1 /* 2 * OpenVPN -- An application to securely tunnel IP networks 3 * over a single UDP port, with support for SSL/TLS-based 4 * session authentication and key exchange, 5 * packet encryption, packet authentication, and 6 * packet compression. 7 * 8 * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License along 20 * with this program; if not, write to the Free Software Foundation, Inc., 21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 22 */ 23 24 /* 25 * 2004-01-28: Added Socks5 proxy support 26 * (Christof Meerwald, http://cmeerw.org) 27 */ 28 29 #ifndef OPTIONS_H 30 #define OPTIONS_H 31 32 #include "basic.h" 33 #include "common.h" 34 #include "mtu.h" 35 #include "route.h" 36 #include "tun.h" 37 #include "socket.h" 38 #include "plugin.h" 39 #include "manage.h" 40 #include "proxy.h" 41 #include "comp.h" 42 #include "pushlist.h" 43 #include "clinat.h" 44 #include "crypto_backend.h" 45 46 47 /* 48 * Maximum number of parameters associated with an option, 49 * including the option name itself. 50 */ 51 #define MAX_PARMS 16 52 53 /* 54 * Max size of options line and parameter. 55 */ 56 #define OPTION_PARM_SIZE 256 57 #define OPTION_LINE_SIZE 256 58 59 extern const char title_string[]; 60 61 #if P2MP 62 63 /* certain options are saved before --pull modifications are applied */ 64 struct options_pre_pull 65 { 66 bool tuntap_options_defined; 67 struct tuntap_options tuntap_options; 68 69 bool routes_defined; 70 struct route_option_list *routes; 71 72 bool routes_ipv6_defined; 73 struct route_ipv6_option_list *routes_ipv6; 74 75 const char *route_default_gateway; 76 const char *route_ipv6_default_gateway; 77 78 bool client_nat_defined; 79 struct client_nat_option_list *client_nat; 80 81 int ping_send_timeout; 82 int ping_rec_timeout; 83 int ping_rec_timeout_action; 84 85 int foreign_option_index; 86 }; 87 88 #endif 89 #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS) 90 #error "At least one of OpenSSL or mbed TLS needs to be defined." 91 #endif 92 93 struct connection_entry 94 { 95 int proto; 96 sa_family_t af; 97 const char *local_port; 98 bool local_port_defined; 99 const char *remote_port; 100 const char *local; 101 const char *remote; 102 bool remote_float; 103 bool bind_defined; 104 bool bind_ipv6_only; 105 bool bind_local; 106 int connect_retry_seconds; 107 int connect_retry_seconds_max; 108 int connect_timeout; 109 struct http_proxy_options *http_proxy_options; 110 const char *socks_proxy_server; 111 const char *socks_proxy_port; 112 const char *socks_proxy_authfile; 113 114 int tun_mtu; /* MTU of tun device */ 115 bool tun_mtu_defined; /* true if user overriding parm with command line option */ 116 int tun_mtu_extra; 117 bool tun_mtu_extra_defined; 118 int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */ 119 bool link_mtu_defined; /* true if user overriding parm with command line option */ 120 121 /* Advanced MTU negotiation and datagram fragmentation options */ 122 int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */ 123 124 int fragment; /* internal fragmentation size */ 125 int mssfix; /* Upper bound on TCP MSS */ 126 bool mssfix_default; /* true if --mssfix was supplied without a parameter */ 127 128 int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT or [RESTART] message */ 129 130 #define CE_DISABLED (1<<0) 131 #define CE_MAN_QUERY_PROXY (1<<1) 132 #define CE_MAN_QUERY_REMOTE_UNDEF 0 133 #define CE_MAN_QUERY_REMOTE_QUERY 1 134 #define CE_MAN_QUERY_REMOTE_ACCEPT 2 135 #define CE_MAN_QUERY_REMOTE_MOD 3 136 #define CE_MAN_QUERY_REMOTE_SKIP 4 137 #define CE_MAN_QUERY_REMOTE_MASK (0x07) 138 #define CE_MAN_QUERY_REMOTE_SHIFT (2) 139 unsigned int flags; 140 141 /* Shared secret