2012-08-24 23:13:42 +02:00
|
|
|
//
|
|
|
|
// cliproto.hpp
|
|
|
|
// OpenVPN
|
|
|
|
//
|
|
|
|
// Copyright (c) 2012 OpenVPN Technologies, Inc. All rights reserved.
|
|
|
|
//
|
|
|
|
|
2012-02-04 11:24:54 +01:00
|
|
|
#ifndef OPENVPN_CLIENT_CLIPROTO_H
|
|
|
|
#define OPENVPN_CLIENT_CLIPROTO_H
|
|
|
|
|
2012-11-23 07:18:43 +01:00
|
|
|
// This is a middle-layer object in the OpenVPN client protocol stack.
|
|
|
|
// It is above the general OpenVPN protocol implementation in
|
|
|
|
// ProtoContext<RAND_API, CRYPTO_API, SSL_API> but below the top
|
|
|
|
// level object in a client connect (ClientConnect). See ClientConnect for
|
|
|
|
// a fuller description of the full client stack.
|
|
|
|
//
|
|
|
|
// This layer deals with setting up an OpenVPN client connection:
|
|
|
|
//
|
|
|
|
// 1. handles creation of transport-layer handler via TransportClientFactory
|
|
|
|
// 2. handles creation of tun-layer handler via TunClientFactory
|
|
|
|
// 3. handles sending PUSH_REQUEST to server and processing reply of server-pushed options
|
|
|
|
// 4. manages the underlying OpenVPN protocol object (ProtoContext<RAND_API, CRYPTO_API, SSL_API>)
|
|
|
|
// 5. handles timers on behalf of the underlying OpenVPN protocol object
|
|
|
|
// 6. acts as an exception dispatcher for errors occuring in any of the underlying layers
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
|
|
|
|
2012-02-04 11:24:54 +01:00
|
|
|
#include <boost/asio.hpp>
|
2012-02-06 09:28:05 +01:00
|
|
|
#include <boost/cstdint.hpp> // for boost::uint...
|
2012-02-15 19:19:34 +01:00
|
|
|
#include <boost/algorithm/string.hpp> // for boost::algorithm::starts_with and trim_left_copy
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
#include <openvpn/common/rc.hpp>
|
2012-02-04 11:24:54 +01:00
|
|
|
#include <openvpn/tun/client/tunbase.hpp>
|
|
|
|
#include <openvpn/transport/client/transbase.hpp>
|
|
|
|
#include <openvpn/options/continuation.hpp>
|
2012-03-08 11:30:43 +01:00
|
|
|
#include <openvpn/options/sanitize.hpp>
|
2012-02-04 11:24:54 +01:00
|
|
|
#include <openvpn/client/clievent.hpp>
|
2012-02-28 00:00:29 +01:00
|
|
|
#include <openvpn/client/clicreds.hpp>
|
2012-11-12 02:52:03 +01:00
|
|
|
#include <openvpn/client/cliconstants.hpp>
|
2012-03-31 18:08:20 +02:00
|
|
|
#include <openvpn/options/clihalt.hpp>
|
2012-02-04 11:24:54 +01:00
|
|
|
#include <openvpn/time/asiotimer.hpp>
|
|
|
|
#include <openvpn/time/coarsetime.hpp>
|
2012-11-14 17:41:33 +01:00
|
|
|
#include <openvpn/error/excode.hpp>
|
2012-02-04 11:24:54 +01:00
|
|
|
|
|
|
|
#include <openvpn/ssl/proto.hpp>
|
|
|
|
|
|
|
|
#ifdef OPENVPN_DEBUG_CLIPROTO
|
|
|
|
#define OPENVPN_LOG_CLIPROTO(x) OPENVPN_LOG(x)
|
|
|
|
#else
|
|
|
|
#define OPENVPN_LOG_CLIPROTO(x)
|
|
|
|
#endif
|
|
|
|
|
|
|
|
namespace openvpn {
|
2012-02-06 21:39:10 +01:00
|
|
|
namespace ClientProto {
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-07 12:37:35 +01:00
|
|
|
struct NotifyCallback {
|
2012-02-06 21:39:10 +01:00
|
|
|
virtual void client_proto_terminate() = 0;
|
2012-02-07 12:37:35 +01:00
|
|
|
virtual void client_proto_connected() {}
