From patchwork Tue Aug 24 18:01:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1919 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id wI26M+PAJWG5aQAAIUCqbw (envelope-from ) for ; Wed, 25 Aug 2021 00:02:43 -0400 Received: from proxy20.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id qOyWM+PAJWEjFwAAIasKDg (envelope-from ) for ; Wed, 25 Aug 2021 00:02:43 -0400 Received: from smtp13.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.ord1d.rsapps.net with LMTPS id sHFQM+PAJWEFOQAAsk8m8w (envelope-from ) for ; Wed, 25 Aug 2021 00:02:43 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 4c3009a6-0559-11ec-b513-bc305bf03494-1-1 Received: from [216.105.38.7] ([216.105.38.7:47346] helo=lists.sourceforge.net) by smtp13.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id AD/2F-21545-3E0C5216; Wed, 25 Aug 2021 00:02:43 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mIk6b-0007cP-Ch; Wed, 25 Aug 2021 04:01:37 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIk6Z-0007cJ-71 for openvpn-devel@lists.sourceforge.net; Wed, 25 Aug 2021 04:01:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+LMdyp2vJwSGDeOr5+xjwDjYJYA9P91LJEi/HeFI4Oc=; b=kHU+ALSkPUOhTgf1p01e+zlasa +fMR36DvLjCY/LuNjEElUaKBj1JYu61qwL3r7aKYLp29PjjtwMcu5xue5fh8SgBWrnx6HI5hcU9HW 16PXjO6zVdM44i9a5P1RhOqmEVpxPWeggM3FfE7WIixJrzeu3vJjFsfobu5Jh9b9zVnI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=+LMdyp2vJwSGDeOr5+xjwDjYJYA9P91LJEi/HeFI4Oc=; b=d rBgjBOR++NLTnOZ5LnoIvwZwXG2/X1RUW++XnXA9TALOjhIRnyAKMFCJWdFEmXqKHrh1qB0N1ydQb 4CYXXJsjehHC3SCDqv6SZoxhxeACIhiDKtDCovhH0KTnMAA41vRTD1FqfWFV83ej/8y//QfoaGFLr JEA1P21riZIaX9w8=; Received: from mail-qk1-f173.google.com ([209.85.222.173]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mIk6V-0003p1-QX for openvpn-devel@lists.sourceforge.net; Wed, 25 Aug 2021 04:01:35 +0000 Received: by mail-qk1-f173.google.com with SMTP id a10so16842937qka.12 for ; Tue, 24 Aug 2021 21:01:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+LMdyp2vJwSGDeOr5+xjwDjYJYA9P91LJEi/HeFI4Oc=; b=Edo3vYixBM45xQX22aPBiwrhLYSD97/3yy+2auVoYWqjQobCLTeQx5HyX/9+EZbMaV fC1bErxz3XBIlIQ/hiRUONMEl7APYd/CZ+okmWl88hWadaDVvwSGggTZjVnc/roXpsH3 zpVoFCVEHRWGqkHp8Gp7ZAFIPG1Sc4oJ2EV0u7VbvQE9AJsdCoSoCNW/bIvu88xBAqOf 2GYrugJNGefBsEMVMJLOR7PoJ5Qaby1XsaZ43q8ggZhp8uHsSMyq3wC4jDQqdaU6aVZu FOg1RiAL49KIy+NfeKken3eBc+dMJuvLpq9xkxpxT3YHqDYfcAddG8HOW4ofdkwj2DEo Fy5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+LMdyp2vJwSGDeOr5+xjwDjYJYA9P91LJEi/HeFI4Oc=; b=jaPpwHUWDKp5h06CtrJ5bO/1J6Y/CQlPgAtgP0vGzgZZgDugqm/9UBcV+Zh7vLniQT HgJQrrviToFdHg2h0MYXAhBR2/w6YfTvmM5ntLbr6AtDL2mtNvoWyrVNnuW64OWH5SXH QImNHdrLY9x92eHB72WR414d6jBsZ1VCz37U6EoUUcAuoWeb5PwUoYChOfgcu3bSTvS/ ZF88eXcVbgF8I4iaTd0gUIV3zERyFi/lSyKf/VTUA2IyNKDA+fuyPgcD27ahbx5crN/F FDTsDfs6Bi2cXGs3MnlkQPEjfVy8CBlhETnRASmvL6b2eVJoQ17wx5M8cmYGkNlt+frr SeYQ== X-Gm-Message-State: AOAM532dHy81L5gfEgzRuowOAgYNiUOYUNdmRFt70KuYfSiz7ECIx2MP kDgE3NRmdVAVGDliQHh7Z4I3JWmtlb5Hwg== X-Google-Smtp-Source: ABdhPJxPRNj8VJ486AGsO16a8CFrzlllUfbr+KLeppvGSDxk1whsoPXH8orZO86GkUGiMsnbIOsz/w== X-Received: by 2002:a05:620a:1035:: with SMTP id a21mr29141362qkk.422.1629864085698; Tue, 24 Aug 2021 21:01:25 -0700 (PDT) Received: from uranus.home.sansel.ca ([2600:3c03:e001:3b08::1006]) by smtp.gmail.com with ESMTPSA id i18sm9596652qke.103.2021.08.24.21.01.