diff options
Diffstat (limited to 'src/openvpn/manage.c')
-rw-r--r-- | src/openvpn/manage.c | 2153 |
1 files changed, 2153 insertions, 0 deletions
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c new file mode 100644 index 0000000..587a971 --- /dev/null +++ b/src/openvpn/manage.c @@ -0,0 +1,2153 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef WIN32 +#include "config-win32.h" +#else +#include "config.h" +#endif + +#include "syshead.h" + +#ifdef ENABLE_MANAGEMENT + +#include "error.h" +#include "fdmisc.h" +#include "options.h" +#include "sig.h" +#include "event.h" +#include "otime.h" +#include "integer.h" +#include "manage.h" + +#include "memdbg.h" + +struct management *management; /* GLOBAL */ + +/* static forward declarations */ +static void man_output_standalone (struct management *man, volatile int *signal_received); +static void man_reset_client_socket (struct management *man, const bool listen); + +static void +man_help () +{ + msg (M_CLIENT, "Management Interface for %s", title_string); + msg (M_CLIENT, "Commands:"); + msg (M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract)."); + msg (M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer."); + msg (M_CLIENT, "exit|quit : Close management session."); + msg (M_CLIENT, "help : Print this message."); + msg (M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or"); + msg (M_CLIENT, " release current hold and start tunnel."); + msg (M_CLIENT, "kill cn : Kill the client instance(s) having common name cn."); + msg (M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port."); + msg (M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display"); + msg (M_CLIENT, " + show last N lines or 'all' for entire history."); + msg (M_CLIENT, "mute [n] : Set log mute level to n, or show level if n is absent."); + msg (M_CLIENT, "net : (Windows only) Show network info and routing table."); + msg (M_CLIENT, "password type p : Enter password p for a queried OpenVPN password."); + msg (M_CLIENT, "signal s : Send signal s to daemon,"); + msg (M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2."); + msg (M_CLIENT, "state [on|off] [N|all] : Like log, but show state history."); + msg (M_CLIENT, "status [n] : Show current daemon status info using format #n."); + msg (M_CLIENT, "test n : Produce n lines of output for testing/debugging."); + msg (M_CLIENT, "username type u : Enter username u for a queried OpenVPN username."); + msg (M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent."); + msg (M_CLIENT, "version : Show current version number."); + msg (M_CLIENT, "END"); +} + +static const char * +man_state_name (const int state) +{ + switch (state) + { + case OPENVPN_STATE_INITIAL: + return "INITIAL"; + case OPENVPN_STATE_CONNECTING: + return "CONNECTING"; + case OPENVPN_STATE_WAIT: + return "WAIT"; + case OPENVPN_STATE_AUTH: + return "AUTH"; + case OPENVPN_STATE_GET_CONFIG: + return "GET_CONFIG"; + case OPENVPN_STATE_ASSIGN_IP: + return "ASSIGN_IP"; + case OPENVPN_STATE_ADD_ROUTES: + return "ADD_ROUTES"; + case OPENVPN_STATE_CONNECTED: + return "CONNECTED"; + case OPENVPN_STATE_RECONNECTING: + return "RECONNECTING"; + case OPENVPN_STATE_EXITING: + return "EXITING"; + default: + return "?"; + } +} + +static void +man_welcome (struct management *man) +{ + msg (M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info", + MANAGEMENT_VERSION); + if (man->persist.special_state_msg) + msg (M_CLIENT, "%s", man->persist.special_state_msg); +} + +static inline bool +man_password_needed (struct management *man) +{ + return man->settings.up.defined && !man->connection.password_verified; +} + +static void +man_check_password (struct management *man, const char *line) +{ + if (man_password_needed (man)) + { + if (streq (line, man->settings.up.password)) + { + man->connection.password_verified = true; + msg (M_CLIENT, "SUCCESS: password is correct"); + man_welcome (man); + } + else + { + man->connection.password_verified = false; + msg (M_CLIENT, "ERROR: bad password"); + if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES) + { + msg (M_WARN, "MAN: client connection rejected after %d failed password attempts", + MANAGEMENT_N_PASSWORD_RETRIES); + man->connection.halt = true; + } + } + } +} + +static void +man_update_io_state (struct management *man) +{ + if (socket_defined (man->connection.sd_cli)) + { + if (output_list_defined (man->connection.out)) + { + man->connection.state = MS_CC_WAIT_WRITE; + } + else + { + man->connection.state = MS_CC_WAIT_READ; + } + } +} + +static void +man_output_list_push (struct management *man, const char *str) +{ + if (management_connected (man)) + { + if (str) + output_list_push (man->connection.out, (const unsigned char *) str); + man_update_io_state (man); + if (!man->persist.standalone_disabled) + man_output_standalone (man, NULL); + } +} + +static void +man_prompt (struct management *man) +{ + if (man_password_needed (man)) + man_output_list_push (man, "ENTER PASSWORD:"); +#if 0 /* should we use prompt? */ + else + man_output_list_push (man, PACKAGE_NAME ">"); +#endif +} + +static void +man_close_socket (struct management *man, const socket_descriptor_t sd) +{ +#ifndef WIN32 + /* + * Windows doesn't need this because the ne32 event is permanently + * enabled at struct management scope. + */ + if (man->persist.callback.delete_event) + (*man->persist.callback.delete_event) (man->persist.callback.arg, sd); +#endif + openvpn_close_socket (sd); +} + +static void +virtual_output_callback_func (void *arg, const unsigned int flags, const char *str) +{ + static int recursive_level = 0; /* GLOBAL */ + + if (!recursive_level) /* don't allow recursion */ + { + struct gc_arena gc = gc_new (); + struct management *man = (struct management *) arg; + struct log_entry e; + const char *out = NULL; + + ++recursive_level; + + CLEAR (e); + update_time (); + e.timestamp = now; + e.u.msg_flags = flags; + e.string = str; + + if (flags & M_FATAL) + man->persist.standalone_disabled = false; + + if (flags != M_CLIENT) + log_history_add (man->persist.log, &e); + + if (!man_password_needed (man)) + { + if (flags == M_CLIENT) + out = log_entry_print (&e, LOG_PRINT_CRLF, &gc); + else if (man->connection.log_realtime) + out = log_entry_print (&e, LOG_PRINT_INT_DATE + | LOG_PRINT_MSG_FLAGS + | LOG_PRINT_LOG_PREFIX + | LOG_PRINT_CRLF, &gc); + if (out) + man_output_list_push (man, out); + if (flags & M_FATAL) + { + out = log_entry_print (&e, LOG_FATAL_NOTIFY|LOG_PRINT_CRLF, &gc); + if (out) + { + man_output_list_push (man, out); + man_reset_client_socket (man, false); + } + } + } + + --recursive_level; + gc_free (&gc); + } +} + +static void +man_signal (struct management *man, const char *name) +{ + const int sig = parse_signal (name); + if (sig >= 0) + { + throw_signal (sig); + msg (M_CLIENT, "SUCCESS: signal %s thrown", signal_name (sig, true)); + } + else + { + msg (M_CLIENT, "ERROR: signal '%s' is not a known signal type", name); + } +} + +static void +man_status (struct management *man, const int version, struct status_output *so) +{ + if (man->persist.callback.status) + { + (*man->persist.callback.status) (man->persist.callback.arg, version, so); + } + else + { + msg (M_CLIENT, "ERROR: The 'status' command is not supported by the current daemon mode"); + } +} + +static void +man_kill (struct management *man, const char *victim) +{ + struct gc_arena gc = gc_new (); + + if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr) + { + struct buffer buf; + char p1[128]; + char p2[128]; + int n_killed; + + buf_set_read (&buf, (uint8_t*) victim, strlen (victim) + 1); + buf_parse (&buf, ':', p1, sizeof (p1)); + buf_parse (&buf, ':', p2, sizeof (p2)); + + if (strlen (p1) && strlen (p2)) + { + /* IP:port specified */ + bool status; + const in_addr_t addr = getaddr (GETADDR_HOST_ORDER|GETADDR_MSG_VIRT_OUT, p1, 0, &status, NULL); + if (status) + { + const int port = atoi (p2); + if (port > 0 && port < 65536) + { + n_killed = (*man->persist.callback.kill_by_addr) (man->persist.callback.arg, addr, port); + if (n_killed > 0) + { + msg (M_CLIENT, "SUCCESS: %d client(s) at address %s:%d killed", + n_killed, + print_in_addr_t (addr, 0, &gc), + port); + } + else + { + msg (M_CLIENT, "ERROR: client at address %s:%d not found", + print_in_addr_t (addr, 0, &gc), + port); + } + } + else + { + msg (M_CLIENT, "ERROR: port number is out of range: %s", p2); + } + } + else + { + msg (M_CLIENT, "ERROR: error parsing IP address: %s", p1); + } + } + else if (strlen (p1)) + { + /* common name specified */ + n_killed = (*man->persist.callback.kill_by_cn) (man->persist.callback.arg, p1); + if (n_killed > 0) + { + msg (M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed); + } + else + { + msg (M_CLIENT, "ERROR: common name '%s' not found", p1); + } + } + else + { + msg (M_CLIENT, "ERROR: kill parse"); + } + } + else + { + msg (M_CLIENT, "ERROR: The 'kill' command is not supported by the current daemon mode"); + } + + gc_free (&gc); +} + +/* + * General-purpose history command handler + * for the log and echo commands. + */ +static void +man_history (struct management *man, + const char *parm, + const char *type, + struct log_history *log, + bool *realtime, + const unsigned int lep_flags) +{ + struct gc_arena gc = gc_new (); + int n = 0; + + if (streq (parm, "on")) + { + *realtime = true; + msg (M_CLIENT, "SUCCESS: real-time %s notification set to ON", type); + } + else if (streq (parm, "off")) + { + *realtime = false; + msg (M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type); + } + else if (streq (parm, "all") || (n = atoi (parm)) > 0) + { + const int size = log_history_size (log); + const int start = (n ? n : size) - 1; + int i; + + for (i = start; i >= 0; --i) + { + const struct log_entry *e = log_history_ref (log, i); + if (e) + { + const char *out = log_entry_print (e, lep_flags, &gc); + virtual_output_callback_func (man, M_CLIENT, out); + } + } + msg (M_CLIENT, "END"); + } + else + { + msg (M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type); + } + + gc_free (&gc); +} + +static void +man_log (struct management *man, const char *parm) +{ + man_history (man, + parm, + "log", + man->persist.log, + &man->connection.log_realtime, + LOG_PRINT_INT_DATE|LOG_PRINT_MSG_FLAGS); +} + +static void +man_echo (struct management *man, const char *parm) +{ + man_history (man, + parm, + "echo", + man->persist.echo, + &man->connection.echo_realtime, + LOG_PRINT_INT_DATE); +} + +static void +man_state (struct management *man, const char *parm) +{ + man_history (man, + parm, + "state", + man->persist.state, + &man->connection.state_realtime, + LOG_PRINT_INT_DATE|LOG_PRINT_STATE|LOG_PRINT_LOCAL_IP); +} + +static void +man_up_finalize (struct management *man) +{ + switch (man->connection.up_query_mode) + { + case UP_QUERY_DISABLED: + man->connection.up_query.defined = false; + break; + case UP_QUERY_USER_PASS: + if (strlen (man->connection.up_query.username) && strlen (man->connection.up_query.password)) + man->connection.up_query.defined = true; + break; + case UP_QUERY_PASS: + if (strlen (man->connection.up_query.password)) + man->connection.up_query.defined = true; + break; + default: + ASSERT (0); + } +} + +static void +man_query_user_pass (struct management *man, + const char *type, + const char *string, + const bool needed, + const char *prompt, + char *dest, + int len) +{ + if (needed) + { + ASSERT (man->connection.up_query_type); + if (streq (man->connection.up_query_type, type)) + { + strncpynt (dest, string, len); + man_up_finalize (man); + msg (M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified", + type, + prompt); + } + else + msg (M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'", + prompt, + type, + man->connection.up_query_type); + } + else + { + msg (M_CLIENT, "ERROR: no %s is currently needed at this time", prompt); + } +} + +static void +man_query_username (struct management *man, const char *type, const char *string) +{ + const bool needed = (man->connection.up_query_mode == UP_QUERY_USER_PASS && man->connection.up_query_type); + man_query_user_pass (man, type, string, needed, "username", man->connection.up_query.username, USER_PASS_LEN); +} + +static void +man_query_password (struct management *man, const char *type, const char *string) +{ + const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS + || man->connection.up_query_mode == UP_QUERY_PASS) + && man->connection.up_query_type); + man_query_user_pass (man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN); +} + +static void +man_net (struct management *man) +{ + if (man->persist.callback.show_net) + { + (*man->persist.callback.show_net) (man->persist.callback.arg, M_CLIENT); + } + else + { + msg (M_CLIENT, "ERROR: The 'net' command is not supported by the current daemon mode"); + } +} + +static void +man_hold (struct management *man, const char *cmd) +{ + if (cmd) + { + if (streq (cmd, "on")) + { + man->settings.hold = true; + msg (M_CLIENT, "SUCCESS: hold flag set to ON"); + } + else if (streq (cmd, "off")) + { + man->settings.hold = false; + msg (M_CLIENT, "SUCCESS: hold flag set to OFF"); + } + else if (streq (cmd, "release")) + { + man->persist.hold_release = true; + msg (M_CLIENT, "SUCCESS: hold release succeeded"); + } + else + { + msg (M_CLIENT, "ERROR: bad hold command parameter"); + } + } + else + msg (M_CLIENT, "SUCCESS: hold=%d", (int) man->settings.hold); +} + +#define MN_AT_LEAST (1<<0) + +static bool +man_need (struct management *man, const char **p, const int n, unsigned int flags) +{ + int i; + ASSERT (p[0]); + for (i = 1; i <= n; ++i) + { + if (!p[i]) + { + msg (M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s", + p[0], + (flags & MN_AT_LEAST) ? "at least " : "", + n, + n > 1 ? "s" : ""); + return false; + } + } + return true; +} + +static void +man_dispatch_command (struct management *man, struct status_output *so, const char **p, const int nparms) +{ + struct gc_arena gc = gc_new (); + + ASSERT (p[0]); + if (streq (p[0], "exit") || streq (p[0], "quit")) + { + man->connection.halt = true; + goto done; + } + else if (streq (p[0], "help")) + { + man_help (); + } + else if (streq (p[0], "version")) + { + msg (M_CLIENT, "OpenVPN Version: %s", title_string); + msg (M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION); + msg (M_CLIENT, "END"); + } + else if (streq (p[0], "signal")) + { + if (man_need (man, p, 1, 0)) + man_signal (man, p[1]); + } + else if (streq (p[0], "status")) + { + int version = 0; + if (p[1]) + version = atoi (p[1]); + man_status (man, version, so); + } + else if (streq (p[0], "kill")) + { + if (man_need (man, p, 1, 0)) + man_kill (man, p[1]); + } + else if (streq (p[0], "verb")) + { + if (p[1]) + { + const int level = atoi(p[1]); + if (set_debug_level (level, 0)) + msg (M_CLIENT, "SUCCESS: verb level changed"); + else + msg (M_CLIENT, "ERROR: verb level is out of range"); + } + else + msg (M_CLIENT, "SUCCESS: verb=%d", get_debug_level ()); + } + else if (streq (p[0], "mute")) + { + if (p[1]) + { + const int level = atoi(p[1]); + if (set_mute_cutoff (level)) + msg (M_CLIENT, "SUCCESS: mute level changed"); + else + msg (M_CLIENT, "ERROR: mute level is out of range"); + } + else + msg (M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff ()); + } + else if (streq (p[0], "auth-retry")) + { +#if P2MP + if (p[1]) + { + if (auth_retry_set (M_CLIENT, p[1])) + msg (M_CLIENT, "SUCCESS: auth-retry parameter changed"); + else + msg (M_CLIENT, "ERROR: bad auth-retry parameter"); + } + else + msg (M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print ()); +#else + msg (M_CLIENT, "ERROR: auth-retry feature is unavailable"); +#endif + } + else if (streq (p[0], "state")) + { + if (!p[1]) + { + man_state (man, "1"); + } + else + { + if (p[1]) + man_state (man, p[1]); + if (p[2]) + man_state (man, p[2]); + } + } + else if (streq (p[0], "log")) + { + if (man_need (man, p, 1, MN_AT_LEAST)) + { + if (p[1]) + man_log (man, p[1]); + if (p[2]) + man_log (man, p[2]); + } + } + else if (streq (p[0], "echo")) + { + if (man_need (man, p, 1, MN_AT_LEAST)) + { + if (p[1]) + man_echo (man, p[1]); + if (p[2]) + man_echo (man, p[2]); + } + } + else if (streq (p[0], "username")) + { + if (man_need (man, p, 2, 0)) + man_query_username (man, p[1], p[2]); + } + else if (streq (p[0], "password")) + { + if (man_need (man, p, 2, 0)) + man_query_password (man, p[1], p[2]); + } + else if (streq (p[0], "net")) + { + man_net (man); + } + else if (streq (p[0], "hold")) + { + man_hold (man, p[1]); + } +#if 1 + else if (streq (p[0], "test")) + { + if (man_need (man, p, 1, 0)) + { + int i; + const int n = atoi (p[1]); + for (i = 0; i < n; ++i) + { + msg (M_CLIENT, "[%d] The purpose of this command is to generate large amounts of output.", i); + } + } + } +#endif + else + { + msg (M_CLIENT, "ERROR: unknown command, enter 'help' for more options"); + } + + done: + gc_free (&gc); +} + +#ifdef WIN32 + +static void +man_start_ne32 (struct management *man) +{ + switch (man->connection.state) + { + case MS_LISTEN: + net_event_win32_start (&man->connection.ne32, FD_ACCEPT, man->connection.sd_top); + break; + case MS_CC_WAIT_READ: + case MS_CC_WAIT_WRITE: + net_event_win32_start (&man->connection.ne32, FD_READ|FD_WRITE|FD_CLOSE, man->connection.sd_cli); + break; + default: + ASSERT (0); + } +} + +static void +man_stop_ne32 (struct management *man) +{ + net_event_win32_stop (&man->connection.ne32); +} + +#endif + +static void +man_accept (struct management *man) +{ + struct gc_arena gc = gc_new (); + + /* + * Accept the TCP client. + */ + man->connection.sd_cli = socket_do_accept (man->connection.sd_top, &man->connection.remote, false); + if (socket_defined (man->connection.sd_cli)) + { + if (socket_defined (man->connection.sd_top)) + { +#ifdef WIN32 + man_stop_ne32 (man); +#endif + } + + /* + * Set misc socket properties + */ + set_nonblock (man->connection.sd_cli); + set_cloexec (man->connection.sd_cli); + + man->connection.state_realtime = false; + man->connection.log_realtime = false; + man->connection.echo_realtime = false; + man->connection.password_verified = false; + man->connection.password_tries = 0; + man->connection.halt = false; + man->connection.state = MS_CC_WAIT_WRITE; + +#ifdef WIN32 + man_start_ne32 (man); +#endif + + msg (D_MANAGEMENT, "MANAGEMENT: Client connected from %s", + print_sockaddr (&man->settings.local, &gc)); + + output_list_reset (man->connection.out); + + if (!man_password_needed (man)) + man_welcome (man); + man_prompt (man); + man_update_io_state (man); + } + + gc_free (&gc); +} + +static void +man_listen (struct management *man) +{ + struct gc_arena gc = gc_new (); + + /* + * Initialize state + */ + man->connection.state = MS_LISTEN; + man->connection.sd_cli = SOCKET_UNDEFINED; + + /* + * Initialize listening socket + */ + if (man->connection.sd_top == SOCKET_UNDEFINED) + { + man->connection.sd_top = create_socket_tcp (); + + /* + * Bind socket + */ + if (bind (man->connection.sd_top, (struct sockaddr *) &man->settings.local, sizeof (man->settings.local))) + msg (M_SOCKERR, "MANAGEMENT: Cannot bind TCP socket on %s", + print_sockaddr (&man->settings.local, &gc)); + + /* + * Listen for connection + */ + if (listen (man->connection.sd_top, 1)) + msg (M_SOCKERR, "MANAGEMENT: listen() failed"); + + /* + * Set misc socket properties + */ + set_nonblock (man->connection.sd_top); + set_cloexec (man->connection.sd_top); + + msg (D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s", + print_sockaddr (&man->settings.local, &gc)); + } + +#ifdef WIN32 + man_start_ne32 (man); +#endif + + gc_free (&gc); +} + +static void +man_reset_client_socket (struct management *man, const bool listen) +{ + if (socket_defined (man->connection.sd_cli)) + { + msg (D_MANAGEMENT, "MANAGEMENT: Client disconnected"); +#ifdef WIN32 + man_stop_ne32 (man); +#endif + man_close_socket (man, man->connection.sd_cli); + command_line_reset (man->connection.in); + output_list_reset (man->connection.out); + } + if (listen) + man_listen (man); +} + +static void +man_process_command (struct management *man, const char *line) +{ + struct gc_arena gc = gc_new (); + struct status_output *so; + int nparms; + char *parms[MAX_PARMS+1]; + + CLEAR (parms); + so = status_open (NULL, 0, -1, &man->persist.vout, 0); + + if (man_password_needed (man)) + { + man_check_password (man, line); + } + else + { + nparms = parse_line (line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc); + if (parms[0] && streq (parms[0], "password")) + msg (D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'"); + else + msg (D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line); + +#if 0 + /* DEBUGGING -- print args */ + { + int i; + for (i = 0; i < nparms; ++i) + msg (M_INFO, "[%d] '%s'", i, parms[i]); + } +#endif + + if (nparms > 0) + man_dispatch_command (man, so, (const char **)parms, nparms); + } + + CLEAR (parms); + status_close (so); + gc_free (&gc); +} + +static bool +man_io_error (struct management *man, const char *prefix) +{ + const int err = openvpn_errno_socket (); + + if (!ignore_sys_error (err)) + { + struct gc_arena gc = gc_new (); + msg (D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", + prefix, + strerror_ts (err, &gc)); + gc_free (&gc); + return true; + } + else + return false; +} + +static int +man_read (struct management *man) +{ + /* + * read command line from socket + */ + unsigned char buf[256]; + int len = 0; + + len = recv (man->connection.sd_cli, buf, sizeof (buf), MSG_NOSIGNAL); + if (len == 0) + { + man_reset_client_socket (man, true); + } + else if (len > 0) + { + bool processed_command = false; + + ASSERT (len <= (int) sizeof (buf)); + command_line_add (man->connection.in, buf, len); + + /* + * Reset output object + */ + output_list_reset (man->connection.out); + + /* + * process command line if complete + */ + { + const unsigned char *line; + while ((line = command_line_get (man->connection.in))) + { + man_process_command (man, (char *) line); + if (man->connection.halt) + break; + command_line_next (man->connection.in); + processed_command = true; + } + } + + /* + * Reset output state to MS_CC_WAIT_(READ|WRITE) + */ + if (man->connection.halt) + { + man_reset_client_socket (man, true); + len = 0; + } + else + { + if (processed_command) + man_prompt (man); + man_update_io_state (man); + } + } + else /* len < 0 */ + { + if (man_io_error (man, "recv")) + man_reset_client_socket (man, true); + } + return len; +} + +static int +man_write (struct management *man) +{ + const int max_send = 256; + int sent = 0; + + const struct buffer *buf = output_list_peek (man->connection.out); + if (buf && BLEN (buf)) + { + const int len = min_int (max_send, BLEN (buf)); + sent = send (man->connection.sd_cli, BPTR (buf), len, MSG_NOSIGNAL); + if (sent >= 0) + { + output_list_advance (man->connection.out, sent); + } + else if (sent < 0) + { + if (man_io_error (man, "send")) + man_reset_client_socket (man, true); + } + } + + /* + * Reset output state to MS_CC_WAIT_(READ|WRITE) + */ + man_update_io_state (man); + + return sent; +} + +static void +man_connection_clear (struct man_connection *mc) +{ + CLEAR (*mc); + + /* set initial state */ + mc->state = MS_INITIAL; + + /* clear socket descriptors */ + mc->sd_top = SOCKET_UNDEFINED; + mc->sd_cli = SOCKET_UNDEFINED; +} + +static void +man_persist_init (struct management *man, + const int log_history_cache, + const int echo_buffer_size, + const int state_buffer_size) +{ + struct man_persist *mp = &man->persist; + if (!mp->defined) + { + CLEAR (*mp); + + /* initialize log history store */ + mp->log = log_history_init (log_history_cache); + + /* + * Initialize virtual output object, so that functions + * which write to a virtual_output object can be redirected + * here to the management object. + */ + mp->vout.func = virtual_output_callback_func; + mp->vout.arg = man; + mp->vout.flags_default = M_CLIENT; + msg_set_virtual_output (&mp->vout); + + /* + * Initialize --echo list + */ + man->persist.echo = log_history_init (echo_buffer_size); + + /* + * Initialize --state list + */ + man->persist.state = log_history_init (state_buffer_size); + + mp->defined = true; + } +} + +static void +man_persist_close (struct man_persist *mp) +{ + if (mp->log) + { + msg_set_virtual_output (NULL); + log_history_close (mp->log); + } + + if (mp->echo) + log_history_close (mp->echo); + + if (mp->state) + log_history_close (mp->state); + + CLEAR (*mp); +} + +static void +man_settings_init (struct man_settings *ms, + const char *addr, + const int port, + const char *pass_file, + const bool server, + const bool query_passwords, + const int log_history_cache, + const int echo_buffer_size, + const int state_buffer_size, + const bool hold) +{ + if (!ms->defined) + { + CLEAR (*ms); + + /* + * Are we a server? If so, it will influence + * the way we handle state transitions. + */ + ms->server = server; + + /* + * Get username/password + */ + if (pass_file) + get_user_pass (&ms->up, pass_file, true, "Management", 0); + + /* + * Should OpenVPN query the management layer for + * passwords? + */ + ms->up_query_passwords = query_passwords; + + /* + * Should OpenVPN hibernate on startup? + */ + ms->hold = hold; + + /* + * Initialize socket address + */ + ms->local.sin_family = AF_INET; + ms->local.sin_addr.s_addr = 0; + ms->local.sin_port = htons (port); + + /* + * Run management over tunnel, or + * separate channel? + */ + if (streq (addr, "tunnel")) + { + ms->management_over_tunnel = true; + } + else + { + ms->local.sin_addr.s_addr = getaddr + (GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, addr, 0, NULL, NULL); + } + + /* + * Log history and echo buffer may need to be resized + */ + ms->log_history_cache = log_history_cache; + ms->echo_buffer_size = echo_buffer_size; + ms->state_buffer_size = state_buffer_size; + + ms->defined = true; + } +} + +static void +man_settings_close (struct man_settings *ms) +{ + CLEAR (*ms); +} + + +static void +man_connection_init (struct management *man) +{ + if (man->connection.state == MS_INITIAL) + { +#ifdef WIN32 + /* + * This object is a sort of TCP/IP helper + * for Windows. + */ + net_event_win32_init (&man->connection.ne32); +#endif + + /* + * Allocate helper objects for command line input and + * command output from/to the socket. + */ + man->connection.in = command_line_new (256); + man->connection.out = output_list_new (0); + + /* + * Initialize event set for standalone usage, when we are + * running outside of the primary event loop. + */ + { + int maxevents = 1; + man->connection.es = event_set_init (&maxevents, EVENT_METHOD_FAST); + } + + /* + * Listen on socket + */ + man_listen (man); + } +} + +static void +man_connection_close (struct management *man) +{ + struct man_connection *mc = &man->connection; + + if (mc->es) + event_free (mc->es); +#ifdef WIN32 + net_event_win32_close (&mc->ne32); +#endif + if (socket_defined (mc->sd_top)) + man_close_socket (man, mc->sd_top); + if (socket_defined (mc->sd_cli)) + man_close_socket (man, mc->sd_cli); + if (mc->in) + command_line_free (mc->in); + if (mc->out) + output_list_free (mc->out); + man_connection_clear (mc); +} + +struct management * +management_init (void) +{ + struct management *man; + ALLOC_OBJ_CLEAR (man, struct management); + + man_persist_init (man, + MANAGEMENT_LOG_HISTORY_INITIAL_SIZE, + MANAGEMENT_ECHO_BUFFER_SIZE, + MANAGEMENT_STATE_BUFFER_SIZE); + + man_connection_clear (&man->connection); + + return man; +} + +bool +management_open (struct management *man, + const char *addr, + const int port, + const char *pass_file, + const bool server, + const bool query_passwords, + const int log_history_cache, + const int echo_buffer_size, + const int state_buffer_size, + const bool hold) +{ + bool ret = false; + + /* + * Save the settings only if they have not + * been saved before. + */ + man_settings_init (&man->settings, + addr, + port, + pass_file, + server, + query_passwords, + log_history_cache, + echo_buffer_size, + state_buffer_size, + hold); + + /* + * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE, + * but may be changed here. Ditto for echo and state buffers. + */ + log_history_resize (man->persist.log, man->settings.log_history_cache); + log_history_resize (man->persist.echo, man->settings.echo_buffer_size); + log_history_resize (man->persist.state, man->settings.state_buffer_size); + + /* + * If connection object is uninitialized and we are not doing + * over-the-tunnel management, then open (listening) connection. + */ + if (man->connection.state == MS_INITIAL) + { + if (!man->settings.management_over_tunnel) + { + man_connection_init (man); + ret = true; + } + } + + return ret; +} + +void +management_close (struct management *man) +{ + man_connection_close (man); + man_settings_close (&man->settings); + man_persist_close (&man->persist); + free (man); +} + +void +management_set_callback (struct management *man, + const struct management_callback *cb) +{ + man->persist.standalone_disabled = true; + man->persist.callback = *cb; +} + +void +management_clear_callback (struct management *man) +{ + man->persist.standalone_disabled = false; + man->persist.hold_release = false; + CLEAR (man->persist.callback); + man_output_list_push (man, NULL); /* flush output queue */ +} + +void +management_set_state (struct management *man, + const int state, + const char *detail, + const in_addr_t tun_local_ip) +{ + if (man->persist.state && (!man->settings.server || state < OPENVPN_STATE_CLIENT_BASE)) + { + struct gc_arena gc = gc_new (); + struct log_entry e; + const char *out = NULL; + + update_time (); + CLEAR (e); + e.timestamp = now; + e.u.state = state; + e.string = detail; + e.local_ip = tun_local_ip; + + log_history_add (man->persist.state, &e); + + if (man->connection.state_realtime) + out = log_entry_print (&e, LOG_PRINT_STATE_PREFIX + | LOG_PRINT_INT_DATE + | LOG_PRINT_STATE + | LOG_PRINT_LOCAL_IP + | LOG_PRINT_CRLF, &gc); + + if (out) + man_output_list_push (man, out); + + gc_free (&gc); + } +} + +void +management_echo (struct management *man, const char *string) +{ + if (man->persist.echo) + { + struct gc_arena gc = gc_new (); + struct log_entry e; + const char *out = NULL; + + update_time (); + CLEAR (e); + e.timestamp = now; + e.u.msg_flags = 0; + e.string = string; + + log_history_add (man->persist.echo, &e); + + if (man->connection.echo_realtime) + out = log_entry_print (&e, LOG_PRINT_INT_DATE|LOG_PRINT_ECHO_PREFIX|LOG_PRINT_CRLF, &gc); + + if (out) + man_output_list_push (man, out); + + gc_free (&gc); + } +} + +void +management_post_tunnel_open (struct management *man, const in_addr_t tun_local_ip) +{ + /* + * If we are running management over the tunnel, + * this is the place to initialize the connection. + */ + if (man->settings.management_over_tunnel + && man->connection.state == MS_INITIAL) + { + /* listen on our local TUN/TAP IP address */ + man->settings.local.sin_addr.s_addr = htonl (tun_local_ip); + man_connection_init (man); + } + +} + +void +management_pre_tunnel_close (struct management *man) +{ + if (man->settings.management_over_tunnel) + man_connection_close (man); +} + +void +management_auth_failure (struct management *man, const char *type) +{ + msg (M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type); +} + +static inline bool +man_persist_state (unsigned int *persistent, const int n) +{ + if (persistent) + { + if (*persistent == (unsigned int)n) + return false; + *persistent = n; + } + return true; +} + +#ifdef WIN32 + +void +management_socket_set (struct management *man, + struct event_set *es, + void *arg, + unsigned int *persistent) +{ + if (man->connection.state != MS_INITIAL) + { + event_t ev = net_event_win32_get_event (&man->connection.ne32); + net_event_win32_reset_write (&man->connection.ne32); + + switch (man->connection.state) + { + case MS_LISTEN: + if (man_persist_state (persistent, 1)) + event_ctl (es, ev, EVENT_READ, arg); + break; + case MS_CC_WAIT_READ: + if (man_persist_state (persistent, 2)) + event_ctl (es, ev, EVENT_READ, arg); + break; + case MS_CC_WAIT_WRITE: + if (man_persist_state (persistent, 3)) + event_ctl (es, ev, EVENT_READ|EVENT_WRITE, arg); + break; + default: + ASSERT (0); + } + } +} + +void +management_io (struct management *man) +{ + if (man->connection.state != MS_INITIAL) + { + long net_events; + net_event_win32_reset (&man->connection.ne32); + net_events = net_event_win32_get_event_mask (&man->connection.ne32); + + if (net_events & FD_CLOSE) + { + man_reset_client_socket (man, true); + } + else + { + if (man->connection.state == MS_LISTEN) + { + if (net_events & FD_ACCEPT) + { + man_accept (man); + net_event_win32_clear_selected_events (&man->connection.ne32, FD_ACCEPT); + } + } + else if (man->connection.state == MS_CC_WAIT_READ) + { + if (net_events & FD_READ) + { + man_read (man); + net_event_win32_clear_selected_events (&man->connection.ne32, FD_READ); + } + } + + if (man->connection.state == MS_CC_WAIT_WRITE) + { + if (net_events & FD_WRITE) + { + int status; + /* dmsg (M_INFO, "FD_WRITE set"); */ + status = man_write (man); + if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK) + { + /* dmsg (M_INFO, "FD_WRITE cleared"); */ + net_event_win32_clear_selected_events (&man->connection.ne32, FD_WRITE); + } + } + } + } + } +} + +#else + +void +management_socket_set (struct management *man, + struct event_set *es, + void *arg, + unsigned int *persistent) +{ + switch (man->connection.state) + { + case MS_LISTEN: + if (man_persist_state (persistent, 1)) + event_ctl (es, man->connection.sd_top, EVENT_READ, arg); + break; + case MS_CC_WAIT_READ: + if (man_persist_state (persistent, 2)) + event_ctl (es, man->connection.sd_cli, EVENT_READ, arg); + break; + case MS_CC_WAIT_WRITE: + if (man_persist_state (persistent, 3)) + event_ctl (es, man->connection.sd_cli, EVENT_WRITE, arg); + break; + case MS_INITIAL: + break; + default: + ASSERT (0); + } +} + +void +management_io (struct management *man) +{ + switch (man->connection.state) + { + case MS_LISTEN: + man_accept (man); + break; + case MS_CC_WAIT_READ: + man_read (man); + break; + case MS_CC_WAIT_WRITE: + man_write (man); + break; + case MS_INITIAL: + break; + default: + ASSERT (0); + } +} + +#endif + +static inline bool +man_standalone_ok (const struct management *man) +{ + return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL; +} + +/* + * Wait for socket I/O when outside primary event loop + */ +static int +man_block (struct management *man, volatile int *signal_received, const time_t expire) +{ + struct timeval tv; + struct event_set_return esr; + int status = -1; + + if (man_standalone_ok (man)) + { + do + { + event_reset (man->connection.es); + management_socket_set (man, man->connection.es, NULL, NULL); + tv.tv_usec = 0; + tv.tv_sec = 1; + status = event_wait (man->connection.es, &tv, &esr, 1); + update_time (); + if (signal_received) + { + get_signal (signal_received); + if (*signal_received) + { + status = -1; + break; + } + } + /* set SIGINT signal if expiration time exceeded */ + if (expire && now >= expire) + { + status = 0; + if (signal_received) + *signal_received = SIGINT; + break; + } + } while (status != 1); + } + return status; +} + +/* + * Perform management socket output outside primary event loop + */ +static void +man_output_standalone (struct management *man, volatile int *signal_received) +{ + if (man_standalone_ok (man)) + { + while (man->connection.state == MS_CC_WAIT_WRITE) + { + management_io (man); + if (man->connection.state == MS_CC_WAIT_WRITE) + man_block (man, signal_received, 0); + if (signal_received && *signal_received) + break; + } + } +} + +/* + * Process management event loop outside primary event loop + */ +static int +man_standalone_event_loop (struct management *man, volatile int *signal_received, const time_t expire) +{ + int status; + ASSERT (man_standalone_ok (man)); + status = man_block (man, signal_received, expire); + if (status > 0) + management_io (man); + return status; +} + +#define MWCC_PASSWORD_WAIT (1<<0) +#define MWCC_HOLD_WAIT (1<<1) + +/* + * Block until client connects + */ +static void +man_wait_for_client_connection (struct management *man, + volatile int *signal_received, + const time_t expire, + unsigned int flags) +{ + ASSERT (man_standalone_ok (man)); + if (man->connection.state == MS_LISTEN) + { + if (flags & MWCC_PASSWORD_WAIT) + msg (D_MANAGEMENT, "Need password(s) from management interface, waiting..."); + if (flags & MWCC_HOLD_WAIT) + msg (D_MANAGEMENT, "Need hold release from management interface, waiting..."); + do { + man_standalone_event_loop (man, signal_received, expire); + if (signal_received && *signal_received) + break; + } while (man->connection.state == MS_LISTEN || man_password_needed (man)); + } +} + +/* + * Process the management event loop for sec seconds + */ +void +management_event_loop_n_seconds (struct management *man, int sec) +{ + if (man_standalone_ok (man)) + { + volatile int signal_received = 0; + const bool standalone_disabled_save = man->persist.standalone_disabled; + time_t expire; + + man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ + + /* set expire time */ + update_time (); + expire = now + sec; + + /* if no client connection, wait for one */ + man_wait_for_client_connection (man, &signal_received, expire, 0); + if (signal_received) + return; + + /* run command processing event loop until we get our username/password */ + while (true) + { + man_standalone_event_loop (man, &signal_received, expire); + if (signal_received) + return; + } + + /* revert state */ + man->persist.standalone_disabled = standalone_disabled_save; + } + else + { + sleep (sec); + } +} + +/* + * Get a username/password from management channel in standalone mode. + */ +bool +management_query_user_pass (struct management *man, + struct user_pass *up, + const char *type, + const bool password_only) +{ + struct gc_arena gc = gc_new (); + bool ret = false; + + if (man_standalone_ok (man)) + { + volatile int signal_received = 0; + const bool standalone_disabled_save = man->persist.standalone_disabled; + struct buffer alert_msg = alloc_buf_gc (128, &gc); + + ret = true; + man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ + man->persist.special_state_msg = NULL; + + CLEAR (man->connection.up_query); + + buf_printf (&alert_msg, ">PASSWORD:Need '%s' %s", + type, + password_only ? "password" : "username/password"); + + man_wait_for_client_connection (man, &signal_received, 0, MWCC_PASSWORD_WAIT); + if (signal_received) + ret = false; + + if (ret) + { + man->persist.special_state_msg = BSTR (&alert_msg); + msg (M_CLIENT, "%s", man->persist.special_state_msg); + + /* tell command line parser which info we need */ + man->connection.up_query_mode = password_only ? UP_QUERY_PASS : UP_QUERY_USER_PASS; + man->connection.up_query_type = type; + + /* run command processing event loop until we get our username/password */ + do + { + man_standalone_event_loop (man, &signal_received, 0); + if (signal_received) + { + ret = false; + break; + } + } while (!man->connection.up_query.defined); + } + + /* revert state */ + man->connection.up_query_mode = UP_QUERY_DISABLED; + man->connection.up_query_type = NULL; + man->persist.standalone_disabled = standalone_disabled_save; + man->persist.special_state_msg = NULL; + + /* + * Transfer u/p to return object, zero any record + * we hold in the management object. + */ + if (ret) + { + man->connection.up_query.nocache = up->nocache; /* preserve caller's nocache setting */ + *up = man->connection.up_query; + } + CLEAR (man->connection.up_query); + } + + gc_free (&gc); + return ret; +} + +/* + * Return true if management_hold() would block + */ +bool +management_would_hold (struct management *man) +{ + return man->settings.hold && !man->persist.hold_release && man_standalone_ok (man); +} + +/* + * Return true if (from the management interface's perspective) OpenVPN should + * daemonize. + */ +bool +management_should_daemonize (struct management *man) +{ + return management_would_hold (man) || man->settings.up_query_passwords; +} + +/* + * If the hold flag is enabled, hibernate until a management client releases the hold. + * Return true if the caller should not sleep for an additional time interval. + */ +bool +management_hold (struct management *man) +{ + if (management_would_hold (man)) + { + volatile int signal_received = 0; + const bool standalone_disabled_save = man->persist.standalone_disabled; + + man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ + man->persist.special_state_msg = NULL; + + man_wait_for_client_connection (man, &signal_received, 0, MWCC_HOLD_WAIT); + + if (!signal_received) + { + man->persist.special_state_msg = ">HOLD:Waiting for hold release"; + msg (M_CLIENT, "%s", man->persist.special_state_msg); + + /* run command processing event loop until we get our username/password */ + do + { + man_standalone_event_loop (man, &signal_received, 0); + if (signal_received) + break; + } while (!man->persist.hold_release); + } + + /* revert state */ + man->persist.standalone_disabled = standalone_disabled_save; + man->persist.special_state_msg = NULL; + + return true; + } + return false; +} + +/* + * struct command_line + */ + +struct command_line * +command_line_new (const int buf_len) +{ + struct command_line *cl; + ALLOC_OBJ_CLEAR (cl, struct command_line); + cl->buf = alloc_buf (buf_len); + cl->residual = alloc_buf (buf_len); + return cl; +} + +void +command_line_reset (struct command_line *cl) +{ + buf_clear (&cl->buf); + buf_clear (&cl->residual); +} + +void +command_line_free (struct command_line *cl) +{ + command_line_reset (cl); + free_buf (&cl->buf); + free_buf (&cl->residual); + free (cl); +} + +void +command_line_add (struct command_line *cl, const unsigned char *buf, const int len) +{ + int i; + for (i = 0; i < len; ++i) + { + if (buf[i] && (isprint(buf[i]) || buf[i] == '\n')) + { + if (!buf_write_u8 (&cl->buf, buf[i])) + buf_clear (&cl->buf); + } + } +} + +const unsigned char * +command_line_get (struct command_line *cl) +{ + int i; + const unsigned char *ret = NULL; + + i = buf_substring_len (&cl->buf, '\n'); + if (i >= 0) + { + buf_copy_excess (&cl->residual, &cl->buf, i); + buf_chomp (&cl->buf); + ret = (const unsigned char *) BSTR (&cl->buf); + } + return ret; +} + +void +command_line_next (struct command_line *cl) +{ + buf_clear (&cl->buf); + buf_copy (&cl->buf, &cl->residual); + buf_clear (&cl->residual); +} + +/* + * struct output_list + */ + +struct output_list * +output_list_new (const int max_size) +{ + struct output_list *ret; + ALLOC_OBJ_CLEAR (ret, struct output_list); + ret->max_size = max_size; + ret->size = 0; + return ret; +} + +void +output_list_free (struct output_list *ol) +{ + output_list_reset (ol); + free (ol); +} + +bool +output_list_defined (const struct output_list *ol) +{ + return ol->head != NULL; +} + +void +output_list_reset (struct output_list *ol) +{ + struct output_entry *e = ol->head; + while (e) + { + struct output_entry *next = e->next; + free_buf (&e->buf); + free (e); + e = next; + } + ol->head = ol->tail = NULL; + ol->size = 0; +} + +void +output_list_push (struct output_list *ol, const unsigned char *str) +{ + if (!ol->max_size || ol->size < ol->max_size) + { + struct output_entry *e; + ALLOC_OBJ_CLEAR (e, struct output_entry); + + ++ol->size; + if (ol->tail) + { + ASSERT (ol->head); + ol->tail->next = e; + } + else + { + ASSERT (!ol->head); + ol->head = e; + } + e->buf = string_alloc_buf ((const char *) str, NULL); + ol->tail = e; + } +} + +const struct buffer * +output_list_peek (struct output_list *ol) +{ + if (ol->head) + return &ol->head->buf; + else + return NULL; +} + +static void +output_list_pop (struct output_list *ol) +{ + if (ol->head) + { + struct output_entry *e = ol->head->next; + free_buf (&ol->head->buf); + free (ol->head); + ol->head = e; + --ol->size; + if (!e) + ol->tail = NULL; + } +} + +void +output_list_advance (struct output_list *ol, int n) +{ + if (ol->head) + { + struct buffer *buf = &ol->head->buf; + ASSERT (buf_advance (buf, n)); + if (!BLEN (buf)) + output_list_pop (ol); + } +} + +/* + * struct log_entry + */ + +const char * +log_entry_print (const struct log_entry *e, unsigned int flags, struct gc_arena *gc) +{ + struct buffer out = alloc_buf_gc (ERR_BUF_SIZE, gc); + if (flags & LOG_FATAL_NOTIFY) + buf_printf (&out, ">FATAL:"); + if (flags & LOG_PRINT_LOG_PREFIX) + buf_printf (&out, ">LOG:"); + if (flags & LOG_PRINT_ECHO_PREFIX) + buf_printf (&out, ">ECHO:"); + if (flags & LOG_PRINT_STATE_PREFIX) + buf_printf (&out, ">STATE:"); + if (flags & LOG_PRINT_INT_DATE) + buf_printf (&out, "%u,", (unsigned int)e->timestamp); + if (flags & LOG_PRINT_MSG_FLAGS) + buf_printf (&out, "%s,", msg_flags_string (e->u.msg_flags, gc)); + if (flags & LOG_PRINT_STATE) + buf_printf (&out, "%s,", man_state_name (e->u.state)); + if (e->string) + buf_printf (&out, "%s", e->string); + if (flags & LOG_PRINT_LOCAL_IP) + buf_printf (&out, ",%s", print_in_addr_t (e->local_ip, IA_EMPTY_IF_UNDEF, gc)); + if (flags & LOG_PRINT_CRLF) + buf_printf (&out, "\r\n"); + return BSTR (&out); +} + +static void +log_entry_free_contents (struct log_entry *e) +{ + if (e->string) + free ((char *)e->string); + CLEAR (*e); +} + +/* + * struct log_history + */ + +static inline int +log_index (const struct log_history *h, int i) +{ + return modulo_add (h->base, i, h->capacity); +} + +static void +log_history_obj_init (struct log_history *h, int capacity) +{ + CLEAR (*h); + h->capacity = capacity; + ALLOC_ARRAY_CLEAR (h->array, struct log_entry, capacity); +} + +struct log_history * +log_history_init (const int capacity) +{ + struct log_history *h; + ASSERT (capacity > 0); + ALLOC_OBJ (h, struct log_history); + log_history_obj_init (h, capacity); + return h; +} + +static void +log_history_free_contents (struct log_history *h) +{ + int i; + for (i = 0; i < h->size; ++i) + log_entry_free_contents (&h->array[log_index(h, i)]); + free (h->array); +} + +void +log_history_close (struct log_history *h) +{ + log_history_free_contents (h); + free (h); +} + +void +log_history_add (struct log_history *h, const struct log_entry *le) +{ + struct log_entry *e; + ASSERT (h->size >= 0 && h->size <= h->capacity); + if (h->size == h->capacity) + { + e = &h->array[h->base]; + log_entry_free_contents (e); + h->base = log_index (h, 1); + } + else + { + e = &h->array[log_index(h, h->size)]; + ++h->size; + } + + *e = *le; + e->string = string_alloc (le->string, NULL); +} + +void +log_history_resize (struct log_history *h, const int capacity) +{ + if (capacity != h->capacity) + { + struct log_history newlog; + int i; + + ASSERT (capacity > 0); + log_history_obj_init (&newlog, capacity); + + for (i = 0; i < h->size; ++i) + log_history_add (&newlog, &h->array[log_index(h, i)]); + + log_history_free_contents (h); + *h = newlog; + } +} + +const struct log_entry * +log_history_ref (const struct log_history *h, const int index) +{ + if (index >= 0 && index < h->size) + return &h->array[log_index(h, (h->size - 1) - index)]; + else + return NULL; +} + +#else +static void dummy(void) {} +#endif /* ENABLE_MANAGEMENT */ |