|
2012-02-06 09:28:05 +01:00
|
|
|
};
|
|
|
|
|
2012-03-12 13:24:40 +01:00
|
|
|
template <typename RAND_API, typename CRYPTO_API, typename SSL_API>
|
|
|
|
class Session : public ProtoContext<RAND_API, CRYPTO_API, SSL_API>, TransportClientParent, TunClientParent
|
2012-02-04 11:24:54 +01:00
|
|
|
{
|
2012-03-12 13:24:40 +01:00
|
|
|
typedef ProtoContext<RAND_API, CRYPTO_API, SSL_API> Base;
|
2012-02-06 21:39:10 +01:00
|
|
|
typedef typename Base::PacketType PacketType;
|
|
|
|
|
|
|
|
using Base::now;
|
2012-09-06 00:03:26 +02:00
|
|
|
using Base::stat;
|
2012-02-06 21:39:10 +01:00
|
|
|
|
|
|
|
public:
|
|
|
|
typedef boost::intrusive_ptr<Session> Ptr;
|
|
|
|
typedef typename Base::Config ProtoConfig;
|
|
|
|
|
|
|
|
OPENVPN_EXCEPTION(client_exception);
|
2012-03-31 18:08:20 +02:00
|
|
|
OPENVPN_EXCEPTION(client_halt_restart);
|
2012-02-06 21:39:10 +01:00
|
|
|
OPENVPN_EXCEPTION(tun_exception);
|
|
|
|
OPENVPN_EXCEPTION(transport_exception);
|
2012-02-19 02:36:50 +01:00
|
|
|
OPENVPN_EXCEPTION(max_pushed_options_exceeded);
|
2012-02-06 21:39:10 +01:00
|
|
|
OPENVPN_SIMPLE_EXCEPTION(session_invalidated);
|
2012-02-07 12:37:35 +01:00
|
|
|
OPENVPN_SIMPLE_EXCEPTION(authentication_failed);
|
2012-02-06 21:39:10 +01:00
|
|
|
|
2012-10-24 08:38:20 +02:00
|
|
|
OPENVPN_EXCEPTION(proxy_exception);
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
struct Config : public RC<thread_unsafe_refcount>
|
|
|
|
{
|
|
|
|
typedef boost::intrusive_ptr<Config> Ptr;
|
|
|
|
|
2012-02-19 02:36:50 +01:00
|
|
|
Config()
|
2012-11-12 02:52:03 +01:00
|
|
|
: pushed_options_limit("server-pushed options data too large",
|
|
|
|
ProfileParseLimits::MAX_PUSH_SIZE,
|
|
|
|
ProfileParseLimits::OPT_OVERHEAD,
|
|
|
|
ProfileParseLimits::TERM_OVERHEAD,
|
2012-11-14 03:35:50 +01:00
|
|
|
0,
|
|
|
|
ProfileParseLimits::MAX_DIRECTIVE_SIZE)
|
2012-02-19 02:36:50 +01:00
|
|
|
{}
|
|
|
|
|
2012-09-05 03:09:34 +02:00
|
|
|
typename ProtoConfig::Ptr proto_context_config;
|
2012-09-08 03:36:54 +02:00
|
|
|
ProtoContextOptions::Ptr proto_context_options;
|
2012-10-03 11:03:02 +02:00
|
|
|
PushOptionsBase::Ptr push_base;
|
2012-02-06 21:39:10 +01:00
|
|
|
TransportClientFactory::Ptr transport_factory;
|
|
|
|
TunClientFactory::Ptr tun_factory;
|
|
|
|
SessionStats::Ptr cli_stats;
|
|
|
|
ClientEvent::Queue::Ptr cli_events;
|
2012-02-28 00:00:29 +01:00
|
|
|
ClientCreds::Ptr creds;
|
2012-11-12 02:52:03 +01:00
|
|
|
OptionList::Limits pushed_options_limit;
|
2012-02-06 21:39:10 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
Session(boost::asio::io_service& io_service_arg,
|
|
|
|
const Config& config,
|
2012-02-07 12:37:35 +01:00
|
|
|
NotifyCallback* notify_callback_arg)
|
2012-02-06 21:39:10 +01:00
|
|
|
: Base(config.proto_context_config, config.cli_stats),
|
|
|
|
io_service(io_service_arg),
|
|
|
|
transport_factory(config.transport_factory),
|
|
|
|
tun_factory(config.tun_factory),
|
2012-02-07 12:37:35 +01:00
|
|
|
notify_callback(notify_callback_arg),
|
2012-02-06 21:39:10 +01:00
|
|
|
housekeeping_timer(io_service_arg),
|
|
|
|