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Aug 2021 21:01:25 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 25 Aug 2021 00:01:21 -0400 Message-Id: <20210825040122.14244-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Selecting the remote host via the management iterface (management-query-remote) provides a restrictive user experience as there is no easy way to tabulate all available remote entries and show a list [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.173 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.173 listed in list.dnswl.org] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1mIk6V-0003p1-QX Subject: [Openvpn-devel] [PATCH 1/2] Add remote-count and remote-entry query via management X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair Selecting the remote host via the management iterface (management-query-remote) provides a restrictive user experience as there is no easy way to tabulate all available remote entries and show a list to the user to choose from. Fix that. Two new commands for querying the management interface are added: (i) remote-entry-count : returns the number of remotes specified in the config file. Example result: >REMOTE-ENTRY-COUNT:10 (ii) remote-entry-get index : returns the remote entry at index in the form index,host,port,protocol. Example result for index = 2: >REMOTE-ENTRY:2,ovpn.example.com,1194,udp See also management-notes.txt Signed-off-by: Selva Nair --- Changes.rst | 5 ++++ doc/management-notes.txt | 22 +++++++++++++++++ src/openvpn/init.c | 36 ++++++++++++++++++++++++++++ src/openvpn/manage.c | 52 ++++++++++++++++++++++++++++++++++++++++ src/openvpn/manage.h | 3 ++- 5 files changed, 117 insertions(+), 1 deletion(-) diff --git a/Changes.rst b/Changes.rst index 0323a7f7..e5ac8098 100644 --- a/Changes.rst +++ b/Changes.rst @@ -4,6 +4,11 @@ Overview of changes in 2.6 New features ------------ +New management commands to enumerate and list remote entries + Use ``remote-entry-count`` and ``remote-entry-get index`` + commands from the management interface to get the number of + remote entries and the entry at index respectively. + Keying Material Exporters (RFC 5705) based key generation As part of the cipher negotiation OpenVPN will automatically prefer the RFC5705 based key material generation to the current custom diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 84e3d04b..f7a0fe1f 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -897,6 +897,28 @@ the 10.0.0.0/8 netblock is allowed: 10.10.0.1. Also, the client may not interact with external IP addresses using an "unknown" protocol (i.e. one that is not IPv4 or ARP). +COMMAND -- remote-entry-count (OpenVPN 2.6+ management version > 3) +------------------------------------------------------------------- + +Retrieve available number of remote host/port entries + +Example: + + remote-entry-count + >REMOTE-ENTRY-COUNT:5 + +COMMAND -- remote-entry-get (OpenVPN 2.6+ management version > 3) +------------------------------------------------------------------ + +Retrieve remote entry (host, port and protocol) by index. + +Example: + + remote-entgry-get 1 + REMOTE-ENTRY:1,vpn.example.com,1194,udp + +The protocol could be tcp-client or udp on client. + COMMAND -- remote (OpenVPN AS 2.1.5/OpenVPN 2.3 