}
else if (buf_string_match_head_str(buf, "INFO_PRE"))
{
- server_pushed_info(c, buf, 8);
+ server_pushed_info(buf, 8);
}
else if (buf_string_match_head_str(buf, "INFO"))
{
- server_pushed_info(c, buf, 4);
+ server_pushed_info(buf, 4);
}
else if (buf_string_match_head_str(buf, "CR_RESPONSE"))
{
}
static void
-multi_client_connect_setenv(struct multi_context *m,
- struct multi_instance *mi)
+multi_client_connect_setenv(struct multi_instance *mi)
{
struct gc_arena gc = gc_new();
/* do --client-connect setenvs */
multi_select_virtual_addr(m, mi);
- multi_client_connect_setenv(m, mi);
+ multi_client_connect_setenv(mi);
}
/**
*/
multi_select_virtual_addr(m, mi);
- multi_client_connect_setenv(m, mi);
+ multi_client_connect_setenv(mi);
ret = CC_RET_SUCCEEDED;
}
multi_bcast(struct multi_context *m,
const struct buffer *buf,
const struct multi_instance *sender_instance,
- const struct mroute_addr *sender_addr,
uint16_t vid)
{
struct hash_iterator hi;
if (mroute_flags & MROUTE_EXTRACT_MCAST)
{
/* for now, treat multicast as broadcast */
- multi_bcast(m, &c->c2.to_tun, m->pending, NULL, 0);
+ multi_bcast(m, &c->c2.to_tun, m->pending, 0);
}
else /* possible client to client routing */
{
{
if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
{
- multi_bcast(m, &c->c2.to_tun, m->pending, NULL,
- vid);
+ multi_bcast(m, &c->c2.to_tun, m->pending, vid);
}
else /* try client-to-client routing */
{
if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
{
/* for now, treat multicast as broadcast */
- multi_bcast(m, &m->top.c2.buf, NULL, NULL, vid);
+ multi_bcast(m, &m->top.c2.buf, NULL, vid);
}
else
{
for (i = 0; i < parm.n_packets; ++i)
{
- multi_bcast(m, &buf, NULL, NULL, 0);
+ multi_bcast(m, &buf, NULL, 0);
}
gc_free(&gc);
parse_http_proxy_override(const char *server,
const char *port,
const char *flags,
- const int msglevel,
struct gc_arena *gc)
{
if (server && port)
}
static struct pull_filter *
-alloc_pull_filter(struct options *o, const int msglevel)
+alloc_pull_filter(struct options *o)
{
struct pull_filter_list *l = alloc_pull_filter_list(o);
struct pull_filter *f;
else if (streq(p[0], "http-proxy-override") && p[1] && p[2] && !p[4])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- options->http_proxy_override = parse_http_proxy_override(p[1], p[2], p[3], msglevel, &options->gc);
+ options->http_proxy_override = parse_http_proxy_override(p[1], p[2], p[3], &options->gc);
if (!options->http_proxy_override)
{
goto err;
{
struct pull_filter *f;
VERIFY_PERMISSION(OPT_P_GENERAL)
- f = alloc_pull_filter(options, msglevel);
+ f = alloc_pull_filter(options);
if (strcmp("accept", p[1]) == 0)
{
static bool
add_proxy_headers(struct http_proxy_info *p,
socket_descriptor_t sd, /* already open to proxy */
- const char *host, /* openvpn server remote */
- const char *port /* openvpn server port */
+ const char *host /* openvpn server remote */
)
{
char buf[512];
goto error;
}
- if (!add_proxy_headers(p, sd, host, port))
+ if (!add_proxy_headers(p, sd, host))
{
goto error;
}
}
/* send HOST etc, */
- if (!add_proxy_headers(p, sd, host, port))
+ if (!add_proxy_headers(p, sd, host))
{
goto error;
}
}
/* send HOST etc, */
- if (!add_proxy_headers(p, sd, host, port))
+ if (!add_proxy_headers(p, sd, host))
{
goto error;
}
void
-server_pushed_info(struct context *c, const struct buffer *buffer,
- const int adv)
+server_pushed_info(const struct buffer *buffer, const int adv)
{
const char *m = "";
struct buffer buf = *buffer;
gc_free(&gc);
}
- #endif
+#endif
msg(D_PUSH, "Info command was pushed by server ('%s')", m);
}
void receive_exit_message(struct context *c);
-void server_pushed_info(struct context *c, const struct buffer *buffer,
- const int adv);
+void server_pushed_info(const struct buffer *buffer, const int adv);