push_request_timer(io_service_arg),
|
2012-02-07 12:37:35 +01:00
|
|
|
halt(false),
|
2012-10-03 11:03:02 +02:00
|
|
|
received_options(config.push_base),
|
2012-02-28 00:00:29 +01:00
|
|
|
creds(config.creds),
|
2012-09-08 03:36:54 +02:00
|
|
|
proto_context_options(config.proto_context_options),
|
2012-02-06 21:39:10 +01:00
|
|
|
first_packet_received_(false),
|
|
|
|
sent_push_request(false),
|
2012-10-31 15:46:40 +01:00
|
|
|
cli_stats(config.cli_stats),
|
2012-02-07 12:37:35 +01:00
|
|
|
cli_events(config.cli_events),
|
|
|
|
connected_(false),
|
2012-10-24 11:32:15 +02:00
|
|
|
fatal_(Error::UNDEF),
|
2012-11-12 02:52:03 +01:00
|
|
|
pushed_options_limit(config.pushed_options_limit)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-02-04 11:24:54 +01:00
|
|
|
#ifdef OPENVPN_PACKET_LOG
|
2012-02-06 21:39:10 +01:00
|
|
|
packet_log.open(OPENVPN_PACKET_LOG, std::ios::binary);
|
|
|
|
if (!packet_log)
|
|
|
|
OPENVPN_THROW(open_file_error, "cannot open packet log for output: " << OPENVPN_PACKET_LOG);
|
2012-02-04 11:24:54 +01:00
|
|
|
#endif
|
2012-02-16 21:46:38 +01:00
|
|
|
Base::update_now();
|
|
|
|
Base::reset();
|
2012-09-15 08:56:18 +02:00
|
|
|
//Base::enable_strict_openvpn_2x();
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
bool first_packet_received() const { return first_packet_received_; }
|
2012-02-06 09:28:05 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
void start()
|
|
|
|
{
|
2012-02-07 12:37:35 +01:00
|
|
|
if (!halt)
|
|
|
|
{
|
2012-02-07 21:52:40 +01:00
|
|
|
Base::update_now();
|
|
|
|
|
2012-02-07 12:37:35 +01:00
|
|
|
// coarse wakeup range
|
|
|
|
housekeeping_schedule.init(Time::Duration::binary_ms(512), Time::Duration::binary_ms(1024));
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-07 12:37:35 +01:00
|
|
|
// initialize transport-layer packet handler
|
|
|
|
transport = transport_factory->new_client_obj(io_service, *this);
|
|
|
|
transport->start();
|
|
|
|
}
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-27 09:16:27 +01:00
|
|
|
void send_explicit_exit_notify()
|
|
|
|
{
|
|
|
|
if (!halt)
|
|
|
|
Base::send_explicit_exit_notify();
|
|
|
|
}
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
void stop(const bool call_terminate_callback)
|
|
|
|
{
|
2012-02-07 12:37:35 +01:00
|
|
|
if (!halt)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-02-07 12:37:35 +01:00
|
|
|
halt = true;
|
2012-02-06 21:39:10 +01:00
|
|
|
housekeeping_timer.cancel();
|
|
|
|
push_request_timer.cancel();
|
|
|
|
if (tun)
|
|
|
|
tun->stop();
|
|
|
|
if (transport)
|
|
|
|
transport->stop();
|
2012-02-07 12:37:35 +01:00
|
|
|
if (notify_callback && call_terminate_callback)
|
|
|
|
notify_callback->client_proto_terminate();
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-07 12:37:35 +01:00
|
|
|
void stop_on_signal(const boost::system::error_code& error, int signal_number)
|
|
|
|
{
|
|
|
|
stop(true);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool reached_connected_state() const { return connected_; }
|
|
|
|
|
2012-02-19 02:36:50 +01:00
|
|
|
// Fatal error means that we shouldn't retry.