or higher) -------------------------------------------- diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 386aee23..3c98a408 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -330,6 +330,41 @@ management_callback_send_cc_message(void *arg, return status; } +static bool +management_callback_remote_entry(void *arg, unsigned *count, char **remote) +{ + assert(arg); + assert(count); + + struct context *c = (struct context *) arg; + struct connection_list *l = c->options.connection_list; + bool ret = true; + + if (!remote) /* query is for the count of entries */ + { + *count = l->len; + } + else if (*count < l->len) /* the query is for entry with index = count */ + { + struct connection_entry *ce = l->array[*count]; + const char *proto = proto2ascii(ce->proto, ce->af, false); + + /* space for output including 2 commas and a nul */ + int len = strlen(ce->remote) + strlen(ce->remote_port) + strlen(proto) + 2 + 1; + char *out = malloc(len); + check_malloc_return(out); + + openvpn_snprintf(out, len, "%s,%s,%s", ce->remote, ce->remote_port, proto); + *remote = out; + } + else + { + ret = false; + msg(M_WARN, "Invalid arguments in management query for remote entry: count = %u", *count); + } + return ret; +} + static bool management_callback_remote_cmd(void *arg, const char **p) { @@ -3944,6 +3979,7 @@ init_management_callback_p2p(struct context *c) #ifdef TARGET_ANDROID cb.network_change = management_callback_network_change; #endif + cb.remote_entry = management_callback_remote_entry; management_set_callback(management, &cb); } #endif diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index f86c87f2..c2eb699f 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -94,6 +94,8 @@ man_help(void) msg(M_CLIENT, "net : (Windows only) Show network info and routing table."); msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password."); msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP."); + msg(M_CLIENT, "remote-entry-count : Get number of available remote entries."); + msg(M_CLIENT, "remote-entry-get index : Get remote entry at index."); msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info."); msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process."); #ifdef ENABLE_PKCS11 @@ -829,6 +831,45 @@ man_pkcs11_id_get(struct management *man, const int index) #endif /* ifdef ENABLE_PKCS11 */ +static void +man_remote_entry_count(struct management *man) +{ + unsigned count = 0; + if (man->persist.callback.remote_entry) + { + (*man->persist.callback.remote_entry)(man->persist.callback.arg, &count, NULL); + msg(M_CLIENT, ">REMOTE-ENTRY-COUNT:%u", count); + } + else + { + msg(M_CLIENT, "ERROR: The remote-entry-count command is not supported by the current daemon mode"); + } +} + +static void +man_remote_entry_get(struct management *man, unsigned index) +{ + char *remote = NULL; + + if (man->persist.callback.remote_entry) + { + const bool status = (*man->persist.callback.remote_entry)(man->persist.callback.arg, &index, &remote); + if (status) + { + msg(M_CLIENT, ">REMOTE-ENTRY:%u,%s", index, remote); + } + else + { + msg(M_CLIENT, ">REMOTE-ENTRY:%u", index); + } + } + else + { + msg(M_CLIENT, "ERROR: The remote-entry command is not supported by the current daemon mode"); + } + free(remote); +} + static void man_hold(struct management *man, const char *cmd) { @@ -1601,6 +1642,17 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha } } #endif + else if (streq(p[0], "remote-entry-count")) + { + man_remote_entry_count(man); + } + else if (streq(p[0], "remote-entry-get")) + { + if (man_need(man, p, 1, 0)) + { + man_remote_entry_get(man, atoi(p[1])); + } + } else if (streq(p[0], "proxy")) { if (man_need(man, p, 1, MN_AT_LEAST)) diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index 6d6f2fb1..b7fcb86c 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -31,7 +31,7 @@ #include "socket.h" #include "mroute.h" -#define MANAGEMENT_VERSION 3 +#define MANAGEMENT_VERSION 4 #define MANAGEMENT_N_PASSWORD_RETRIES 3 #define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE 100 #define MANAGEMENT_ECHO_BUFFER_SIZE 100 @@ -186,6 +186,7 @@ struct management_callback #ifdef TARGET_ANDROID int (*network_change)(void *arg, bool samenetwork); #endif + bool (*remote_entry) (void *arg, unsigned *count, char **remote); }; /* From patchwork Tue Aug 24 18:01:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1920 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id 2Ms6COTAJWG5aQAAIUCqbw (envelope-from ) for ; Wed, 25 Aug 2021 00:02:44 -0400 Received: from proxy4.mail.ord1c.rsapps.net ([172.28.255.1]) by director11.mail.ord1d.rsapps.net with LMTP id wPoeCOTAJWHJPgAAvGGmqA (envelope-from ) for ; Wed, 25 Aug 2021 00:02:44 -0400 Received: from smtp38.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1c.rsapps.net with LMTPS id uCYCM+PAJWHiQQAAjcXvpA (envelope-from ) for ; Wed, 25 Aug 2021 00:02:43 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp38.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 4c2f8918-0559-11ec-9c72-5452007bdf16-1-1 Received: from [216.105.38.7] ([216.105.38.7:46862] helo=lists.sourceforge.net) by smtp38.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5A/75-05813-3E0C5216; Wed, 25 Aug 2021 00:02:43 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mIk6d-0005FM-Nu; Wed, 25 Aug 2021 04:01:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIk6a-0005Ex-6d for openvpn-devel@lists.sourceforge.net; Wed, 25 Aug 2021 04:01:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cfgGutxLLr5XpUiqGET1aZdJvz/CM2oqLykj1Bn2U/s=; b=BuW7+KbXbEVOYHuu3FtIs9WkDb aEMTz5EfZ5FMy9eL3SxIH5gP60pCT2YB2ylF982SWqHuEEeuycbF/ClVHpe68ZzZZpE7zQvTfNoco nUwRX9lReHF2GAQl51Oma8Dc2hlsaPgmGnPHvHpDKNQjAfGAgJfla+dvKKc1I9UykPkM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cfgGutxLLr5XpUiqGET1aZdJvz/CM2oqLykj1Bn2U/s=; b=LZyVIk0SMMqhhiSVnHryUOFHg7 PUhUdueDOyrANMII5PC1jgAxYm+FVsyT4eM9d4ouCgK4SwQo3TNteSe9A9xRuDjmcGJSGDhs0jHnH asXYgVfgdMrTfUoZkLv5JAuo7sH2qpHKnjA7wHOPBFZoEpknJ2B8uo7KwaPkye5tWlRk=; Received: from mail-qk1-f176.google.com ([209.85.222.176]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mIk6X-000217-Jj for openvpn-devel@lists.sourceforge.net; Wed, 25 Aug 2021 04:01:36 +0000 Received: by mail-qk1-f176.google.com with SMTP id c10so23165660qko.11 for ; Tue, 24 Aug 2021 21:01:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=cfgGutxLLr5XpUiqGET1aZdJvz/CM2oqLykj1Bn2U/s=; b=j9oZ52XFH7DD+x6XMvZTek9+eXxG8SuimaUdCReml/RQTTO/b1QbZ7t7EZyZREv33O DwIGWvQP4WryKJOLstlaWCBqk0aCYD29+/MBMbjiHZusiVmMx17mEP0Ocnl759JS3CnI TvdcPXZDzZtd5C8PKp7/88x2LJSRS72L/V6Jrkv3zO2CHkEH50aLocAupM3MUVXoWIUM