mirror of
https://github.com/deneraraujo/OpenVPNAdapter.git
synced 2026-02-11 00:00:08 +08:00
5edb23a7ab
275cf80efb mac/tuncli: Don't take address of temporary error. 1406187bfc tun/win/tunutil: Don't auto& a temporary iterator. fe7f984c5d ip/ping6: Use _WIN32, not _MSC_VER (to fix MinGW). 03a906771e win: add OpenSSL as solution configuration 89cc11b300 win: enable building Windows client with OpenSSL febb24e7d9 openssl/compat.hpp: remove functions already defined in OpenSSL 0833eb1f76 linux/tunsetup: Fix missing asio/errinfo declaration d54b742910 linux: Improve cpu_time() using glibc/kernel methods a55fe2b554 tests: Added unit test for linux/cputime.hpp e33a00e6de [OVPN3-431] agent: Wintun support for agent 42592eb1b1 appveyor: initial commit 3e3f2078e6 win: rename env var in project file a2496a3616 Wintun: experimental support 58a7866b45 build script: added OPENSSL_DIST parameter to specify a custom OpenSSL build 288ea0277e OpenSSLContext: SSL_CTX_set_ecdh_auto() becomes a no-op in OpenSSL 1.1, so #ifdef out to avoid compiler warnings 3ef5059fa6 TLSSessionTicketBase: removed the ERROR symbol from a local enum in case it conflicts with a global preprocessor symbol 3364ed76b8 TLSSessionTicketBase: removed trailing comma from Status enum 025c7bad88 mbedtls/sslctx: Fix missing override in virtual methods 6cb3243681 mbedTLS: ssl() method accepting hostname should check if it is null ca31da7d28 bio_memq_stream.hpp: fixed multi-thread race (introduced with OpenSSL 1.1 support) using init_static() approach 2deb402223 OpenSSLContext::tls_ticket_key_callback: get self with SSL_get_ex_data instead of ssl->ctx->app_verify_arg eec139a100 MSF::find: renamed template type names to avoid conflict with preprocessor symbol (ITER) in test/ssl/proto.cpp 1024d37f33 str_neq: fixed bug where neq was not initialized c00b6f6302 Listen::List: refactored and extended expand_ports() 448c549a0b cpu_time(): added bool thread parameter to return CPU time of current thread (instead of process) 868801d7d9 Linux library: added cpu_time() method to return the CPU time of the current process 964d2cd428 SSL layer: added did_full_handshake() method and implemented for OpenSSL dd18d6c806 crypto::str_neq: use atomic_thread_fence(std::memory_order_acq_rel) instead of OPENVPN_COMPILER_FENCE 6a30af9528 OpenSSLSessionCache: use map instead of unordered_map 3ecbcbc81b OptionList: fixed compile errors that occur when get_num<T>() is used with a const type 72e9f858e4 SSL: added SSLConst::PEER_CERT_OPTIONAL flag and implemented for OpenSSL 33f15c8840 OpenSSL: use OPENSSL_VERSION_NUMBER instead of SSLEAY_VERSION_NUMBER cadb712ea9 ProfileMerge: added "static-key" to is_fileref_directive() 85befa316a TLS session tickets: work around an issue in OpenSSL session ticket keying callback f43c4c1440 TLSSessionTicketBase: misc fixes/enhancements c5f4d59d39 OpenSSLContext: added missing X509_free() to rebuild_authcert() 658fcc50eb OptionList: added get_num methods with min/max but no default 162eeaa485 SSL layer: added RFC 5077 TLS session resumption ticket support e0a821ddd6 OpenSSLContext: use C++11 member initializers 1ea5acce3c OpenSSLContext: minor changes to handshake_details() 74c0a4f995 string: added copy_fill() method 3e5921c06d AuthCert: added is_uninitialized() method 3d6b6b2319 library: added convenience method MSF::find() for maps/sets 18f5f4d1b5 SSLConfigAPI: remove set_enable_renegotiation() 18dcfd616c Added crypto::str_neq() function for securely comparing variable-length strings 4fc5725b9e RunContext: added get_servers() method ae22f155fd server: determine when server-side session ID should be preserved on soon-to-be-closed connections 5e34759d50 client: HALT/RESTART message was not properly purging the Session ID when required e1647eb407 Fix builds with GCC 4.8 compilers b55f78dd1d test_sitnl.cpp: account for old iptools output 236d39258b Allow overriding DEP_DIR by environment variable d56e049ea4 Refactor dependencies to be in a cmake script e9dc75ec90 sitnl: add unit tests faad8454be sitnl: pick the best gw by longest prefix and lowest metric dfcc4bc437 [OVPN3-354] cli.cpp: support for round-robin DNS and redirect gw 8a502f3b61 [OVPN3-354] tun linux: support for round-robin DNS and redirect gw c9315c7dc1 gwnetlink.hpp: specify destination when looking for gateway 89f091daf0 sitnl: implement interface filtering when looking for gateway 220de072a2 sitnl: support for multipart messages 5771dfc0ee transport: remove ip_hole_punch API d448b4a7db tun/builder/client.hpp: use "override" method specifier d85e92621d Make reproducible builds possible 7150f72e09 tun: remove code duplications in Linux tun implementations 8112f0cd7c [OVPN3-378] cli: support for TunBuilder API 6f0e9f6388 Fix Asio 0003 patch. 964662bacb Add /bigobj to build.py 74e40a8907 Upgrade ASIO to 0.13.0 a2713ce1f6 PureTLS: enable SNI by default when configuring client 19a44dbdda Merge branch 'qa' a5fdf43726 InitProcess: comment clarification that crypto_init declaration causes SSL library init when instantiated dec3bc140e OpenSSL: Revert a commit that breaks OpenSSL initialization 16a4e3d4a7 [OVPN3-405] asio: A quick fix for incorrect error message encoding aa785c30c1 Fix Base64::UCharWrap compiler warnings 51a1469e6b Merge various fixes 218cfa39cb Explicitly disable TAP support when parsing configurations 3a0e768ecd Explicitly disable any potential TAP support aba98471fc Fix base64 unit test with mbedtls and windows 9f84174f0b Add unit tests for Base64 017bc545ce Add base64 decode for void* data 452a353b2d Fix lzo build script to use it as dependency for the unit tests dfdd528dc1 Convert unit test to Googletest bd9ee482e6 Add copyright header to test_comp 059f20f2b2 Move compression unit test from common to core repository 5a024cde5c Added Snappy corpus for testing compression/decompression. ec4d400933 Add compatibility functions for OpenSSL 1.1.0 9768562a01 OpenSSL 1.1: Add argument to external sign to specify algorithm 1bbd2cc78c OpenSSL 1.1: Replace RSA_F_RSA_EAY_PRIVATE_ENCRYPT with Openssl variant c959a3cff0 OpenSSL 1.1: Replace remaining direct access to members 4307f024ca