|
2012-10-24 11:32:15 +02:00
|
|
|
// Returns a value != Error::UNDEF if error
|
2012-02-19 02:36:50 +01:00
|
|
|
Error::Type fatal() const { return fatal_; }
|
|
|
|
const std::string& fatal_reason() const { return fatal_reason_; }
|
2012-02-15 19:19:34 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
virtual ~Session()
|
|
|
|
{
|
|
|
|
stop(false);
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
private:
|
|
|
|
// transport obj calls here with incoming packets
|
|
|
|
virtual void transport_recv(BufferAllocated& buf)
|
|
|
|
{
|
|
|
|
try {
|
2012-09-15 08:56:18 +02:00
|
|
|
OPENVPN_LOG_CLIPROTO("Transport RECV " << server_endpoint_render() << ' ' << Base::dump_packet(buf));
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// update current time
|
|
|
|
Base::update_now();
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-09-06 00:03:26 +02:00
|
|
|
// update last packet received
|
|
|
|
stat().update_last_packet_received(now());
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// log connecting event (only on first packet received)
|
|
|
|
if (!first_packet_received_)
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::Connecting();
|
|
|
|
cli_events->add_event(ev);
|
|
|
|
first_packet_received_ = true;
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// get packet type
|
|
|
|
typename Base::PacketType pt = Base::packet_type(buf);
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// process packet
|
|
|
|
if (tun && pt.is_data())
|
|
|
|
{
|
|
|
|
// data packet
|
|
|
|
Base::data_decrypt(pt, buf);
|
|
|
|
if (buf.size())
|
|
|
|
{
|
2012-02-04 11:24:54 +01:00
|
|
|
#ifdef OPENVPN_PACKET_LOG
|
2012-02-06 21:39:10 +01:00
|
|
|
log_packet(buf, false);
|
2012-02-04 11:24:54 +01:00
|
|
|
#endif
|
2012-02-06 21:39:10 +01:00
|
|
|
// make packet appear as incoming on tun interface
|
|
|
|
OPENVPN_LOG_CLIPROTO("TUN send, size=" << buf.size());
|
|
|
|
tun->tun_send(buf);
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// do a lightweight flush
|
|
|
|
Base::flush(false);
|
|
|
|
}
|
|
|
|
else if (pt.is_control())
|
|
|
|
{
|
|
|
|
// control packet
|
|
|
|
Base::control_net_recv(pt, buf);
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// do a full flush
|
|
|
|
Base::flush(true);
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// schedule housekeeping wakeup
|
|
|
|
set_housekeeping_timer();
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
2012-10-31 15:46:40 +01:00
|
|
|
catch (const ExceptionCode& e)
|
|
|
|
{
|
2012-11-12 02:52:03 +01:00
|
|
|
if (e.code_defined())
|
|
|
|
{
|
|
|
|
if (e.fatal())
|
|
|
|
transport_error((Error::Type)e.code(), e.what());
|
|
|
|
else
|
|
|
|
cli_stats->error((Error::Type)e.code());
|
|
|
|
}
|
2012-10-31 15:46:40 +01:00
|
|
|
else
|
2012-11-14 17:41:33 +01:00
|
|
|
process_exception(e, "transport_recv_excode");
|
|
|
|
}
|
|
|
|
catch (const std::exception& e)
|
|
|
|
{
|
|
|
|
process_exception(e, "transport_recv");
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// tun i/o driver calls here with incoming packets
|
|
|
|
virtual void tun_recv(BufferAllocated& buf)
|
|
|
|
{
|
|
|
|
try {
|
|
|
|
OPENVPN_LOG_CLIPROTO("TUN recv, size=" << buf.size());
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// update current time
|
|
|
|
Base::update_now();
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// encrypt packet
|
2012-02-04 11:24:54 +01:00
|
|
|
#ifdef OPENVPN_PACKET_LOG
|
2012-02-06 21:39:10 +01:00
|
|
|
log_packet(buf, true);
|
2012-02-04 11:24:54 +01:00
|
|
|
#endif
|
2012-02-06 21:39:10 +01:00
|
|
|
Base::data_encrypt(buf);
|
|
|
|
if (buf.size())
|
|
|
|
{
|
|
|
|
// send packet via transport to destination
|
2012-09-15 08:56:18 +02:00
|
|
|
OPENVPN_LOG_CLIPROTO("Transport SEND " << server_endpoint_render() << ' ' << Base::dump_packet(buf));
|
2012-02-06 21:39:10 +01:00
|
|
|
if (transport->transport_send(buf))
|
|
|
|
Base::update_last_sent();
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// do a lightweight flush
|
|
|
|
Base::flush(false);
