL_CERT", "%s"); } else -#endif - SHOW_STR_INLINE(cert_file); + { + SHOW_STR_INLINE(cert_file); + } SHOW_STR_INLINE(extra_certs_file); -#ifdef ENABLE_MANAGEMENT if ((o->management_flags & MF_EXTERNAL_KEY)) { SHOW_PARM("priv_key_file", "EXTERNAL_PRIVATE_KEY", "%s"); } else -#endif - SHOW_STR_INLINE(priv_key_file); + { + SHOW_STR_INLINE(priv_key_file); + } #ifndef ENABLE_CRYPTO_MBEDTLS SHOW_STR_INLINE(pkcs12_file); #endif @@ -2425,7 +2425,7 @@ options_postprocess_verify_ce(const struct options *options, #endif /* ifdef ENABLE_MANAGEMENT */ -#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER) +#if !defined(HAVE_XKEY_PROVIDER) if ((tls_version_max() >= TLS_VER_1_3) && (options->management_flags & MF_EXTERNAL_KEY) && !(options->management_flags & (MF_EXTERNAL_KEY_NOPADDING)) @@ -2846,7 +2846,6 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); } -#ifdef ENABLE_MANAGEMENT if (options->management_flags & MF_EXTERNAL_KEY) { msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); @@ -2855,7 +2854,6 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "Parameter --management-external-cert cannot be used when --pkcs11-provider is also specified."); } -#endif if (options->pkcs12_file) { msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified."); @@ -2869,7 +2867,6 @@ options_postprocess_verify_ce(const struct options *options, } else #endif /* ifdef ENABLE_PKCS11 */ -#ifdef ENABLE_MANAGEMENT if ((options->management_flags & MF_EXTERNAL_KEY) && options->priv_key_file) { msg(M_USAGE, "--key and --management-external-key are mutually exclusive"); @@ -2886,7 +2883,6 @@ options_postprocess_verify_ce(const struct options *options, } } else -#endif #ifdef ENABLE_CRYPTOAPI if (options->cryptoapi_cert) { @@ -2902,7 +2898,6 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); } -#ifdef ENABLE_MANAGEMENT if (options->management_flags & MF_EXTERNAL_KEY) { msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); @@ -2911,7 +2906,6 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "Parameter --management-external-cert cannot be used when --cryptoapicert is also specified."); } -#endif } else #endif /* ifdef ENABLE_CRYPTOAPI */ @@ -2932,7 +2926,6 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); } -#ifdef ENABLE_MANAGEMENT if (options->management_flags & MF_EXTERNAL_KEY) { msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs12 is also specified."); @@ -2941,7 +2934,6 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "Parameter --management-external-cert cannot be used when --pkcs12 is also specified."); } -#endif #endif /* ifdef ENABLE_CRYPTO_MBEDTLS */ } else @@ -2956,12 +2948,8 @@ options_postprocess_verify_ce(const struct options *options, { const int sum = -#ifdef ENABLE_MANAGEMENT ((options->cert_file != NULL) || (options->management_flags & MF_EXTERNAL_CERT)) - +((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); -#else - (options->cert_file != NULL) + (options->priv_key_file != NULL); -#endif + + ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); if (sum == 0) { @@ -2983,14 +2971,14 @@ options_postprocess_verify_ce(const struct options *options, } else { -#ifdef ENABLE_MANAGEMENT if (!(options->management_flags & MF_EXTERNAL_CERT)) -#endif - notnull(options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); -#ifdef ENABLE_MANAGEMENT + { + notnull(options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); + } if (!(options->management_flags & MF_EXTERNAL_KEY)) -#endif - notnull(options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); + { + notnull(options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); + } } } if (ce->tls_auth_file && ce->tls_crypt_file) @@ -3999,9 +3987,7 @@ options_postprocess_filechecks(struct options *options) options->extra_certs_file, R_OK, "--extra-certs"); -#ifdef ENABLE_MANAGMENT if (!(options->management_flags & MF_EXTERNAL_KEY)) -#endif { errs |= check_file_access_inline(options->priv_key_file_inline, CHKACC_FILE|CHKACC_PRIVATE, @@ -5627,9 +5613,7 @@ bool key_is_external(const struct options *options) { bool ret = false; -#ifdef ENABLE_MANAGEMENT ret = ret || (options->management_flags & MF_EXTERNAL_KEY); -#endif #ifdef ENABLE_PKCS11 ret = ret || (options->pkcs11_providers[0] != NULL); #endif @@ -5836,7 +5820,6 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->management_flags |= MF_CONNECT_AS_CLIENT; } -#ifdef ENABLE_MANAGEMENT else if (streq(p[0], "management-external-key")) { VERIFY_PERMISSION(OPT_P_GENERAL); @@ -5885,7 +5868,6 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->management_flags |= MF_CLIENT_AUTH; } -#endif /* ifdef ENABLE_MANAGEMENT */ else if (streq(p[0], "management-log-cache") && p[1] && !p[2]) { int cache; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 68ad0cac..6f4b1f4a 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -438,10 +438,12 @@ struct options const char *management_client_user; const char *management_client_group; - /* Mask of MF_ values of manage.h */ - unsigned int management_flags; const char *management_certificate; #endif + /* Mask of MF_ values of manage.h + * Always available to simplify options.c + */ + unsigned int management_flags; #ifdef ENABLE_PLUGIN struct plugin_option_list *plugin_list;