OpenSSL 1.1: And missing remaining compat implementations 3385c45151 OpenSSL 1.1: Use opaque pointer for HMAC_CTX f29453f4ca OpenSSL 1.1: Add compat includes for HMAC c107a1f6ab OpenSSL 1.1: Remove support for OpenSSL older than 1.0.0 024a10adc2 OpenSSL 1.1: Use EVP_MD_ctx as opaque pointer 35d82906c4 OpenSSL 1.1: Change EVP_CIPHER ctx field to pointer ebf4b7e87d OpenSSL 1.1: Use X509_digest to get certificate digest 7d3e5d02f2 OpenSSL 1.1: Use SSL_get_ex_data instead of direct access 8717f822ca OpenSSL 1.1: Replace ctx->current with X509_STORE_CTX_get_current_cert 67fbe1ab3f OpenSSL 1.1: Use X509_check_purpose to check certificate types 7b5a92d58e OpenSSL 1.1: Change OpenSSL TLS version logic to match mbed TLS c28b7d1893 OpenSSL 1.1: Adjust default OpenSSL cipher suites f108044a09 OpenSSL 1.1: Add defines for TLS 1.3 in tlsver.hpp ee1308b505 OpenSSL 1.1: Replace initialisation of RSA_meth with access method 905d681af1 OpenSSL 1.1: Use standard tls methods cf28e4600c OpenSSL 1.1: Change BIO wrappers around to use access methods 5e6571163d OpenSSL 1.1: Implement compat methods for new BIO methods in 1.0.2 8837539a73 Use std::nothrow as argument for new e6ec025932 Merge branch 'qa' 752a38c067 [OVPN3-397] size.hpp: wrap typedef in guards d4e50f8c54 Merge branch 'qa' d8d14e1991 [UCONNECT-1027] implement ResolveThread and ensure it is properly detachable 525a9a88a6 Merge branch qa 30ea53cb92 Replace custom memcpy implementation de7c672ee7 Workaround for compiler bug in memneq 84fcecd5e7 Fix missing override annotation in udp/tcp/httpcli 1a3a69a496 [UCONNECT-1027] use one AsioWork object for the whole pre-resolve opertation c4cbf93f9b Revert "[UCONNECT-1027] remotelist: create standalone object for resolve thread" 6ef089164e Allow unit tests to be also compiled with mbed TLS and on Windows 7c67bf7f50 Add unit tests for route emulation and establish common test suite 64a7b2f124 Add build file for core unit tests 0a0d080a49 Implement allowing local LAN access 2105b4b7c0 Fix Android route exclusion emulation git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn git-subtree-split: 275cf80efb7a08adc920f7ca49075c776e596b08
1399 lines
38 KiB
C++
1399 lines
38 KiB
C++
// OpenVPN -- An application to securely tunnel IP networks
|
|
// over a single port, with support for SSL/TLS-based
|
|
// session authentication and key exchange,
|
|
// packet encryption, packet authentication, and
|
|
// packet compression.
|
|
//
|
|
// Copyright (C) 2012-2017 OpenVPN Inc.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License Version 3
|
|
// as published by the Free Software Foundation.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program in the COPYING file.
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
// Implementation file for OpenVPNClient API defined in ovpncli.hpp.
|
|
|
|
#include <iostream>
|
|
#include <string>
|
|
#include <memory>
|
|
#include <utility>
|
|
#include <atomic>
|
|
|
|
#include <openvpn/io/io.hpp>
|
|
|
|
// Set up export of our public interface unless
|
|
// OPENVPN_CORE_API_VISIBILITY_HIDDEN is defined
|
|
#if defined(__GNUC__)
|
|
#define OPENVPN_CLIENT_EXPORT
|
|
#ifndef OPENVPN_CORE_API_VISIBILITY_HIDDEN
|
|
#pragma GCC visibility push(default)
|
|
#endif
|
|
#include "ovpncli.hpp" // public interface
|
|
#ifndef OPENVPN_CORE_API_VISIBILITY_HIDDEN
|
|
#pragma GCC visibility pop
|
|
#endif
|
|
#else
|
|
// no public interface export defined for this compiler
|
|
#define OPENVPN_CLIENT_EXPORT
|
|
#include "ovpncli.hpp" // public interface
|
|
#endif
|
|
|
|
// debug settings (production setting in parentheses)
|
|
|
|
//#define OPENVPN_DUMP_CONFIG // dump parsed configuration (comment out)
|
|
//#define OPENVPN_DEBUG_CLIPROTO // shows packets in/out (comment out)
|
|
#define OPENVPN_DEBUG_PROTO 1 // increases low-level protocol verbosity (1)
|
|
//#define OPENVPN_DEBUG_PROTO_DUMP // dump hex of transport-layer packets, requires OPENVPN_DEBUG_CLIPROTO (comment out)
|
|
//#define OPENVPN_DEBUG_VERBOSE_ERRORS // verbosely log Error::Type errors (comment out)
|
|
#define OPENVPN_DEBUG_TUN 2 // debug level for tun object (2)
|
|
#define OPENVPN_DEBUG_UDPLINK 2 // debug level for UDP link object (2)
|
|
#define OPENVPN_DEBUG_TCPLINK 2 // debug level for TCP link object (2)
|
|
#define OPENVPN_DEBUG_COMPRESS 1 // debug level for compression objects (1)
|
|
#define OPENVPN_DEBUG_REMOTELIST 0 // debug level for RemoteList object (0)
|
|
#define OPENVPN_DEBUG_TUN_BUILDER 0 // debug level for tun/builder/client.hpp (0)
|
|
//#define OPENVPN_SHOW_SESSION_TOKEN // show server-pushed auth-token (comment out)
|
|
//#define OPENVPN_DEBUG_TAPWIN // shows Windows TAP driver debug logging (comment out)
|
|
|
|
// enable assertion checks (can safely be disabled in production)
|
|
//#define OPENVPN_ENABLE_ASSERT
|
|
|
|
// force null tun device (useful for testing)
|
|
//#define OPENVPN_FORCE_TUN_NULL
|
|
|
|
// log cleartext tunnel packets to file for debugging/analysis
|
|
//#define OPENVPN_PACKET_LOG "pkt.log"
|
|
|
|
#ifndef OPENVPN_LOG
|
|
// log thread settings
|
|
#define OPENVPN_LOG_CLASS openvpn::ClientAPI::LogReceiver
|
|
#define OPENVPN_LOG_INFO openvpn::ClientAPI::LogInfo
|
|
#include <openvpn/log/logthread.hpp> // should be included early
|
|
#endif
|
|
|
|
// log SSL handshake messages
|
|
#define OPENVPN_LOG_SSL(x) OPENVPN_LOG(x)
|
|
|
|
// on Android and iOS, use TunBuilderBase abstraction
|
|
#include <openvpn/common/platform.hpp>
|
|
#if (defined(OPENVPN_PLATFORM_ANDROID) || defined(OPENVPN_PLATFORM_IPHONE)) && !defined(OPENVPN_FORCE_TUN_NULL) && !defined(OPENVPN_EXTERNAL_TUN_FACTORY)
|
|
#define USE_TUN_BUILDER
|
|
#endif
|
|
|
|
#include <openvpn/init/initprocess.hpp>
|
|
#include <openvpn/common/bigmutex.hpp>
|
|
#include <openvpn/common/size.hpp>
|
|
#include <openvpn/common/platform_string.hpp>
|
|
#include <openvpn/common/count.hpp>
|
|
#include <openvpn/asio/asiostop.hpp>
|
|
#include <openvpn/time/asiotimer.hpp>
|
|
#include <openvpn/client/cliconnect.hpp>
|
|
#include <openvpn/client/cliopthelper.hpp>
|
|
#include <openvpn/options/merge.hpp>
|
|
#include <openvpn/error/excode.hpp>