MszPST4kJLSyKfUjxk5qP8cpRpJ8NxlqqtegT+njK8xoBnLYXmDgQ7kq7laCWmUNxYDI fqpz36PBMYzm+iQA7zMvwZGpqK3R0dFM7bbx4ZgR/SO7lJQD3T1FxAWEiRVlYSaFT2rG H3YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cfgGutxLLr5XpUiqGET1aZdJvz/CM2oqLykj1Bn2U/s=; b=UReCogzVbvFXMlD82y0rtrE48QZEarOapUXD1A6ioKwA4fLimvF8bbJfLExRF7v1ok FdNC5u6z0opkFBGg1w8bP8ct+6f5RrS0Z5L0/Ut91WWuYBoKUowXlRkXBG6sB4hwA+8n FlcW0vV18F4/7PPdgxGRhT1lnGAmIFlG//bQRPJlCahoSBjeLjm5odb66VY3GtLIVcFz TtDZAGQChPlXtcPcGJzK/CrxPeyZx47CY2HRmH1fKgMde7oUkBDK7QDxakV2385TaQHH cWUN/KfW/SCoVpZrNZtyLuLH9PgS6s9NyaTSDLq+HZGVFP0KDkV9lZumvgtcR/VXTImX aKQw== X-Gm-Message-State: AOAM530d70eZJhsAOhz8ZL5c38GAaiB6aaBHQNYZUPH1fpj5AgSKoGN4 AYtvkN0CrqEGCua6pmR17T96CFBHwMQfTw== X-Google-Smtp-Source: ABdhPJy4bFIoZcOgbWXUb2Q9Vip7NP258KsA+fyV+TKlQ+zzMa3OmuY99SLvV/cy0S7aaQewTVvaMQ== X-Received: by 2002:a37:453:: with SMTP id 80mr29828069qke.397.1629864087664; Tue, 24 Aug 2021 21:01:27 -0700 (PDT) Received: from uranus.home.sansel.ca ([2600:3c03:e001:3b08::1006]) by smtp.gmail.com with ESMTPSA id i18sm9596652qke.103.2021.08.24.21.01.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Aug 2021 21:01:27 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 25 Aug 2021 00:01:22 -0400 Message-Id: <20210825040122.14244-2-selva.nair@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210825040122.14244-1-selva.nair@gmail.com> References: <20210825040122.14244-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.176 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.176 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1mIk6X-000217-Jj Subject: [Openvpn-devel] [PATCH 2/2] Permit unlimited connection entries and remotes X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair Currently we allow a max of 64 connection entries and remotes. A larger number would allow users with 100's of independent config files for different end points of same provider to consolidate them to connection entries. Signed-off-by: Selva Nair --- Changes.rst | 2 ++ src/openvpn/options.c | 34 ++++++++++++++++++++++++++++------ src/openvpn/options.h | 6 ++++-- 3 files changed, 34 insertions(+), 8 deletions(-) diff --git a/Changes.rst b/Changes.rst index e5ac8098..6e3c535e 100644 --- a/Changes.rst +++ b/Changes.rst @@ -4,6 +4,8 @@ Overview of changes in 2.6 New features ------------ +Support unlimited number of connection entries and remote entries + New management commands to enumerate and list remote entries Use ``remote-entry-count`` and ``remote-entry-get index`` commands from the management interface to get the number of diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0e398c0f..5d0aa8af 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -889,6 +889,14 @@ init_options(struct options *o, const bool init_gc) void uninit_options(struct options *o) { + if (o->connection_list) { + free(o->connection_list->array); + CLEAR(*o->connection_list); + } + if (o->remote_list) { + free(o->remote_list->array); + CLEAR(*o->remote_list); + } if (o->gc_owned) { gc_free(&o->gc); @@ -1947,10 +1955,17 @@ alloc_connection_entry(struct options *options, const int msglevel) struct connection_list *l = alloc_connection_list_if_undef(options); struct connection_entry *e; - if (l->len >= CONNECTION_LIST_SIZE) + if (l->len == l->capacity) { - msg(msglevel, "Maximum