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// schedule housekeeping wakeup
|
|
|
|
set_housekeeping_timer();
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
2012-02-17 20:28:44 +01:00
|
|
|
catch (const std::exception& e)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-07-01 17:37:46 +02:00
|
|
|
process_exception(e, "tun_recv");
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
virtual void transport_pre_resolve()
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::Resolve();
|
2012-02-04 11:24:54 +01:00
|
|
|
cli_events->add_event(ev);
|
|
|
|
}
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
std::string server_endpoint_render()
|
|
|
|
{
|
|
|
|
std::string server_host, server_port, server_proto, server_ip;
|
|
|
|
transport->server_endpoint_info(server_host, server_port, server_proto, server_ip);
|
|
|
|
std::ostringstream out;
|
|
|
|
out << server_host << ":" << server_port << " (" << server_ip << ") via " << server_proto;
|
|
|
|
return out.str();
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-10-31 19:54:02 +01:00
|
|
|
virtual void transport_wait_proxy()
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::WaitProxy();
|
|
|
|
cli_events->add_event(ev);
|
|
|
|
}
|
|
|
|
|
|
|
|
virtual void transport_wait()
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::Wait();
|
|
|
|
cli_events->add_event(ev);
|
|
|
|
}
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
virtual void transport_connecting()
|
|
|
|
{
|
|
|
|
try {
|
|
|
|
OPENVPN_LOG("Connecting to " << server_endpoint_render());
|
|
|
|
Base::start();
|
|
|
|
Base::flush(true);
|
|
|
|
set_housekeeping_timer();
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
2012-02-17 20:28:44 +01:00
|
|
|
catch (const std::exception& e)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-07-01 17:37:46 +02:00
|
|
|
process_exception(e, "transport_connecting");
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-10-24 11:32:15 +02:00
|
|
|
virtual void transport_error(const Error::Type fatal_err, const std::string& err_text)
|
2012-10-24 08:38:20 +02:00
|
|
|
{
|
2012-10-24 11:32:15 +02:00
|
|
|
if (fatal_err != Error::UNDEF)
|
|
|
|
{
|
|
|
|
fatal_ = fatal_err;
|
|
|
|
fatal_reason_ = err_text;
|
|
|
|
}
|
2012-10-24 08:38:20 +02:00
|
|
|
if (notify_callback)
|
|
|
|
{
|
2012-10-24 11:32:15 +02:00
|
|
|
OPENVPN_LOG("Transport Error: " << err_text);
|
2012-10-24 08:38:20 +02:00
|
|
|
stop(true);
|
|
|
|
}
|
|
|
|
else
|
2012-10-24 11:32:15 +02:00
|
|
|
throw transport_exception(err_text);
|
2012-10-24 08:38:20 +02:00
|
|
|
}
|
|
|
|
|
2012-10-24 11:32:15 +02:00
|
|
|
virtual void proxy_error(const Error::Type fatal_err, const std::string& err_text)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-10-24 11:32:15 +02:00
|
|
|
if (fatal_err != Error::UNDEF)
|
|
|
|
{
|
|
|
|
fatal_ = fatal_err;
|
|
|
|
fatal_reason_ = err_text;
|
|
|
|
}
|
2012-02-07 12:37:35 +01:00
|
|
|
if (notify_callback)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-10-24 11:32:15 +02:00
|
|
|
OPENVPN_LOG("Proxy Error: " << err_text);
|
2012-02-06 21:39:10 +01:00
|
|
|
stop(true);
|
|
|
|
}
|
|
|
|
else
|
2012-10-24 11:32:15 +02:00
|
|
|
throw proxy_exception(err_text);
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
void extract_auth_token(const OptionList& opt)
|
|
|
|
{
|
|
|
|
// if auth-token is present, use it as the password for future renegotiations
|
|
|
|
const Option* o = opt.get_ptr("auth-token");
|
|
|
|
if (o)
|
|
|
|
{
|
2012-11-14 03:35:50 +01:00
|
|
|
const std::string& sess_id = o->get(1, 256);
|
2012-03-31 18:08:20 +02:00
|
|
|
if (creds)
|
|
|
|
creds->set_session_id(sess_id);
|
2012-03-08 11:30:43 +01:00
|
|
|
#ifdef OPENVPN_SHOW_SESSION_TOKEN
|
|
|
|
OPENVPN_LOG("using session token " << sess_id);
|
|
|
|
#else
|
|
|
|
OPENVPN_LOG("using session token");
|
|
|
|
#endif
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// proto base class calls here for control channel network sends
|
|
|
|
virtual void control_net_send(const Buffer& net_buf)
|
|
|
|
{
|
2012-09-15 08:56:18 +02:00