|
|
#include <openvpn/crypto/selftest.hpp>
|
|
|
|
// copyright
|
|
#include <openvpn/legal/copyright.hpp>
|
|
|
|
namespace openvpn {
|
|
namespace ClientAPI {
|
|
|
|
OPENVPN_SIMPLE_EXCEPTION(app_expired);
|
|
|
|
class MySessionStats : public SessionStats
|
|
{
|
|
public:
|
|
typedef RCPtr<MySessionStats> Ptr;
|
|
|
|
MySessionStats(OpenVPNClient* parent_arg)
|
|
: parent(parent_arg)
|
|
{
|
|
std::memset(errors, 0, sizeof(errors));
|
|
#ifdef OPENVPN_DEBUG_VERBOSE_ERRORS
|
|
session_stats_set_verbose(true);
|
|
#endif
|
|
}
|
|
|
|
static size_t combined_n()
|
|
{
|
|
return N_STATS + Error::N_ERRORS;
|
|
}
|
|
|
|
static std::string combined_name(const size_t index)
|
|
{
|
|
if (index < N_STATS + Error::N_ERRORS)
|
|
{
|
|
if (index < N_STATS)
|
|
return stat_name(index);
|
|
else
|
|
return Error::name(index - N_STATS);
|
|
}
|
|
else
|
|
return "";
|
|
}
|
|
|
|
count_t combined_value(const size_t index) const
|
|
{
|
|
if (index < N_STATS + Error::N_ERRORS)
|
|
{
|
|
if (index < N_STATS)
|
|
return get_stat(index);
|
|
else
|
|
return errors[index - N_STATS];
|
|
}
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
count_t stat_count(const size_t index) const
|
|
{
|
|
return get_stat_fast(index);
|
|
}
|
|
|
|
count_t error_count(const size_t index) const
|
|
{
|
|
return errors[index];
|
|
}
|
|
|
|
void detach_from_parent()
|
|
{
|
|
parent = nullptr;
|
|
}
|
|
|
|
virtual void error(const size_t err, const std::string* text=nullptr)
|
|
{
|
|
if (err < Error::N_ERRORS)
|
|
{
|
|
#ifdef OPENVPN_DEBUG_VERBOSE_ERRORS
|
|
if (text)
|
|
OPENVPN_LOG("ERROR: " << Error::name(err) << " : " << *text);
|
|
else
|
|
OPENVPN_LOG("ERROR: " << Error::name(err));
|
|
#endif
|
|
++errors[err];
|
|
}
|
|
}
|
|
|
|
private:
|
|
OpenVPNClient* parent;
|
|
count_t errors[Error::N_ERRORS];
|
|
};
|
|
|
|
class MyClientEvents : public ClientEvent::Queue
|
|
{
|
|
public:
|
|
typedef RCPtr<MyClientEvents> Ptr;
|
|
|
|
MyClientEvents(OpenVPNClient* parent_arg) : parent(parent_arg) {}
|
|
|
|
virtual void add_event(ClientEvent::Base::Ptr event) override
|
|
{
|
|
if (parent)
|
|
{
|
|
Event ev;
|
|
ev.name = event->name();
|
|
ev.info = event->render();
|
|
ev.error = event->is_error();
|
|
ev.fatal = event->is_fatal();
|
|
|
|
// save connected event
|
|
if (event->id() == ClientEvent::CONNECTED)
|
|
last_connected = std::move(event);
|
|
else if (event->id() == ClientEvent::DISCONNECTED)
|
|
parent->on_disconnect();
|
|
parent->event(ev);
|
|
}
|
|
}
|
|
|
|
void get_connection_info(ConnectionInfo& ci)
|
|
{
|
|
ClientEvent::Base::Ptr connected = last_connected;
|
|
if (connected)
|
|
{
|
|
const ClientEvent::Connected* c = connected->connected_cast();
|
|
if (c)
|
|
{
|
|
ci.user = c->user;
|
|
ci.serverHost = c->server_host;
|
|
ci.serverPort = c->server_port;
|
|
ci.serverProto = c->server_proto;
|
|
ci.serverIp = c->server_ip;
|
|
ci.vpnIp4 = c->vpn_ip4;
|
|
ci.vpnIp6 = c->vpn_ip6;
|
|
ci.gw4 = c->vpn_gw4;
|
|
ci.gw6 = c->vpn_gw6;
|
|
ci.clientIp = c->client_ip;
|
|
ci.tunName = c->tun_name;
|
|
ci.defined = true;
|
|
return;
|
|
}
|
|
}
|
|
ci.defined = false;
|
|
}
|
|
|
|
void detach_from_parent()
|
|
{
|
|
parent = nullptr;
|
|
}
|
|
|
|
private:
|
|
OpenVPNClient* parent;
|
|
ClientEvent::Base::Ptr last_connected;
|
|
};
|
|
|
|
class MySocketProtect : public SocketProtect
|
|
{
|
|
public:
|
|
MySocketProtect() : parent(nullptr) {}
|
|
|
|
void set_parent(OpenVPNClient* parent_arg)
|
|
{
|
|
parent = parent_arg;
|
|
}
|
|
|
|
bool socket_protect(int socket, IP::Addr endpoint) override
|
|
{
|
|
if (parent)
|
|
return parent->socket_protect(socket, endpoint.to_string(), endpoint.is_ipv6());
|
|
else
|
|
return true;
|
|
}
|
|
|
|
void detach_from_parent()
|
|
{
|
|
parent = nullptr;
|
|
}
|
|
|
|
private:
|
|
OpenVPNClient* parent;
|
|
};
|
|
|
|
class MyReconnectNotify : public ReconnectNotify
|
|
{
|
|
public:
|
|
MyReconnectNotify() : parent(nullptr) {}
|
|
|
|
void set_parent(OpenVPNClient* parent_arg)
|
|
{
|
|
parent = parent_arg;
|
|
}
|
|
|
|
void detach_from_parent()
|
|
{
|
|
parent = nullptr;
|
|
}
|
|
|
|
virtual bool pause_on_connection_timeout()
|
|
{
|
|
if (parent)
|
|
return parent->pause_on_connection_timeout();
|
|
else
|
|
return false;
|
|
}
|
|
|
|
private:
|
|
OpenVPNClient* parent;
|
|
};
|
|
|
|
class MyRemoteOverride : public RemoteList::RemoteOverride
|
|
{
|
|
public:
|
|
void set_parent(OpenVPNClient* parent_arg)
|
|
{
|
|
parent = parent_arg;
|
|
}
|
|
|
|
void detach_from_parent()
|
|
{
|
|
parent = nullptr;
|
|
}
|
|
|
|
virtual RemoteList::Item::Ptr get() override
|
|
{
|
|
if (parent)
|
|
{
|
|
const std::string title = "remote-override";
|
|
ClientAPI::RemoteOverride ro;
|
|
try {
|
|
parent->remote_override(ro);
|
|
}
|
|
catch (const std::exception& e)
|
|
{
|
|
ro.error = e.what();
|
|
}
|
|
RemoteList::Item::Ptr ri(new RemoteList::Item);
|
|
if (ro.error.empty())
|
|
{
|
|
if (!ro.ip.empty())
|
|
ri->set_ip_addr(IP::Addr(ro.ip, title));
|
|
if (ro.host.empty())
|
|
ro.host = ro.ip;
|
|
HostPort::validate_host(ro.host, title);
|
|
HostPort::validate_port(ro.port, title);
|
|
ri->server_host = std::move(ro.host);
|
|
ri->server_port = std::move(ro.port);
|
|
ri->transport_protocol = Protocol::parse(ro.proto, Protocol::CLIENT_SUFFIX, title.c_str());
|
|
}
|
|
else
|
|
throw Exception("remote override exception: " + ro.error);
|
|
return ri;
|
|
}
|
|
else
|
|
return RemoteList::Item::Ptr();
|
|
}
|
|
|
|
private:
|
|
OpenVPNClient* parent = nullptr;
|
|
};
|
|
|
|
class MyClockTick
|
|
{
|
|
public:
|
|
MyClockTick(openvpn_io::io_context& io_context,
|
|
OpenVPNClient* parent_arg,
|
|
const unsigned int ms)
|
|
: timer(io_context),
|
|
parent(parent_arg),
|
|
period(Time::Duration::milliseconds(ms))
|
|
{
|
|
}
|
|
|
|
void cancel()
|
|
{
|
|
timer.cancel();
|
|
}
|
|
|
|
void detach_from_parent()
|
|
{
|
|
parent = nullptr;
|
|
}
|
|
|
|
void schedule()
|
|
{
|
|
timer.expires_after(period);
|
|
timer.async_wait([this](const openvpn_io::error_code& error)
|
|
{
|
|
if (!parent || error)
|
|
return;
|
|
try {
|
|
parent->clock_tick();
|
|
}
|
|
catch (...)