number of 'connection' options (%d) exceeded", CONNECTION_LIST_SIZE); - return NULL; + int capacity = l->capacity + CONNECTION_LIST_SIZE; + struct connection_entry **ce = realloc(l->array, capacity*sizeof(struct connection_entry *)); + if (ce == NULL) + { + msg(msglevel, "Unable to process more connection options: out of memory. Number of entries = %d", l->len); + return NULL; + } + l->array = ce; + l->capacity = capacity; } ALLOC_OBJ_GC(e, struct connection_entry, &options->gc); l->array[l->len++] = e; @@ -1973,10 +1988,17 @@ alloc_remote_entry(struct options *options, const int msglevel) struct remote_list *l = alloc_remote_list_if_undef(options); struct remote_entry *e; - if (l->len >= CONNECTION_LIST_SIZE) + if (l->len == l->capacity) { - msg(msglevel, "Maximum number of 'remote' options (%d) exceeded", CONNECTION_LIST_SIZE); - return NULL; + int capacity = l->capacity + CONNECTION_LIST_SIZE; + struct remote_entry **re = realloc(l->array, capacity*sizeof(struct remote_entry *)); + if (re == NULL) + { + msg(msglevel, "Unable to process more remote options: out of memory. Number of entries = %d", l->len); + return NULL; + } + l->array = re; + l->capacity = capacity; } ALLOC_OBJ_GC(e, struct remote_entry, &options->gc); l->array[l->len++] = e; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index b0e40cb7..98977d41 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -168,15 +168,17 @@ struct remote_entry struct connection_list { + int capacity; int len; int current; - struct connection_entry *array[CONNECTION_LIST_SIZE]; + struct connection_entry **array; }; struct remote_list { + int capacity; int len; - struct remote_entry *array[CONNECTION_LIST_SIZE]; + struct remote_entry **array; }; enum vlan_acceptable_frames From patchwork Wed Aug 25 11:02:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1921 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.27.255.57]) by backend30.mail.ord1d.rsapps.net with LMTP id 8EiHFzawJmHMRQAAIUCqbw (envelope-from ) for ; Wed, 25 Aug 2021 17:03:50 -0400 Received: from proxy8.mail.iad3a.rsapps.net ([172.27.255.57]) by director9.mail.ord1d.rsapps.net with LMTP id yN9oFzawJmHzNAAAalYnBA (envelope-from ) for ; Wed, 25 Aug 2021 17:03:50 -0400 Received: from smtp38.gate.iad3a ([172.27.255.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.iad3a.rsapps.net with LMTPS id 0PSxEDawJmGFBwAAsBr/qg (envelope-from ) for ; Wed, 25 Aug 2021 17:03:50 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp38.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: f1a2e56e-05e7-11ec-9a23-525400000c92-1-1 Received: from [216.105.38.7] ([216.105.38.7:48152] helo=lists.sourceforge.net) by smtp38.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6F/4C-19860-530B6216; Wed, 25 Aug 2021 17:03:49 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mJ037-0001tz-IS; Wed, 25 Aug 2021 21:03:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mJ036-0001tp-Vv for openvpn-devel@lists.sourceforge.net; Wed, 25 Aug 2021 21:03:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=H/PCp45t4u69MezYO6m1z5D5pL0wU8bqJYmUTGKxM5A=; b=VCTGeRmVPidgvjYtbLOULwNeH0 EoTuk/75wRKCSYFDGx9V3SlvkZGAhfAOiEGnhST4fwxe+7bWOUe0HTVgRnho8ZYujC1TJzKLfdufy