* Where unicode/ansi versions of a method exist, always
explicitly call one of unicode or ansi methods by
appending a 'W' or 'A' to the end of the method name.
Never omit the 'W' or 'A' because that will cause the
default method to be used which may vary according to
build flags.
* Prepend all Windows API method references with "::" to
indicate that the method names should be resolved from
the top-level namespace.
Win::Service -- A Windows Service wrapper.
Win::LogFile -- a LogBase derivative that allows logging
to a natively created and handled file.
Win::module_name() -- Get the module name as a
std::wstring.
Win::module_name_utf8() -- Get the module name as a UTF-8
string.
This class can be used by pgproxy to operate on listeners
no matter their actual implementation.
This way pgproxy can support different listeners at the
same time.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Previously, all listener sockets were configured with both
reuseaddr and reuseport. reuseaddr is reasonable to use as
a default, but reuseport should only be used when different
threads are listening on the same local port/address for
load-balancing purposes.
This patch adds two new socket option flags DISABLE_REUSE_ADDR
and REUSE_PORT, to provide finer-grained control over
these options.
Signed-off-by: James Yonan <james@openvpn.net>
As noted in the Asio documentation, an AsioTimer handler can be
called with a non-error status after timer cancellation.
Unfortunately, this can lead to race conditions, so I'm moving over
all AsioTimer users to AsioTimerSafe when I don't see the handler
clearly checking for late cancellation.
Signed-off-by: James Yonan <james@openvpn.net>
The walk() method calls a caller-defined function on all
of the active client instance objects bound to the listener.
Signed-off-by: James Yonan <james@openvpn.net>
Child classes may want to operate on a received buffer, before it is
passed down the stack. This can be useful when the Proxy Protocol
parser wants to parse and wipe its header.
Make it a virtual method so that it can be overridden by child classes
where higher level logic are implemented.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This class can be used by pgproxy to operate on listeners
no matter their actual implementation.
This way pgproxy can support different listeners at the
same time.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Alt Routing allows services on meshed PG nodes to communicate
with services on other nodes via the secure mesh, and without
requiring SSL.
Signed-off-by: James Yonan <james@openvpn.net>
* Cancel general timeouts for websockets
* CoarseTimer must always be reset when its associated
AsioTimer is cancelled.
Signed-off-by: James Yonan <james@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
This commit includes:
* Added ASIO=1 to many "go" scripts that require asio
* Renamed "asio::" to "openvpn_io::".
Signed-off-by: James Yonan <james@openvpn.net>
This is to prevent attacks where a large number of very
small messages (such as 1 byte each) are sent to the
server to force it to consume more memory than the
max_content_bytes limit would normally allow.
Both Client/Server side:
1. Support asynchronous sending of content via
set_async_out() and http_content_out_finish()
methods and http_content_out_needed() callback.
2. Added ContentInfo::extra_headers for caller-defined
extra HTTP headers.
3. Made ContentInfo::CHUNKED into a constexpr
type to match ContentInfo::length member var.
4. Set FD_CLOEXEC on socket.
5. Added remote_ip_port() method to allow remote IP
address and port of socket to be obtained.
Client side:
1. In Host, added hint string to override transport host
when a specific IP address should be used for host
instead of resolving host via DNS.
2. Added Host::host_port_str() method.
3. Make general_timeout work like a true timeout, where
traffic resets the timer (this is how server-side
already works).
4. Added new method remote_endpoint_str() to match
the same method on server-side.
5. Added new method host_hint() to return the current Host
object, but set the hint/port fields to the live
remote IP address/port of the connection.
6. Added new callback http_mutate_resolver_results() to
allow user to modify the order of endpoint list returned
by resolver.
Server side:
1. Make content_len_t into a 64-bit signed int since one
of its possible values is -1 for CHUNKED.
2. Added ContentInfo::no_cache member var to trigger headers
telling clients to not cache the content.
3. Added Factory::stop() virtual method for users to
optionally override.
4. Made get_client_id() method public.
5. Fixed issue where code that allocates a client_id
wasn't actually calling new_client_id().
* HTTP client and server now support unix domain sockets
via AsioPolySock abstraction.
* HTTP server now supports Basic auth credentials.
* HTTP server now supports peercred authentication
over unix domain sockets.
* HTTP server now supports file creation permission
bits on unix domain socket.
* Added udstest tool to test HTTP client over unix domain
sockets.
* Moved ASIO resolver object out of connection-scoped
PortShare and into thread-scoped ThreadSpecific.
* Fixed issue where delayed release of proxy socket and/or
resolver was causing termination delays.
* Fixed issue where HTTP server did not detect
mid-session client disconnect.
* Implement parent_handoff (for proxies).
* Improved handling of residual content, allowing
HTTP 1.1 pipelining to be supported.
In WS::Server::Listener::Client::Initializer, save the
socket in a ScopedPtr, for safety against possible leaks.
This requires that users of Initializer declare it as
non-const rather than const.
Before the OpenSSL 1.1 conversion, we used HMAC_CTX as a field and the
variable initalised to signal if it is initialised. Since it
got converted to a pointer with OpenSSL 1.1 we can remove the
initialised variable just check if ctx != nullptr if it is initialised.
HMAC_CTX_free is (like free()) also allowed on a nullptr.
This also fixes a ctx might not be initialised warning on Fedora 31
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Since the memory layout of the IPAddr class has the field ver behind
the union of u.v4 and u.v6, the whole u is always guaranteed to be
valid and can be copied. This avoid the compiler warning that
u.v6[1] might be undefined.