|
|
{
|
|
}
|
|
schedule();
|
|
});
|
|
}
|
|
|
|
private:
|
|
AsioTimer timer;
|
|
OpenVPNClient* parent;
|
|
const Time::Duration period;
|
|
};
|
|
|
|
namespace Private {
|
|
class ClientState
|
|
{
|
|
public:
|
|
// state objects
|
|
OptionList options;
|
|
EvalConfig eval;
|
|
MySocketProtect socket_protect;
|
|
MyReconnectNotify reconnect_notify;
|
|
MyRemoteOverride remote_override;
|
|
ClientCreds::Ptr creds;
|
|
MySessionStats::Ptr stats;
|
|
MyClientEvents::Ptr events;
|
|
ClientConnect::Ptr session;
|
|
std::unique_ptr<MyClockTick> clock_tick;
|
|
|
|
// extra settings submitted by API client
|
|
std::string server_override;
|
|
std::string port_override;
|
|
Protocol proto_override;
|
|
IPv6Setting ipv6;
|
|
int conn_timeout = 0;
|
|
bool tun_persist = false;
|
|
bool wintun = false;
|
|
bool google_dns_fallback = false;
|
|
bool synchronous_dns_lookup = false;
|
|
bool autologin_sessions = false;
|
|
bool retry_on_auth_failed = false;
|
|
std::string private_key_password;
|
|
std::string external_pki_alias;
|
|
bool disable_client_cert = false;
|
|
int ssl_debug_level = 0;
|
|
int default_key_direction = -1;
|
|
bool force_aes_cbc_ciphersuites = false;
|
|
std::string tls_version_min_override;
|
|
std::string tls_cert_profile_override;
|
|
std::string gui_version;
|
|
bool allow_local_lan_access;
|
|
ProtoContextOptions::Ptr proto_context_options;
|
|
PeerInfo::Set::Ptr extra_peer_info;
|
|
HTTPProxyTransport::Options::Ptr http_proxy_options;
|
|
unsigned int clock_tick_ms = 0;
|
|
#ifdef OPENVPN_GREMLIN
|
|
Gremlin::Config::Ptr gremlin_config;
|
|
#endif
|
|
bool alt_proxy = false;
|
|
bool dco = false;
|
|
bool echo = false;
|
|
bool info = false;
|
|
|
|
template <typename SESSION_STATS, typename CLIENT_EVENTS>
|
|
void attach(OpenVPNClient* parent,
|
|
openvpn_io::io_context* io_context,
|
|
Stop* async_stop_global)
|
|
{
|
|
// only one attachment per instantiation allowed
|
|
if (attach_called)
|
|
throw Exception("ClientState::attach() can only be called once per ClientState instantiation");
|
|
attach_called = true;
|
|
|
|
// async stop
|
|
async_stop_global_ = async_stop_global;
|
|
|
|
// io_context
|
|
if (io_context)
|
|
io_context_ = io_context;
|
|
else
|
|
{
|
|
io_context_ = new openvpn_io::io_context(1); // concurrency hint=1
|
|
io_context_owned = true;
|
|
}
|
|
|
|
// client stats
|
|
stats.reset(new SESSION_STATS(parent));
|
|
|
|
// client events
|
|
events.reset(new CLIENT_EVENTS(parent));
|
|
|
|
// socket protect
|
|
socket_protect.set_parent(parent);
|
|
|
|
// reconnect notifications
|
|
reconnect_notify.set_parent(parent);
|
|
|
|
// remote override
|
|
remote_override.set_parent(parent);
|
|
}
|
|
|
|
ClientState() {}
|
|
|
|
~ClientState()
|
|
{
|
|
stop_scope_local.reset();
|
|
stop_scope_global.reset();
|
|
socket_protect.detach_from_parent();
|
|
reconnect_notify.detach_from_parent();
|
|
remote_override.detach_from_parent();
|
|
if (clock_tick)
|
|
clock_tick->detach_from_parent();
|
|
if (stats)
|
|
stats->detach_from_parent();
|
|
if (events)
|
|
events->detach_from_parent();
|
|
session.reset();
|
|
if (io_context_owned)
|
|
delete io_context_;
|
|
}
|
|
|
|
// foreign thread access
|
|
|
|
void enable_foreign_thread_access()
|
|
{
|
|
foreign_thread_ready.store(true, std::memory_order_release);
|
|
}
|
|
|
|
bool is_foreign_thread_access()
|
|
{
|
|
return foreign_thread_ready.load(std::memory_order_acquire);
|
|
}
|
|
|
|
// io_context
|
|
|
|
openvpn_io::io_context* io_context()
|
|
{
|
|
return io_context_;
|
|
}
|
|
|
|
// async stop
|
|
|
|
Stop* async_stop_local()
|
|
{
|
|
return &async_stop_local_;
|
|
}
|
|
|
|
Stop* async_stop_global()
|
|
{
|
|
return async_stop_global_;
|
|
}
|
|
|
|
void trigger_async_stop_local()
|
|
{
|
|
async_stop_local_.stop();
|
|
}
|
|
|
|
// disconnect
|
|
void on_disconnect()
|
|
{
|
|
if (clock_tick)
|
|
clock_tick->cancel();
|
|
}
|
|
|
|
void setup_async_stop_scopes()
|
|
{
|
|
stop_scope_local.reset(new AsioStopScope(*io_context(), async_stop_local(), [this]() {
|
|
OPENVPN_ASYNC_HANDLER;
|
|
session->graceful_stop();
|
|
}));
|
|
|
|
stop_scope_global.reset(new AsioStopScope(*io_context(), async_stop_global(), [this]() {
|
|
OPENVPN_ASYNC_HANDLER;
|
|
trigger_async_stop_local();
|
|
}));
|
|
}
|
|
|
|
private:
|
|
ClientState(const ClientState&) = delete;
|
|
ClientState& operator=(const ClientState&) = delete;
|
|
|
|
bool attach_called = false;
|
|
|
|
Stop async_stop_local_;
|
|
Stop* async_stop_global_ = nullptr;
|
|
|
|
std::unique_ptr<AsioStopScope> stop_scope_local;
|
|
std::unique_ptr<AsioStopScope> stop_scope_global;
|
|
|
|
openvpn_io::io_context* io_context_ = nullptr;
|
|
bool io_context_owned = false;
|
|
|
|
std::atomic<bool> foreign_thread_ready{false};
|
|
};
|
|
};
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::init_process()
|
|
{
|
|
InitProcess::init();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::uninit_process()
|
|
{
|
|
InitProcess::uninit();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT OpenVPNClient::OpenVPNClient()
|
|
{
|
|
#ifndef OPENVPN_NORESET_TIME
|
|
// We keep track of time as binary milliseconds since a time base, and
|
|
// this can wrap after ~48 days on 32 bit systems, so it's a good idea
|
|
// to periodically reinitialize the base.