|
|
|
OPENVPN_LOG_CLIPROTO("Transport SEND " << server_endpoint_render() << ' ' << Base::dump_packet(net_buf));
|
2012-02-06 21:39:10 +01:00
|
|
|
if (transport->transport_send_const(net_buf))
|
|
|
|
Base::update_last_sent();
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// proto base class calls here for app-level control-channel messages received
|
|
|
|
virtual void control_recv(BufferPtr& app_bp)
|
|
|
|
{
|
2012-11-14 03:35:50 +01:00
|
|
|
const std::string msg = Unicode::utf8_printable(Base::template read_control_string<std::string>(*app_bp),
|
|
|
|
Unicode::UTF8_FILTER);
|
|
|
|
|
2012-10-03 11:03:02 +02:00
|
|
|
//OPENVPN_LOG("SERVER: " << sanitize_control_message(msg));
|
2012-11-12 02:52:03 +01:00
|
|
|
|
2012-02-15 19:19:34 +01:00
|
|
|
if (!received_options.complete() && boost::algorithm::starts_with(msg, "PUSH_REPLY,"))
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
|
|
|
// parse the received options
|
2012-11-12 02:52:03 +01:00
|
|
|
received_options.add(OptionList::parse_from_csv_static(msg.substr(11), &pushed_options_limit));
|
2012-02-06 21:39:10 +01:00
|
|
|
if (received_options.complete())
|
|
|
|
{
|
|
|
|
// show options
|
2012-10-03 11:03:02 +02:00
|
|
|
OPENVPN_LOG("OPTIONS:" << std::endl << render_options_sanitized(received_options));
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// process auth-token
|
|
|
|
extract_auth_token(received_options);
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// modify proto config (cipher, auth, and compression methods)
|
2012-09-08 03:36:54 +02:00
|
|
|
Base::process_push(received_options, *proto_context_options);
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// initialize tun/routing
|
|
|
|
tun = tun_factory->new_client_obj(io_service, *this);
|
|
|
|
tun->client_start(received_options, *transport);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
OPENVPN_LOG("Options continuation...");
|
|
|
|
}
|
2012-02-15 19:19:34 +01:00
|
|
|
else if (boost::algorithm::starts_with(msg, "AUTH_FAILED"))
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-02-19 02:36:50 +01:00
|
|
|
fatal_ = Error::AUTH_FAILED;
|
2012-02-15 19:19:34 +01:00
|
|
|
if (msg.length() >= 13)
|
2012-02-19 02:36:50 +01:00
|
|
|
fatal_reason_ = boost::algorithm::trim_left_copy(std::string(msg, 12));
|
2012-02-07 12:37:35 +01:00
|
|
|
if (notify_callback)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
|
|
|
OPENVPN_LOG("AUTH_FAILED");
|
|
|
|
stop(true);
|
|
|
|
}
|
|
|
|
else
|
2012-02-07 12:37:35 +01:00
|
|
|
throw authentication_failed();
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
2012-03-31 18:08:20 +02:00
|
|
|
else if (ClientHalt::match(msg))
|
|
|
|
{
|
|
|
|
const ClientHalt ch(msg);
|
|
|
|
process_halt_restart(ch);
|
|
|
|
}
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
virtual void tun_pre_tun_config()
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::AssignIP();
|
|
|
|
cli_events->add_event(ev);
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
virtual void tun_pre_route_config()
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::AddRoutes();
|
|
|
|
cli_events->add_event(ev);
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
virtual void tun_connected()
|
|
|
|
{
|
|
|
|
OPENVPN_LOG("Connected via " + tun->tun_name());
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
ClientEvent::Connected::Ptr ev = new ClientEvent::Connected();
|
2012-02-28 00:00:29 +01:00
|
|
|
if (creds)
|
2012-03-01 09:11:00 +01:00
|
|
|
ev->user = creds->get_username();
|
2012-02-06 21:39:10 +01:00
|
|
|
transport->server_endpoint_info(ev->server_host, ev->server_port, ev->server_proto, ev->server_ip);
|
2012-10-03 11:03:02 +02:00
|
|
|
ev->vpn_ip4 = tun->vpn_ip4();
|
|
|
|
ev->vpn_ip6 = tun->vpn_ip6();
|
|
|
|
try {
|
2012-11-14 03:35:50 +01:00
|
|
|
std::string client_ip = received_options.get_optional("client-ip", 1, 256);
|
2012-10-07 10:57:41 +02:00
|
|
|
if (!client_ip.empty())
|
|
|
|
ev->client_ip = IP::Addr::validate(client_ip, "client-ip");
|
2012-10-03 11:03:02 +02:00
|
|
|