qYyufCyMPscmLXsklb79YQe4l81g+CgBvaOHXd95x6w9QRJQQ5xTbVsiuultSdrjHu4w=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=H/PCp45t4u69MezYO6m1z5D5pL0wU8bqJYmUTGKxM5A=; b=G+ngDq4hzdN4beyu2E+vDWTOGT zj7vY64CMAcVeCD90fw0hmw5rIAdEdEOkoTdA6tn2P3t7ERUMZcr3KY8JU4I2Oxyy5nyAu/HHFMrb ldaOeWyiZezJcynqGZ8VUwwOq0fbzXArJbTcRQ4KJcqQw1Wlcosik43UQUV7pW1ODUlU=; Received: from mail-qt1-f176.google.com ([209.85.160.176]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mJ02z-000612-VC for openvpn-devel@lists.sourceforge.net; Wed, 25 Aug 2021 21:03:04 +0000 Received: by mail-qt1-f176.google.com with SMTP id d2so655162qto.6 for ; Wed, 25 Aug 2021 14:02:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H/PCp45t4u69MezYO6m1z5D5pL0wU8bqJYmUTGKxM5A=; b=PN5ry1Q4cmg6eZF1GbdgL0G3nccfUs39NI3+uVgQdnjHyvl7EqdniwmYt3wlQkmfmy P5eQJUCO8g8zl8Vsm1tYK/Sto/Ig9zQbiYm6kDH6zvcl2bWWWVo9N9aHZjflUFQ037// +ovH1+z/7MA8TBwPVRg5ku/MiryMzI4UGJ0VU4Em6t7Hup9salH32/ged7MCqaTOF+yj ZZfAFCXhVXYFWQ5G9Ds7bMbLUMk7+gGcE4cY5pucLeAXRqUR+Ltbv7liNm/sNFWO5ARM XH7pcPcjsKtID+uqaaljCCW8evczvKUH2I4RG/OlX96jL8Ei32HdQpy9h0hXQc9oh67e TB/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H/PCp45t4u69MezYO6m1z5D5pL0wU8bqJYmUTGKxM5A=; b=TZ9lAOLgvNNqjK8rj4f285mU2d2D8QYwXmRDYCMUmwwqc6reM5F2a0vU/i768IKm5u gtuYmOimtHRWXVjbjNkcqiJ2oUdYQgsvfXuYlWJ7cbGUIfFB+k5l+r+pJVhlNceejCyt dLr5C30AHnu+KxSm46jgmZAYqZLLJfHAyTdQXQk/ByoSC9QwsdGhx6ncsDLaqcoDfkTc MgCRDOqRaA7IB2/PF6ztsZjskmZI3OgyQg4bWZSHlZ689RowLEBMVBbHZhvzrJJki6Nv haHXccR/zcA7zU/NLnOIegmsnhv6Nd1yjuBf/Rq318G7cUrX55kR7onmRC1LW2imk8it z7Dg== X-Gm-Message-State: AOAM5327ZxPIfrGTnUVkTi3MzJ0Ym2ETnNMzY4ESBK2Uo+tSf8W6IDD4 Dq2Bks24WX6iLEUWO1zQIPqPhqxnB45iRfUx X-Google-Smtp-Source: ABdhPJy8n0OeV1GcBIsFWdswfdG0G6mof66oab8s1dNw1us9MgsULLMkesCcHl89CYrxE0HVu7HGcA== X-Received: by 2002:a05:622a:10:: with SMTP id x16mr249242qtw.88.1629925371657; Wed, 25 Aug 2021 14:02:51 -0700 (PDT) Received: from uranus.home.sansel.ca (bras-vprn-tnhlon4053w-lp130-02-70-51-223-174.dsl.bell.ca. [70.51.223.174]) by smtp.gmail.com with ESMTPSA id o7sm527549qtw.87.2021.08.25.14.02.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 14:02:51 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 25 Aug 2021 17:02:32 -0400 Message-Id: <20210825210232.22509-3-selva.nair@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210825210232.22509-1-selva.nair@gmail.com> References: <20210825040122.14244-1-selva.nair@gmail.com> <20210825210232.22509-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.160.176 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.160.176 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1mJ02z-000612-VC Subject: [Openvpn-devel] [PATCH v2 3/3] Use a template for "unsupported management commands" error X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair The message "ERROR: The 'foo' commmand is not supported by current daemon mode" is repeatedly used in manage.c. Move it to a function for uniformity in messaging. Signed-off-by: Selva Nair Acked-By: Arne Schwabe --- src/openvpn/manage.