|
|
Time::reset_base_conditional();
|
|
#endif
|
|
|
|
state = new Private::ClientState();
|
|
state->proto_context_options.reset(new ProtoContextOptions());
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::parse_config(const Config& config, EvalConfig& eval, OptionList& options)
|
|
{
|
|
try {
|
|
// validate proto_override
|
|
if (!config.protoOverride.empty())
|
|
Protocol::parse(config.protoOverride, Protocol::NO_SUFFIX);
|
|
|
|
// validate IPv6 setting
|
|
if (!config.ipv6.empty())
|
|
IPv6Setting::parse(config.ipv6);
|
|
|
|
// parse config
|
|
OptionList::KeyValueList kvl;
|
|
kvl.reserve(config.contentList.size());
|
|
for (size_t i = 0; i < config.contentList.size(); ++i)
|
|
{
|
|
const KeyValue& kv = config.contentList[i];
|
|
kvl.push_back(new OptionList::KeyValue(kv.key, kv.value));
|
|
}
|
|
const ParseClientConfig cc = ParseClientConfig::parse(config.content, &kvl, options);
|
|
#ifdef OPENVPN_DUMP_CONFIG
|
|
std::cout << "---------- ARGS ----------" << std::endl;
|
|
std::cout << options.render(Option::RENDER_PASS_FMT|Option::RENDER_NUMBER|Option::RENDER_BRACKET) << std::endl;
|
|
std::cout << "---------- MAP ----------" << std::endl;
|
|
std::cout << options.render_map() << std::endl;
|
|
#endif
|
|
eval.error = cc.error();
|
|
eval.message = cc.message();
|
|
eval.userlockedUsername = cc.userlockedUsername();
|
|
eval.profileName = cc.profileName();
|
|
eval.friendlyName = cc.friendlyName();
|
|
eval.autologin = cc.autologin();
|
|
eval.externalPki = cc.externalPki();
|
|
eval.staticChallenge = cc.staticChallenge();
|
|
eval.staticChallengeEcho = cc.staticChallengeEcho();
|
|
eval.privateKeyPasswordRequired = cc.privateKeyPasswordRequired();
|
|
eval.allowPasswordSave = cc.allowPasswordSave();
|
|
eval.remoteHost = config.serverOverride.empty() ? cc.firstRemoteListItem().host : config.serverOverride;
|
|
eval.remotePort = cc.firstRemoteListItem().port;
|
|
eval.remoteProto = cc.firstRemoteListItem().proto;
|
|
for (ParseClientConfig::ServerList::const_iterator i = cc.serverList().begin(); i != cc.serverList().end(); ++i)
|
|
{
|
|
ServerEntry se;
|
|
se.server = i->server;
|
|
se.friendlyName = i->friendlyName;
|
|
eval.serverList.push_back(se);
|
|
}
|
|
}
|
|
catch (const std::exception& e)
|
|
{
|
|
eval.error = true;
|
|
eval.message = Unicode::utf8_printable<std::string>(e.what(), 256);
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::parse_extras(const Config& config, EvalConfig& eval)
|
|
{
|
|
try {
|
|
state->server_override = config.serverOverride;
|
|
state->port_override = config.portOverride;
|
|
state->conn_timeout = config.connTimeout;
|
|
state->tun_persist = config.tunPersist;
|
|
state->wintun = config.wintun;
|
|
state->google_dns_fallback = config.googleDnsFallback;
|
|
state->synchronous_dns_lookup = config.synchronousDnsLookup;
|
|
state->autologin_sessions = config.autologinSessions;
|
|
state->retry_on_auth_failed = config.retryOnAuthFailed;
|
|
state->private_key_password = config.privateKeyPassword;
|
|
if (!config.protoOverride.empty())
|
|
state->proto_override = Protocol::parse(config.protoOverride, Protocol::NO_SUFFIX);
|
|
if (!config.ipv6.empty())
|
|
state->ipv6 = IPv6Setting::parse(config.ipv6);
|
|
if (!config.compressionMode.empty())
|
|
state->proto_context_options->parse_compression_mode(config.compressionMode);
|
|
if (eval.externalPki)
|
|
state->external_pki_alias = config.externalPkiAlias;
|
|
state->disable_client_cert = config.disableClientCert;
|
|
state->ssl_debug_level = config.sslDebugLevel;
|
|
state->default_key_direction = config.defaultKeyDirection;
|
|
state->force_aes_cbc_ciphersuites = config.forceAesCbcCiphersuites;
|
|
state->tls_version_min_override = config.tlsVersionMinOverride;
|
|
state->tls_cert_profile_override = config.tlsCertProfileOverride;
|
|
state->allow_local_lan_access = config.allowLocalLanAccess;
|
|
state->gui_version = config.guiVersion;
|
|
state->alt_proxy = config.altProxy;
|
|
state->dco = config.dco;
|
|
state->echo = config.echo;
|
|
state->info = config.info;
|
|
state->clock_tick_ms = config.clockTickMS;
|
|
if (!config.gremlinConfig.empty())
|
|
{
|
|
#ifdef OPENVPN_GREMLIN
|
|
state->gremlin_config.reset(new Gremlin::Config(config.gremlinConfig));
|
|
#else
|
|
throw Exception("client not built with OPENVPN_GREMLIN");
|
|
#endif
|
|
}
|
|
state->extra_peer_info = PeerInfo::Set::new_from_foreign_set(config.peerInfo);
|
|
if (!config.proxyHost.empty())
|
|
{
|
|
HTTPProxyTransport::Options::Ptr ho(new HTTPProxyTransport::Options());
|
|
ho->set_proxy_server(config.proxyHost, config.proxyPort);
|
|
ho->username = config.proxyUsername;
|
|
ho->password = config.proxyPassword;
|
|
ho->allow_cleartext_auth = config.proxyAllowCleartextAuth;
|
|
state->http_proxy_options = ho;
|
|
}
|
|
}
|
|
catch (const std::exception& e)
|
|
{
|
|
eval.error = true;
|
|
eval.message = Unicode::utf8_printable<std::string>(e.what(), 256);
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT long OpenVPNClient::max_profile_size()
|
|
{
|
|
return ProfileParseLimits::MAX_PROFILE_SIZE;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT MergeConfig OpenVPNClient::merge_config_static(const std::string& path,
|
|
bool follow_references)
|
|
{
|
|
ProfileMerge pm(path, "ovpn", "", follow_references ? ProfileMerge::FOLLOW_PARTIAL : ProfileMerge::FOLLOW_NONE,
|
|
ProfileParseLimits::MAX_LINE_SIZE, ProfileParseLimits::MAX_PROFILE_SIZE);
|
|