Also initialise the union u by default.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
If HTTPCLI_RANDOMIZE_RESULTS_REQUIRED is defined, cause a compile-time
error if Asio is not compiled with results.randomize() method.
If HTTPCLI_RANDOMIZE_RESULTS_REQUIRED is NOT defined, opportunistically
compile results.randomize() usage only if available in Asio.
Signed-off-by: James Yonan <james@openvpn.net>
Introduce new
- ERR_PROFILE_FILE_IS_BINARY
- ERR_PROFILE_OPTION
error codes.
Also use "ERR_PROFILE_FILE_TOO_LARGE"
when generic was erronrously used.
Fixes OVPN3-523.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
The file is used like a header in all its uses. Having it being a .c
file is a lot more difficult to handle with modern build systems
(cherry picked from master commit 99adaa0e88)
Signed-off-by: David Sommerseth <davids@openvpn.net>
This is used to enable connectivity to a different remote
when force-tunneling is used and current VPN connection is broken.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This method generates /sbin/route commands which
create and delete bypass route for given host.
It is needed to enable connectivity to a different remote
when force-tunneling is used and current VPN connection is broken.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Our OpenSSL init code depends on calling the OpenSSL init code
from ASIO. Fortunately that init code is no longer needed with
OpenSSL 1.1.0+, so remove the call and dependency when we are
using OpenSSL 1.1.0+
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Implemented as in openvpn2.
If --management option includes "stdin",
client immediately prompts for password.
When there is incoming OMI connection, client
prompts for password and, if it doesn't match
the one entered via stdin, closes OMI connection.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
* HTTP client and server now support unix domain sockets
via AsioPolySock abstraction.
* HTTP server now supports Basic auth credentials.
* HTTP server now supports peercred authentication
over unix domain sockets.
* HTTP server now supports file creation permission
bits on unix domain socket.
* Added udstest tool to test HTTP client over unix domain
sockets.
The original commit has some unintended side effects
that break server-side code.
This commit tries a different approach: do an early
return from http_in() when buffer size is zero.
Signed-off-by: James Yonan <james@openvpn.net>
I observed a case where http_in() (running as a client) called
parent().base_http_done_handler() twice for the same transaction!
Normally the 'ready' var blocks this sort of behavior, but with
a high-speed persistent session, the 'ready' var can transition
so quickly as to create a window for a double-done race.
The fix is to use a more robust filter against unsolicited input
after base_http_done_handler() is called by setting rr_status to
REQUEST_REPLY::Parser::undefined. This value is never matched
in httpcommon, so it effectively turns http_in() into a no-op when
set.
There is also the question of whether unsolicited input should
be considered a fatal error on a persistent session. It probably
should, but this fix focuses on a corner case where http_in()
is called with a zero-length buffer, presumably from the SSL/TLS
layer.
Signed-off-by: James Yonan <james@openvpn.net>
At debug_level 1, only show timeouts if they occur
within a request/reply transaction, not if they
are triggered outside of a transaction by the
expiration of keepalive.
Signed-off-by: James Yonan <james@openvpn.net>
Because pgapi and ccds use this method as an anti-DoS measure,
it means that POSTS of > 4096 bytes that fail authentication
would permanently lower the future max POST size to 4096 bytes
until server restart.
This is to prevent attacks where a large number of very
small messages (such as 1 byte each) are sent to the
server to force it to consume more memory than the
max_content_bytes limit would normally allow.
Both Client/Server side:
1. Support asynchronous sending of content via
set_async_out() and http_content_out_finish()
methods and http_content_out_needed() callback.
2. Added ContentInfo::extra_headers for caller-defined
extra HTTP headers.
3. Made ContentInfo::CHUNKED into a constexpr
type to match ContentInfo::length member var.
4. Set FD_CLOEXEC on socket.
5. Added remote_ip_port() method to allow remote IP
address and port of socket to be obtained.
Client side:
1. In Host, added hint string to override transport host
when a specific IP address should be used for host
instead of resolving host via DNS.
2. Added Host::host_port_str() method.
3. Make general_timeout work like a true timeout, where
traffic resets the timer (this is how server-side
already works).
4. Added new method remote_endpoint_str() to match
the same method on server-side.
5. Added new method host_hint() to return the current Host
object, but set the hint/port fields to the live
remote IP address/port of the connection.
6. Added new callback http_mutate_resolver_results() to
allow user to modify the order of endpoint list returned
by resolver.
Server side:
1. Make content_len_t into a 64-bit signed int since one
of its possible values is -1 for CHUNKED.
2. Added ContentInfo::no_cache member var to trigger headers
telling clients to not cache the content.
3. Added Factory::stop() virtual method for users to
optionally override.
4. Made get_client_id() method public.
5. Fixed issue where code that allocates a client_id
wasn't actually calling new_client_id().
* Fixed issue where HTTP server did not detect
mid-session client disconnect.
* Implement parent_handoff (for proxies).
* Improved handling of residual content, allowing
HTTP 1.1 pipelining to be supported.
As noted in the Asio documentation, an AsioTimer handler can be
called with a non-error status after timer cancellation.
Unfortunately, this can lead to race conditions, so I'm moving over
all AsioTimer users to AsioTimerSafe when I don't see the handler
clearly checking for late cancellation.
Signed-off-by: James Yonan <james@openvpn.net>
Sometimes when machine wakes from sleep,
it takes too long for agent service to start. This causes
an error which core treats as fatal and stops connection.
Fix by detecting timeout and throw non-fatal error, which
makes core reconnect.
Signed-off-by: Lev Stipakov <lev@openvpn.net>