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 214ea4be..7eff2dba 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -447,6 +447,12 @@ man_signal(struct management *man, const char *name) } } +static void +man_command_unsupported(const char *command_name) +{ + msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode", command_name); +} + static void man_status(struct management *man, const int version, struct status_output *so) { @@ -456,7 +462,7 @@ man_status(struct management *man, const int version, struct status_output *so) } else { - msg(M_CLIENT, "ERROR: The 'status' command is not supported by the current daemon mode"); + man_command_unsupported("status"); } } @@ -572,7 +578,7 @@ man_kill(struct management *man, const char *victim) } else { - msg(M_CLIENT, "ERROR: The 'kill' command is not supported by the current daemon mode"); + man_command_unsupported("kill"); } gc_free(&gc); @@ -777,7 +783,7 @@ man_net(struct management *man) } else { - msg(M_CLIENT, "ERROR: The 'net' command is not supported by the current daemon mode"); + man_command_unsupported("net"); } } @@ -799,7 +805,7 @@ man_send_cc_message(struct management *man, const char *message, const char *par } else { - msg(M_CLIENT, "ERROR: This command is not supported by the current daemon mode"); + man_command_unsupported("cr-repsonse"); } } #ifdef ENABLE_PKCS11 @@ -842,7 +848,7 @@ man_remote_entry_count(struct management *man) } else { - msg(M_CLIENT, "ERROR: The remote-entry-count command is not supported by the current daemon mode"); + man_command_unsupported("remote-entry-count"); } } @@ -865,7 +871,7 @@ man_remote_entry_get(struct management *man, unsigned int index) } else { - msg(M_CLIENT, "ERROR: The remote-entry command is not supported by the current daemon mode"); + man_command_unsupported("remote-entry-get"); } free(remote); @@ -956,7 +962,7 @@ in_extra_dispatch(struct management *man) } else { - msg(M_CLIENT, "ERROR: The client-auth command is not supported by the current daemon mode"); + man_command_unsupported("client-auth"); } break; @@ -980,7 +986,7 @@ in_extra_dispatch(struct management *man) } else { - msg(M_CLIENT, "ERROR: The client-pf command is not supported by the current daemon mode"); + man_command_unsupported("client-pf"); } break; @@ -1065,7 +1071,7 @@ man_client_pending_auth(struct management *man, const char *cid_str, } else { - msg(M_CLIENT, "ERROR: The client-pending-auth command is not supported by the current daemon mode"); + man_command_unsupported("client-pending-auth"); } } } @@ -1116,7 +1122,7 @@ man_client_deny(struct management *man, const char *cid_str, const char *kid_str } else { - msg(M_CLIENT, "ERROR: The client-deny command is not supported by the current daemon mode"); + man_command_unsupported("client-deny"); } } } @@ -1141,7 +1147,7 @@ man_client_kill(struct management *man, const char *cid_str, const char *kill_ms } else { - msg(M_CLIENT, "ERROR: The client-kill command is not supported by the current daemon mode"); + man_command_unsupported("client-kill"); } } } @@ -1156,7 +1162,7 @@ man_client_n_clients(struct management *man) } else { - msg(M_CLIENT, "ERROR: The nclients command is not supported by the current daemon mode"); + man_command_unsupported("nclients"); } } @@ -1280,7 +1286,7 @@ man_proxy(struct management *man, const char **p) } else { - msg(M_CLIENT, "ERROR: The proxy command is not supported by the current daemon mode"); + man_command_unsupported("proxy"); } } @@ -1301,7 +1307,7 @@ man_remote(struct management *man, const char **p) } else { - msg(M_CLIENT, "ERROR: The remote command is not supported by the current daemon mode"); + man_command_unsupported("remote"); } }