return build_merge_config(pm);
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT MergeConfig OpenVPNClient::merge_config_string_static(const std::string& config_content)
|
|
{
|
|
ProfileMergeFromString pm(config_content, "", ProfileMerge::FOLLOW_NONE,
|
|
ProfileParseLimits::MAX_LINE_SIZE, ProfileParseLimits::MAX_PROFILE_SIZE);
|
|
return build_merge_config(pm);
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT MergeConfig OpenVPNClient::build_merge_config(const ProfileMerge& pm)
|
|
{
|
|
MergeConfig ret;
|
|
ret.status = pm.status_string();
|
|
ret.basename = pm.basename();
|
|
if (pm.status() == ProfileMerge::MERGE_SUCCESS)
|
|
{
|
|
ret.refPathList = pm.ref_path_list();
|
|
ret.profileContent = pm.profile_content();
|
|
}
|
|
else
|
|
{
|
|
ret.errorText = pm.error();
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT EvalConfig OpenVPNClient::eval_config_static(const Config& config)
|
|
{
|
|
EvalConfig eval;
|
|
OptionList options;
|
|
parse_config(config, eval, options);
|
|
return eval;
|
|
}
|
|
|
|
// API client submits the configuration here before calling connect()
|
|
OPENVPN_CLIENT_EXPORT EvalConfig OpenVPNClient::eval_config(const Config& config)
|
|
{
|
|
// parse and validate configuration file
|
|
EvalConfig eval;
|
|
parse_config(config, eval, state->options);
|
|
if (eval.error)
|
|
return eval;
|
|
|
|
// handle extra settings in config
|
|
parse_extras(config, eval);
|
|
state->eval = eval;
|
|
return eval;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::provide_creds(const ProvideCreds& creds)
|
|
{
|
|
Status ret;
|
|
try {
|
|
ClientCreds::Ptr cc = new ClientCreds();
|
|
cc->set_username(creds.username);
|
|
cc->set_password(creds.password);
|
|
cc->set_response(creds.response);
|
|
cc->set_dynamic_challenge_cookie(creds.dynamicChallengeCookie, creds.username);
|
|
cc->set_replace_password_with_session_id(creds.replacePasswordWithSessionID);
|
|
cc->enable_password_cache(creds.cachePassword);
|
|
state->creds = cc;
|
|
}
|
|
catch (const std::exception& e)
|
|
{
|
|
ret.error = true;
|
|
ret.message = Unicode::utf8_printable<std::string>(e.what(), 256);
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT bool OpenVPNClient::parse_dynamic_challenge(const std::string& cookie, DynamicChallenge& dc)
|
|
{
|
|
try {
|
|
ChallengeResponse cr(cookie);
|
|
dc.challenge = cr.get_challenge_text();
|
|
dc.echo = cr.get_echo();
|
|
dc.responseRequired = cr.get_response_required();
|
|
dc.stateID = cr.get_state_id();
|
|
return true;
|
|
}
|
|
catch (const std::exception&)
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::process_epki_cert_chain(const ExternalPKICertRequest& req)
|
|
{
|
|
// Get cert and add to options list
|
|
if (!req.cert.empty())
|
|
{
|
|
Option o;
|
|
o.push_back("cert");
|
|
o.push_back(req.cert);
|
|
state->options.add_item(o);
|
|
}
|
|
|
|
// Get the supporting chain, if it exists, and use
|
|
// it for ca (if ca isn't defined), or otherwise use
|
|
// it for extra-certs (if ca is defined but extra-certs
|
|
// is not).
|
|
if (!req.supportingChain.empty())
|
|
{
|
|
if (!state->options.exists("ca"))
|
|
{
|
|
Option o;
|
|
o.push_back("ca");
|
|
o.push_back(req.supportingChain);
|
|
state->options.add_item(o);
|
|
}
|
|
else if (!state->options.exists("extra-certs"))
|
|
{
|
|
Option o;
|
|
o.push_back("extra-certs");
|
|
o.push_back(req.supportingChain);
|
|
state->options.add_item(o);
|
|
}
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::connect()
|
|
{
|
|
#if !defined(OPENVPN_OVPNCLI_SINGLE_THREAD)
|
|
openvpn_io::detail::signal_blocker signal_blocker; // signals should be handled by parent thread
|
|
#endif
|
|
#if defined(OPENVPN_LOG_LOGTHREAD_H) && !defined(OPENVPN_LOG_LOGBASE_H)
|
|
#ifdef OPENVPN_LOG_GLOBAL
|
|
#error ovpn3 core logging object only supports thread-local scope
|
|
#endif
|
|
Log::Context log_context(this);
|
|
#endif
|
|
|
|
OPENVPN_LOG(ClientAPI::OpenVPNClient::platform());
|
|
|
|
return do_connect();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::do_connect()
|
|
{
|
|
Status status;
|
|
bool session_started = false;
|
|
try {
|
|
connect_attach();
|
|
#if defined(OPENVPN_OVPNCLI_ASYNC_SETUP)
|
|
openvpn_io::post(*state->io_context(), [this]() {
|
|
do_connect_async();
|
|
});
|
|
#else
|
|
connect_setup(status, session_started);
|
|
#endif
|
|
connect_run();
|
|
return status;
|
|
}
|
|
catch (const std::exception& e)
|
|
{
|
|
if (session_started)
|
|
connect_session_stop();
|
|
return status_from_exception(e);
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::do_connect_async()
|
|
{
|
|
enum StopType {
|
|
NONE,
|
|
SESSION,
|
|
EXPLICIT,
|
|
};
|
|
StopType stop_type = NONE;
|
|
Status status;
|
|
bool session_started = false;
|
|
try {
|
|
connect_setup(status, session_started);
|
|
}
|
|
catch (const std::exception& e)
|
|
{
|
|
stop_type = session_started ? SESSION : EXPLICIT;
|
|
status = status_from_exception(e);
|
|
}
|
|
if (status.error)
|
|
{
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::ClientSetup(status.status, status.message);
|
|
state->events->add_event(std::move(ev));
|
|
}
|
|
if (stop_type == SESSION)
|
|
connect_session_stop();
|
|
#ifdef OPENVPN_IO_REQUIRES_STOP
|
|
if (stop_type == EXPLICIT)
|
|
state->io_context()->stop();
|
|
#endif
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::connect_setup(Status& status, bool& session_started)
|
|
{
|
|
// set global MbedTLS debug level
|
|