}
|
|
|
|
catch (const std::exception& e)
|
|
|
|
{
|
|
|
|
OPENVPN_LOG("Error parsing client-ip: " << e.what());
|
|
|
|
}
|
2012-02-06 21:39:10 +01:00
|
|
|
ev->tun_name = tun->tun_name();
|
|
|
|
cli_events->add_event(ev);
|
2012-02-07 12:37:35 +01:00
|
|
|
connected_ = true;
|
|
|
|
if (notify_callback)
|
|
|
|
notify_callback->client_proto_connected();
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-10-24 11:32:15 +02:00
|
|
|
virtual void tun_error(const Error::Type fatal_err, const std::string& err_text)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-10-24 11:32:15 +02:00
|
|
|
if (fatal_err != Error::UNDEF)
|
|
|
|
{
|
|
|
|
fatal_ = fatal_err;
|
|
|
|
fatal_reason_ = err_text;
|
|
|
|
}
|
2012-02-07 12:37:35 +01:00
|
|
|
if (notify_callback)
|
2012-02-04 11:24:54 +01:00
|
|
|
{
|
2012-10-24 11:32:15 +02:00
|
|
|
OPENVPN_LOG("TUN Error: " << err_text);
|
2012-02-06 21:39:10 +01:00
|
|
|
stop(true);
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
2012-02-06 21:39:10 +01:00
|
|
|
else
|
2012-10-24 11:32:15 +02:00
|
|
|
throw tun_exception(err_text);
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// proto base class calls here to get auth credentials
|
|
|
|
virtual void client_auth(Buffer& buf)
|
|
|
|
{
|
2012-02-28 00:00:29 +01:00
|
|
|
if (creds)
|
|
|
|
{
|
2012-03-01 09:11:00 +01:00
|
|
|
Base::write_auth_string(creds->get_username(), buf);
|
|
|
|
Base::write_auth_string(creds->get_password(), buf);
|
2012-02-28 00:00:29 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
Base::write_empty_string(buf); // username
|
|
|
|
Base::write_empty_string(buf); // password
|
|
|
|
}
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void send_push_request_callback(const boost::system::error_code& e)
|
|
|
|
{
|
|
|
|
try {
|
2012-02-07 21:52:40 +01:00
|
|
|
if (!e && !halt && !received_options.partial())
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
|
|
|
Base::update_now();
|
|
|
|
if (!sent_push_request)
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::GetConfig();
|
|
|
|
cli_events->add_event(ev);
|
|
|
|
sent_push_request = true;
|
|
|
|
}
|
|
|
|
OPENVPN_LOG("Sending PUSH_REQUEST to server...");
|
|
|
|
Base::write_control_string(std::string("PUSH_REQUEST"));
|
|
|
|
Base::flush(true);
|
|
|
|
set_housekeeping_timer();
|
|
|
|
schedule_push_request_callback(false);
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
2012-02-17 20:28:44 +01:00
|
|
|
catch (const std::exception& e)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-07-01 17:37:46 +02:00
|
|
|
process_exception(e, "send_push_request_callback");
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
void schedule_push_request_callback(bool short_time)
|
|
|
|
{
|
|
|
|
if (!received_options.partial())
|
|
|
|
{
|
|
|
|
push_request_timer.expires_at(now() + (short_time ? Time::Duration::seconds(1) : Time::Duration::seconds(3)));
|
|
|
|
push_request_timer.async_wait(asio_dispatch_timer(&Session::send_push_request_callback, this));
|
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
// base class calls here when primary session transitions to ACTIVE state
|
|
|
|
virtual void active()
|
|
|
|
{
|
|
|
|
OPENVPN_LOG("Session is ACTIVE");
|
|
|
|
schedule_push_request_callback(true);
|
|
|
|
}
|
|
|
|
|
|
|
|
void housekeeping_callback(const boost::system::error_code& e)
|
|
|
|
{
|
|
|
|
try {
|
2012-02-07 21:52:40 +01:00
|
|
|
if (!e && !halt)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
|
|
|
// update current time
|
|
|
|
Base::update_now();
|
|
|
|
|
|
|
|
housekeeping_schedule.reset();
|
|
|
|
Base::housekeeping();
|
|
|
|
if (Base::invalidated())
|
|
|
|
{
|
2012-02-07 12:37:35 +01:00
|
|
|
if (notify_callback)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
|
|
|
OPENVPN_LOG("Session invalidated");
|
|
|
|
stop(true);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
throw session_invalidated();
|
|
|
|
}
|
|
|
|
set_housekeeping_timer();
|
|
|
|
}
|
|
|
|
}
|
2012-02-17 20:28:44 +01:00
|
|
|
catch (const std::exception& e)
|
2012-02-04 11:24:54 +01:00