void receive_cr_response(struct context *c, const struct buffer *buffer);
{
if (flags & ROUTE_DELETE_FIRST)
{
- delete_route_ipv6(r, tt, flags, es, ctx);
+ delete_route_ipv6(r, tt, es, ctx);
}
ret = add_route_ipv6(r, tt, flags, es, ctx) && ret;
}
struct route_ipv6 *r6;
for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
{
- delete_route_ipv6(r6, tt, flags, es, ctx);
+ delete_route_ipv6(r6, tt, es, ctx);
}
rl6->iflags &= ~RL_ROUTES_ADDED;
}
void
delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt,
- unsigned int flags, const struct env_set *es,
+ const struct env_set *es,
openvpn_net_ctx_t *ctx)
{
const char *network;
bool add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);
-void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);
+void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, const struct env_set *es, openvpn_net_ctx_t *ctx);
bool add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags,
const struct route_gateway_info *rgi, const struct env_set *es,
establish_socks_proxy_udpassoc(sock->socks_proxy,
sock->ctrl_sd,
- sock->sd,
&sock->socks_relay.dest,
sock->server_poll_timeout,
sig_info);
#ifdef _WIN32
return link_socket_write_win32(sock, buf, to);
#else
- return link_socket_write_tcp_posix(sock, buf, to);
+ return link_socket_write_tcp_posix(sock, buf);
#endif
}
static inline ssize_t
link_socket_write_tcp_posix(struct link_socket *sock,
- struct buffer *buf,
- struct link_socket_actual *to)
+ struct buffer *buf)
{
return send(sock->sd, BPTR(buf), BLEN(buf), MSG_NOSIGNAL);
}
void
establish_socks_proxy_udpassoc(struct socks_proxy_info *p,
socket_descriptor_t ctrl_sd, /* already open to proxy */
- socket_descriptor_t udp_sd,
struct openvpn_sockaddr *relay_addr,
struct event_timeout *server_poll_timeout,
struct signal_info *sig_info)
void establish_socks_proxy_udpassoc(struct socks_proxy_info *p,
socket_descriptor_t ctrl_sd, /* already open to proxy */
- socket_descriptor_t udp_sd,
struct openvpn_sockaddr *relay_addr,
struct event_timeout *server_poll_timeout,
struct signal_info *sig_info);
/* If dynamic tls-crypt has been negotiated, and we are on the
* first session (key_id = 0), generate a tls-crypt key for the
* following renegotiations */
- if (!tls_session_generate_dynamic_tls_crypt_key(multi, session))
+ if (!tls_session_generate_dynamic_tls_crypt_key(session))
{
return false;
}
}
static void
-export_user_keying_material(struct key_state_ssl *ssl,
- struct tls_session *session)
+export_user_keying_material(struct tls_session *session)
{
if (session->opt->ekm_size > 0)
{
if ((ks->authenticated > KS_AUTH_FALSE)
&& plugin_defined(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL))
{
- export_user_keying_material(&ks->ks_ssl, session);
+ export_user_keying_material(session);
if (plugin_call(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
*/
static void
verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert_depth,
- const char *subject, const char *common_name,
+ const char *subject,
const struct x509_track *x509_track)
{
char envname[64];
snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth);
setenv_str(es, envname, subject);
-#if 0
- /* export common name string as environmental variable */
- snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth);
- setenv_str(es, envname, common_name);
-#endif
-
/* export X509 cert fingerprints */
{
struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc);
*/
static result_t
verify_cert_call_command(const char *verify_command, struct env_set *es,
- int cert_depth, openvpn_x509_cert_t *cert, char *subject)
+ int cert_depth, char *subject)
{
int ret;
struct gc_arena gc = gc_new();
}
}
/* export certificate values to the environment */
- verify_cert_set_env(opt->es, cert, cert_depth, subject, common_name,
- opt->x509_track);