#if defined(USE_MBEDTLS) || defined(USE_MBEDTLS_APPLE_HYBRID)
|
|
mbedtls_debug_set_threshold(state->ssl_debug_level); // fixme -- using a global method for this seems wrong
|
|
#endif
|
|
|
|
// load options
|
|
ClientOptions::Config cc;
|
|
cc.cli_stats = state->stats;
|
|
cc.cli_events = state->events;
|
|
cc.server_override = state->server_override;
|
|
cc.port_override = state->port_override;
|
|
cc.proto_override = state->proto_override;
|
|
cc.ipv6 = state->ipv6;
|
|
cc.conn_timeout = state->conn_timeout;
|
|
cc.tun_persist = state->tun_persist;
|
|
cc.wintun = state->wintun;
|
|
cc.google_dns_fallback = state->google_dns_fallback;
|
|
cc.synchronous_dns_lookup = state->synchronous_dns_lookup;
|
|
cc.autologin_sessions = state->autologin_sessions;
|
|
cc.retry_on_auth_failed = state->retry_on_auth_failed;
|
|
cc.proto_context_options = state->proto_context_options;
|
|
cc.http_proxy_options = state->http_proxy_options;
|
|
cc.alt_proxy = state->alt_proxy;
|
|
cc.dco = state->dco;
|
|
cc.echo = state->echo;
|
|
cc.info = state->info;
|
|
cc.reconnect_notify = &state->reconnect_notify;
|
|
if (remote_override_enabled())
|
|
cc.remote_override = &state->remote_override;
|
|
cc.private_key_password = state->private_key_password;
|
|
cc.disable_client_cert = state->disable_client_cert;
|
|
cc.ssl_debug_level = state->ssl_debug_level;
|
|
cc.default_key_direction = state->default_key_direction;
|
|
cc.force_aes_cbc_ciphersuites = state->force_aes_cbc_ciphersuites;
|
|
cc.tls_version_min_override = state->tls_version_min_override;
|
|
cc.tls_cert_profile_override = state->tls_cert_profile_override;
|
|
cc.gui_version = state->gui_version;
|
|
cc.extra_peer_info = state->extra_peer_info;
|
|
cc.stop = state->async_stop_local();
|
|
cc.allow_local_lan_access = state->allow_local_lan_access;
|
|
#ifdef OPENVPN_GREMLIN
|
|
cc.gremlin_config = state->gremlin_config;
|
|
#endif
|
|
#if defined(USE_TUN_BUILDER)
|
|
cc.socket_protect = &state->socket_protect;
|
|
cc.builder = this;
|
|
#endif
|
|
#if defined(OPENVPN_EXTERNAL_TUN_FACTORY)
|
|
cc.extern_tun_factory = this;
|
|
#endif
|
|
#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY)
|
|
cc.extern_transport_factory = this;
|
|
#endif
|
|
// force Session ID use and disable password cache if static challenge is enabled
|
|
if (state->creds
|
|
&& !state->creds->get_replace_password_with_session_id()
|
|
&& !state->eval.autologin
|
|
&& !state->eval.staticChallenge.empty())
|
|
{
|
|
state->creds->set_replace_password_with_session_id(true);
|
|
state->creds->enable_password_cache(false);
|
|
}
|
|
|
|
// external PKI
|
|
#if !defined(USE_APPLE_SSL)
|
|
if (state->eval.externalPki && !state->disable_client_cert)
|
|
{
|
|
if (!state->external_pki_alias.empty())
|
|
{
|
|
ExternalPKICertRequest req;
|
|
req.alias = state->external_pki_alias;
|
|
external_pki_cert_request(req);
|
|
if (!req.error)
|
|
{
|
|
cc.external_pki = this;
|
|
process_epki_cert_chain(req);
|
|
}
|
|
else
|
|
{
|
|
external_pki_error(req, Error::EPKI_CERT_ERROR);
|
|
return;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
status.error = true;
|
|
status.message = "Missing External PKI alias";
|
|
return;
|
|
}
|
|
}
|
|
#endif
|
|
|
|
#ifdef USE_OPENSSL
|
|
if (state->options.exists("allow-name-constraints"))
|
|
{
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::UnsupportedFeature("allow-name-constraints",
|
|
"Always verified correctly with OpenSSL", false);
|
|
state->events->add_event(std::move(ev));
|
|
}
|
|
#endif
|
|
|
|
// build client options object
|
|
ClientOptions::Ptr client_options = new ClientOptions(state->options, cc);
|
|
|
|
// configure creds in options
|
|
client_options->submit_creds(state->creds);
|
|
|
|
// instantiate top-level client session
|
|
state->session.reset(new ClientConnect(*state->io_context(), client_options));
|
|
|
|
// convenience clock tick
|
|
if (state->clock_tick_ms)
|
|
{
|
|
state->clock_tick.reset(new MyClockTick(*state->io_context(), this, state->clock_tick_ms));
|
|
state->clock_tick->schedule();
|
|
}
|
|
|
|
// raise an exception if app has expired
|
|
check_app_expired();
|
|
|
|
// start VPN
|
|
state->session->start(); // queue reads on socket/tun
|
|
session_started = true;
|
|
|
|
// wire up async stop
|
|
state->setup_async_stop_scopes();
|
|
|
|
// prepare to start reactor
|
|
connect_pre_run();
|
|
state->enable_foreign_thread_access();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::status_from_exception(const std::exception& e)
|
|
{
|
|
Status ret;
|
|
ret.error = true;
|
|
ret.message = Unicode::utf8_printable<std::string>(e.what(), 256);
|
|
|
|
// if exception is an ExceptionCode, translate the code
|
|
// to return status string
|
|
{
|
|
const ExceptionCode *ec = dynamic_cast<const ExceptionCode *>(&e);
|
|
if (ec && ec->code_defined())
|
|
ret.status = Error::name(ec->code());
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::connect_attach()
|
|
{
|
|
state->attach<MySessionStats, MyClientEvents>(this,
|
|
nullptr,
|
|
get_async_stop());
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::connect_pre_run()
|
|
{
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::connect_run()
|
|
{
|
|
state->io_context()->run();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::connect_session_stop()
|
|
{
|
|
state->session->stop(); // On exception, stop client...
|
|
state->io_context()->poll(); // and execute completion handlers.