|
|
|
{
|
2012-07-01 17:37:46 +02:00
|
|
|
process_exception(e, "housekeeping_callback");
|
2012-02-06 21:39:10 +01:00
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
void set_housekeeping_timer()
|
|
|
|
{
|
|
|
|
Time next = Base::next_housekeeping();
|
|
|
|
if (!housekeeping_schedule.similar(next))
|
|
|
|
{
|
|
|
|
if (!next.is_infinite())
|
|
|
|
{
|
|
|
|
next.max(now());
|
|
|
|
housekeeping_schedule.reset(next);
|
|
|
|
housekeeping_timer.expires_at(next);
|
|
|
|
housekeeping_timer.async_wait(asio_dispatch_timer(&Session::housekeeping_callback, this));
|
|
|
|
}
|
|
|
|
else
|
2012-02-04 11:24:54 +01:00
|
|
|
{
|
2012-02-06 21:39:10 +01:00
|
|
|
housekeeping_timer.cancel();
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-01 17:37:46 +02:00
|
|
|
void process_exception(const std::exception& e, const char *method_name)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-02-07 12:37:35 +01:00
|
|
|
if (notify_callback)
|
2012-02-06 21:39:10 +01:00
|
|
|
{
|
2012-07-01 17:37:46 +02:00
|
|
|
OPENVPN_LOG("Client exception in " << method_name << ": " << e.what());
|
2012-02-06 21:39:10 +01:00
|
|
|
stop(true);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
throw client_exception(e.what());
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-03-31 18:08:20 +02:00
|
|
|
void process_halt_restart(const ClientHalt& ch)
|
|
|
|
{
|
|
|
|
if (ch.restart() && (ch.psid() || !creds || !creds->password_defined()))
|
|
|
|
fatal_ = Error::CLIENT_RESTART;
|
|
|
|
else
|
|
|
|
fatal_ = Error::CLIENT_HALT;
|
|
|
|
fatal_reason_ = ch.reason();
|
|
|
|
if (notify_callback)
|
|
|
|
{
|
|
|
|
OPENVPN_LOG("Client halt/restart: " << ch.render());
|
|
|
|
stop(true);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
throw client_halt_restart(ch.render());
|
|
|
|
}
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
#ifdef OPENVPN_PACKET_LOG
|
|
|
|
void log_packet(const Buffer& buf, const bool out)
|
|
|
|
{
|
|
|
|
if (buf.size())
|
|
|
|
{
|
|
|
|
boost::uint16_t len = buf.size() & 0x7FFF;
|
|
|
|
if (out)
|
|
|
|
len |= 0x8000;
|
|
|
|
packet_log.write((const char *)&len, sizeof(len));
|
|
|
|
packet_log.write((const char *)buf.c_data(), buf.size());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
boost::asio::io_service& io_service;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
TransportClientFactory::Ptr transport_factory;
|
|
|
|
TransportClient::Ptr transport;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
TunClientFactory::Ptr tun_factory;
|
|
|
|
TunClient::Ptr tun;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-07 12:37:35 +01:00
|
|
|
NotifyCallback* notify_callback;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
CoarseTime housekeeping_schedule;
|
|
|
|
AsioTimer housekeeping_timer;
|
|
|
|
AsioTimer push_request_timer;
|
2012-02-07 12:37:35 +01:00
|
|
|
bool halt;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
OptionListContinuation received_options;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-28 00:00:29 +01:00
|
|
|
ClientCreds::Ptr creds;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-09-08 03:36:54 +02:00
|
|
|
ProtoContextOptions::Ptr proto_context_options;
|
2012-09-05 03:09:34 +02:00
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
bool first_packet_received_;
|
|
|
|
bool sent_push_request;
|
2012-10-31 15:46:40 +01:00
|
|
|
|
|
|
|
SessionStats::Ptr cli_stats;
|
2012-02-06 21:39:10 +01:00
|
|
|
ClientEvent::Queue::Ptr cli_events;
|
2012-02-04 11:24:54 +01:00
|
|
|
|
2012-02-07 12:37:35 +01:00
|
|
|
bool connected_;
|
2012-02-19 02:36:50 +01:00
|
|
|
|
|
|
|
Error::Type fatal_;
|
|
|
|
std::string fatal_reason_;
|
|
|
|
|
2012-11-12 02:52:03 +01:00
|
|
|
OptionList::Limits pushed_options_limit;
|
2012-02-07 12:37:35 +01:00
|
|
|
|
2012-02-04 11:24:54 +01:00
|
|
|
#ifdef OPENVPN_PACKET_LOG
|
2012-02-06 21:39:10 +01:00
|
|
|
std::ofstream packet_log;
|
2012-02-04 11:24:54 +01:00
|
|
|
#endif
|
2012-02-06 21:39:10 +01:00
|
|
|
};
|
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|