+ verify_cert_set_env(opt->es, cert, cert_depth, subject, opt->x509_track);
/* export current untrusted IP */
setenv_untrusted(session);
/* run --tls-verify script */
if (opt->verify_command && SUCCESS != verify_cert_call_command(opt->verify_command,
- opt->es, cert_depth, cert, subject))
+ opt->es, cert_depth, subject))
{
goto cleanup;
}
*/
static char *
key_state_check_auth_failed_message_file(const struct auth_deferred_status *ads,
- struct tls_multi *multi,
struct gc_arena *gc)
{
char *ret = NULL;
{
struct gc_arena gc = gc_new();
const struct key_state *ks = get_primary_key(multi);
- const char *plugin_message = key_state_check_auth_failed_message_file(&ks->plugin_auth, multi, &gc);
- const char *script_message = key_state_check_auth_failed_message_file(&ks->script_auth, multi, &gc);
+ const char *plugin_message = key_state_check_auth_failed_message_file(&ks->plugin_auth, &gc);
+ const char *script_message = key_state_check_auth_failed_message_file(&ks->script_auth, &gc);
if (plugin_message)
{
struct auth_deferred_status *status)
{
struct gc_arena gc = gc_new();
- const char *msg = key_state_check_auth_failed_message_file(status, multi, &gc);
+ const char *msg = key_state_check_auth_failed_message_file(status, &gc);
if (msg)
{
auth_set_client_reason(multi, msg);
static int
verify_user_pass_management(struct tls_session *session,
- struct tls_multi *multi,
const struct user_pass *up)
{
int retval = KMDA_ERROR;
#ifdef ENABLE_MANAGEMENT
if (man_def_auth == KMDA_DEF)
{
- man_def_auth = verify_user_pass_management(session, multi, up);
+ man_def_auth = verify_user_pass_management(session, up);
}
#endif
if (plugin_defined(session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY))
}
bool
-tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi,
- struct tls_session *session)
+tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session)
{
session->tls_wrap_reneg.opt = session->tls_wrap.opt;
session->tls_wrap_reneg.mode = TLS_WRAP_CRYPT;
*
* All renegotiations of a session use the same generated dynamic key.
*
- * @param multi multi session struct
* @param session session that will be used for the TLS EKM exporter
* @return true iff generating the key was successful
*/
bool
-tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi,
- struct tls_session *session);
+tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session);
/**
* Returns the maximum overhead (in bytes) added to the destination buffer by
r6.metric = 0; /* connected route */
r6.flags = RT_DEFINED | RT_ADDED | RT_METRIC_DEFINED;
route_ipv6_clear_host_bits(&r6);
- delete_route_ipv6(&r6, tt, 0, NULL, NULL);
+ delete_route_ipv6(&r6, tt, NULL, NULL);
}
#endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
struct gc_arena gc = gc_new();
- struct tls_multi multi = { 0 };
struct tls_session session = { 0 };
struct tls_options tls_opt = { 0 };
tls_opt.frame.buf.payload_size = 512;
session.opt = &tls_opt;
- tls_session_generate_dynamic_tls_crypt_key(&multi, &session);
+ tls_session_generate_dynamic_tls_crypt_key(&session);
struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg;
memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00, sizeof(session.tls_wrap.original_wrap_keydata.keys));
session.tls_wrap.original_wrap_keydata.n = 2;
- tls_session_generate_dynamic_tls_crypt_key(&multi, &session);
+ tls_session_generate_dynamic_tls_crypt_key(&session);
tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
/* XOR should not force a different key */
memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42, sizeof(session.tls_wrap.original_wrap_keydata.keys));
- tls_session_generate_dynamic_tls_crypt_key(&multi, &session);
+ tls_session_generate_dynamic_tls_crypt_key(&session);
tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
projects / thirdparty / openvpn.git / commitdiff