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT ConnectionInfo OpenVPNClient::connection_info()
|
|
{
|
|
ConnectionInfo ci;
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
MyClientEvents* events = state->events.get();
|
|
if (events)
|
|
events->get_connection_info(ci);
|
|
}
|
|
return ci;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT bool OpenVPNClient::session_token(SessionToken& tok)
|
|
{
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
ClientCreds* cc = state->creds.get();
|
|
if (cc && cc->session_id_defined())
|
|
{
|
|
tok.username = cc->get_username();
|
|
tok.session_id = cc->get_password();
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT Stop* OpenVPNClient::get_async_stop()
|
|
{
|
|
return nullptr;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::external_pki_error(const ExternalPKIRequestBase& req, const size_t err_type)
|
|
{
|
|
if (req.error)
|
|
{
|
|
if (req.invalidAlias)
|
|
{
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::EpkiInvalidAlias(req.alias);
|
|
state->events->add_event(std::move(ev));
|
|
}
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::EpkiError(req.errorText);
|
|
state->events->add_event(std::move(ev));
|
|
|
|
state->stats->error(err_type);
|
|
if (state->session)
|
|
state->session->dont_restart();
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT bool OpenVPNClient::sign(const std::string& data, std::string& sig, const std::string& algorithm)
|
|
{
|
|
ExternalPKISignRequest req;
|
|
req.data = data;
|
|
req.alias = state->external_pki_alias;
|
|
req.algorithm = algorithm;
|
|
external_pki_sign_request(req); // call out to derived class for RSA signature
|
|
if (!req.error)
|
|
{
|
|
sig = req.sig;
|
|
return true;
|
|
}
|
|
else
|
|
{
|
|
external_pki_error(req, Error::EPKI_SIGN_ERROR);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT bool OpenVPNClient::remote_override_enabled()
|
|
{
|
|
return false;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::remote_override(RemoteOverride&)
|
|
{
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT int OpenVPNClient::stats_n()
|
|
{
|
|
return (int)MySessionStats::combined_n();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT std::string OpenVPNClient::stats_name(int index)
|
|
{
|
|
return MySessionStats::combined_name(index);
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT long long OpenVPNClient::stats_value(int index) const
|
|
{
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
MySessionStats* stats = state->stats.get();
|
|
if (stats)
|
|
{
|
|
if (index == SessionStats::BYTES_IN || index == SessionStats::BYTES_OUT)
|
|
stats->dco_update();
|
|
return stats->combined_value(index);
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT std::vector<long long> OpenVPNClient::stats_bundle() const
|
|
{
|
|
std::vector<long long> sv;
|
|
const size_t n = MySessionStats::combined_n();
|
|
sv.reserve(n);
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
MySessionStats* stats = state->stats.get();
|
|
if (stats)
|
|
stats->dco_update();
|
|
for (size_t i = 0; i < n; ++i)
|
|
sv.push_back(stats ? stats->combined_value(i) : 0);
|
|
}
|
|
else
|
|
{
|
|
for (size_t i = 0; i < n; ++i)
|
|
sv.push_back(0);
|
|
}
|
|
return sv;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT InterfaceStats OpenVPNClient::tun_stats() const
|
|
{
|
|
InterfaceStats ret;
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
MySessionStats* stats = state->stats.get();
|
|
|
|
// The reason for the apparent inversion between in/out below is
|
|
// that TUN_*_OUT stats refer to data written to tun device,
|
|
// but from the perspective of tun interface, this is incoming
|
|
// data. Vice versa for TUN_*_IN.
|
|
if (stats)
|
|
{
|
|
ret.bytesOut = stats->stat_count(SessionStats::TUN_BYTES_IN);
|
|
ret.bytesIn = stats->stat_count(SessionStats::TUN_BYTES_OUT);
|
|
ret.packetsOut = stats->stat_count(SessionStats::TUN_PACKETS_IN);
|
|
ret.packetsIn = stats->stat_count(SessionStats::TUN_PACKETS_OUT);
|
|
ret.errorsOut = stats->error_count(Error::TUN_READ_ERROR);
|
|
ret.errorsIn = stats->error_count(Error::TUN_WRITE_ERROR);
|
|
return ret;
|
|
}
|
|
}
|
|
|
|
ret.bytesOut = 0;
|
|
ret.bytesIn = 0;
|
|
ret.packetsOut = 0;
|
|
ret.packetsIn = 0;
|
|
ret.errorsOut = 0;
|
|
ret.errorsIn = 0;
|
|
return ret;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT TransportStats OpenVPNClient::transport_stats() const
|
|
{
|
|
TransportStats ret;
|
|
ret.lastPacketReceived = -1; // undefined
|
|
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
MySessionStats* stats = state->stats.get();
|
|
if (stats)
|
|
{
|
|
stats->dco_update();
|
|
ret.bytesOut = stats->stat_count(SessionStats::BYTES_OUT);
|
|
ret.bytesIn = stats->stat_count(SessionStats::BYTES_IN);
|
|
ret.packetsOut = stats->stat_count(SessionStats::PACKETS_OUT);
|
|
ret.packetsIn = stats->stat_count(SessionStats::PACKETS_IN);
|
|
|
|
// calculate time since last packet received
|
|
{
|
|
const Time& lpr = stats->last_packet_received();
|
|
if (lpr.defined())
|
|
{
|
|
const Time::Duration dur = Time::now() - lpr;
|
|
const unsigned int delta = (unsigned int)dur.to_binary_ms();
|
|
if (delta <= 60*60*24*1024) // only define for time periods <= 1 day
|
|
ret.lastPacketReceived = delta;
|
|
}
|
|
}
|
|
return ret;
|
|
}
|
|
}
|
|
|
|
ret.bytesOut = 0;
|
|
ret.bytesIn = 0;
|
|
ret.packetsOut = 0;
|
|
ret.packetsIn = 0;
|
|
return ret;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::stop()
|
|
{
|
|
if (state->is_foreign_thread_access())
|
|
state->trigger_async_stop_local();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::pause(const std::string& reason)
|
|
{
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
ClientConnect* session = state->session.get();
|
|
if (session)
|
|
session->thread_safe_pause(reason);
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::resume()
|
|
{
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
ClientConnect* session = state->session.get();
|
|
if (session)
|
|
session->thread_safe_resume();
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::reconnect(int seconds)
|
|
{
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
ClientConnect* session = state->session.get();
|
|
if (session)
|
|
session->thread_safe_reconnect(seconds);
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::post_cc_msg(const std::string& msg)
|
|
{
|
|
if (state->is_foreign_thread_access())
|
|
{
|
|
ClientConnect* session = state->session.get();
|
|
if (session)
|
|
session->thread_safe_post_cc_msg(msg);
|
|
}
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::clock_tick()
|
|
{
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::on_disconnect()
|
|
{
|
|
state->on_disconnect();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT std::string OpenVPNClient::crypto_self_test()
|
|
{
|
|
return SelfTest::crypto_self_test();
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT int OpenVPNClient::app_expire()
|
|
{
|
|
#ifdef APP_EXPIRE_TIME
|
|
return APP_EXPIRE_TIME;
|
|
#else
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::check_app_expired()
|
|
{
|
|
#ifdef APP_EXPIRE_TIME
|
|
if (Time::now().seconds_since_epoch() >= APP_EXPIRE_TIME)
|
|
throw app_expired();
|
|
#endif
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT std::string OpenVPNClient::copyright()
|
|
{
|
|
return openvpn_copyright;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT std::string OpenVPNClient::platform()
|
|
{
|
|
std::string ret = platform_string();
|
|
#ifdef PRIVATE_TUNNEL_PROXY
|
|
ret += " PT_PROXY";
|
|
#endif
|
|
#ifdef ENABLE_DCO
|
|
ret += " DCO";
|
|
#endif
|
|
#ifdef OPENVPN_GREMLIN
|
|
ret += " GREMLIN";
|
|
#endif
|
|
#ifdef OPENVPN_DEBUG
|
|
ret += " built on " __DATE__ " " __TIME__;
|
|
#endif
|
|
return ret;
|
|
}
|
|
|
|
OPENVPN_CLIENT_EXPORT OpenVPNClient::~OpenVPNClient()
|
|
{
|
|
delete state;
|
|
}
|
|
}
|
|
}
|