Implemented as in openvpn2.
If --management option includes "stdin",
client immediately prompts for password.
When there is incoming OMI connection, client
prompts for password and, if it doesn't match
the one entered via stdin, closes OMI connection.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Previously, all listener sockets were configured with both
reuseaddr and reuseport. reuseaddr is reasonable to use as
a default, but reuseport should only be used when different
threads are listening on the same local port/address for
load-balancing purposes.
This patch adds two new socket option flags DISABLE_REUSE_ADDR
and REUSE_PORT, to provide finer-grained control over
these options.
Signed-off-by: James Yonan <james@openvpn.net>
As noted in the Asio documentation, an AsioTimer handler can be
called with a non-error status after timer cancellation.
Unfortunately, this can lead to race conditions, so I'm moving over
all AsioTimer users to AsioTimerSafe when I don't see the handler
clearly checking for late cancellation.
Signed-off-by: James Yonan <james@openvpn.net>
To support asynchronous command response, the virtual
method omi_command_in() should now return a boolean.
When omi_command_in() returns false, synchronous mode
is chosen (the previous default). This means that
omi_command_in() must emit "SUCCESS: ..." or
"ERROR: ..." before it returns.
When omi_command_in() returns true, the new asynchronous
mode is chosen, and omi_command_in() may return before
emitting SUCCESS or ERROR. In this mode, OMICore will
pause the incoming command pipeline and not make any
further calls to omi_command_in() until
OMICore::async_done() is called.
Signed-off-by: James Yonan <james@openvpn.net>
A common AsioTimer usage pattern is:
expires_at(Time::now() + duration)
This is more succinctly and efficiently stated as:
expires_after(duration).
Signed-off-by: James Yonan <james@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
This commit includes:
* Added ASIO=1 to many "go" scripts that require asio
* Renamed "asio::" to "openvpn_io::".
Signed-off-by: James Yonan <james@openvpn.net>
Could benefit from some minor modifications to
python client backend and tray app:
* Client backend and ovpn3 both implement connection timeout.
Client backend should defer to the ovpn3 implementation.
* Client backend and ovpn3 both implement DNS server config
and SystemConfiguration event sent to
'Setup:/Network/Global/IPv4' for 'VPN up'.
Client backend should defer to the ovpn3 implementation.
* Ensure that system state changes (sleep, wakeup, network
roam, fast user switching, etc.) don't cause conflicts
between client backend and ovpn3 core both trying to
implement similar functionality.
* Tray app should render error detail in >FATAL: messages.
Right now tray raises a Disconnected notification but
loses any error detail.