used for TLS control channel authentication */ 142 const char *tls_auth_file; 143 bool tls_auth_file_inline; 144 int key_direction; 145 146 /* Shared secret used for TLS control channel authenticated encryption */ 147 const char *tls_crypt_file; 148 bool tls_crypt_file_inline; 149 150 /* Client-specific secret or server key used for TLS control channel 151 * authenticated encryption v2 */ 152 const char *tls_crypt_v2_file; 153 bool tls_crypt_v2_file_inline; 154 }; 155 156 struct remote_entry 157 { 158 const char *remote; 159 const char *remote_port; 160 int proto; 161 sa_family_t af; 162 }; 163 164 #define CONNECTION_LIST_SIZE 64 165 166 struct connection_list 167 { 168 int len; 169 int current; 170 struct connection_entry *array[CONNECTION_LIST_SIZE]; 171 }; 172 173 struct remote_list 174 { 175 int len; 176 struct remote_entry *array[CONNECTION_LIST_SIZE]; 177 }; 178 179 enum vlan_acceptable_frames 180 { 181 VLAN_ONLY_TAGGED, 182 VLAN_ONLY_UNTAGGED_OR_PRIORITY, 183 VLAN_ALL, 184 }; 185 186 struct remote_host_store 187 { 188 #define RH_HOST_LEN 80 189 char host[RH_HOST_LEN]; 190 #define RH_PORT_LEN 20 191 char port[RH_PORT_LEN]; 192 }; 193 194 enum genkey_type { 195 GENKEY_SECRET, 196 GENKEY_TLS_CRYPTV2_CLIENT, 197 GENKEY_TLS_CRYPTV2_SERVER, 198 GENKEY_AUTH_TOKEN 199 }; 200 201 /* Command line options */ 202 struct options 203 { 204 struct gc_arena gc; 205 bool gc_owned; 206 207 /* first config file */ 208 const char *config; 209 210 /* major mode */ 211 #define MODE_POINT_TO_POINT 0 212 #define MODE_SERVER 1 213 int mode; 214 215 /* enable forward compatibility for post-2.1 features */ 216 bool forward_compatible; 217 /* list of options that should be ignored even if unknown */ 218 const char **ignore_unknown_option; 219 220 /* persist parms */ 221 bool persist_config; 222 int persist_mode; 223 224 const char *key_pass_file; 225 bool show_ciphers; 226 bool show_digests; 227 bool show_engines; 228 bool show_tls_ciphers; 229 bool show_curves; 230 bool genkey; 231 enum genkey_type genkey_type; 232 const char *genkey_filename; 233 const char *genkey_extra_data; 234 235 /* Networking parms */ 236 int connect_retry_max; 237 struct connection_entry ce; 238 struct connection_list *connection_list; 239 240 struct remote_list *remote_list; 241 /* Do not advanced the connection or remote addr list*/ 242 bool no_advance; 243 /* Counts the number of unsuccessful connection attempts */ 244 unsigned int unsuccessful_attempts; 245 246 #if ENABLE_MANAGEMENT 247 struct http_proxy_options *http_proxy_override; 248 #endif 249 250 struct remote_host_store *rh_store; 251 252 bool remote_random; 253 const char *ipchange; 254 const char *dev; 255 const char *dev_type; 256 const char *dev_node; 257 const char *lladdr; 258 int topology; /* one of the TOP_x values from proto.h */ 259 const char *ifconfig_local; 260 const char *ifconfig_remote_netmask; 261 const char *ifconfig_ipv6_local; 262 int ifconfig_ipv6_netbits; 263 const char *ifconfig_ipv6_remote; 264 bool ifconfig_noexec; 265 bool ifconfig_nowarn; 266 #ifdef ENABLE_FEATURE_SHAPER 267 int shaper; 268 #endif 269 270 int proto_force; 271 272 bool mtu_test; 273 274 #ifdef ENABLE_MEMSTATS 275 char *memstats_fn; 276 #endif 277 278 bool mlock; 279 280 int keepalive_ping; /* a proxy for ping/ping-restart */ 281 int keepalive_timeout; 282 283 int inactivity_timeout; /* --inactive */ 284 int64_t inactivity_minimum_bytes; 285 286 int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */ 287 int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */ 288 bool ping_timer_remote; /* Run ping timer only if we have a remote address */ 289 290 #define PING_UNDEF 0 291 #define PING_EXIT 1 292 #define PING_RESTART 2 293 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */ 294 295 bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */ 296 bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */ 297 bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */ 298 bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */ 299 300 #if PASSTOS_CAPABILITY 301 bool passtos; 302 #endif 303 304 int resolve_retry_seconds; /* If hostname resolve fails, retry for n seconds */ 305 bool resolve_in_advance; 306 const char *ip_remote_hint; 307 308 struct tuntap_options tuntap_options; 309 310 /* Misc parms */ 311 const char *username; 312 const char *groupname; 313 const char *chroot_dir; 314 const char *cd_dir; 315 #ifdef ENABLE_SELINUX 316 char *selinux_context; 317 #endif 318 const char *writepid; 319 const char *up_script; 320 const char *down_script; 321 bool user_script_used; 322 bool down_pre; 323 bool up_delay; 324 bool up_restart; 325 bool daemon; 326 327 int remap_sigusr1; 328 329 /* inetd modes defined in socket.h */ 330 int inetd; 331 332 bool log; 333 bool suppress_timestamps; 334 bool machine_readable_output; 335 int nice; 336 int verbosity; 337 int mute; 338 339 #ifdef ENABLE_DEBUG 340 int gremlin; 341 #endif 342 343 const char *status_file; 344 int status_file_version; 345 int status_file_update_freq; 346 347 /* optimize TUN/TAP/UDP writes */ 348 bool fast_io; 349 350 #ifdef USE_COMP 351 struct compress_options comp; 352 #endif 353 354 /* buffer sizes */ 355 int rcvbuf; 356 int sndbuf; 357 358 /* mark value */ 359 int mark; 360 char *bind_dev; 361 362 /* socket flags */ 363 unsigned int sockflags; 364 365 /* route management */ 366 const char *route_script; 367 const char *route_predown_script; 368 const char *route_default_gateway; 369 const char *route_ipv6_default_gateway; 370 int route_default_metric; 371 bool route_noexec; 372 int route_delay; 373 int route_delay_window; 374 bool route_delay_defined; 375 struct route_option_list *routes; 376 struct route_ipv6_option_list *routes_ipv6; /* IPv6 */ 377 bool block_ipv6; 378 bool route_nopull; 379 bool route_gateway_via_dhcp; 380 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */ 381 struct client_nat_option_list *client_nat; 382 383 /* Enable options consistency check between peers */ 384 bool occ; 385 386 #ifdef ENABLE_MANAGEMENT 387 const char *management_addr; 388 const char *management_port; 389 const char *management_user_pass; 390 int management_log_history_cache; 391 int management_echo_buffer_size; 392 int management_state_buffer_size; 393 const char *management_write_peer_info_file; 394 395 const char *management_client_user; 396 const char *management_client_group; 397 398 /* Mask of MF_ values of manage.h */ 399 unsigned int management_flags; 400 const char *management_certificate; 401 #endif 402 403 #ifdef ENABLE_PLUGIN 404 struct plugin_option_list *plugin_list; 405 #endif 406 407 408 409 #if P2MP 410 411 /* the tmp dir is for now only used in the P2P server context */ 412 const char *tmp_dir; 413 bool server_defined; 414 in_addr_t server_network; 415 in_addr_t server_netmask; 416 bool server_ipv6_defined; /* IPv6 */ 417 struct in6_addr server_network_ipv6; /* IPv6 */ 418 unsigned int server_netbits_ipv6; /* IPv6 */ 419 420 #define SF_NOPOOL (1<<0) 421 #define SF_TCP_NODELAY_HELPER (1<<1) 422 #define SF_NO_PUSH_ROUTE_GATEWAY (1<<2) 423 unsigned int server_flags; 424 425 bool server_bridge_proxy_dhcp; 426 427 bool server_bridge_defined; 428 in_addr_t server_bridge_ip; 429 in_addr_t server_bridge_netmask; 430 in_addr_t server_bridge_pool_start; 431 in_addr_t server_bridge_pool_end; 432 433 struct push_list push_list; 434 bool ifconfig_pool_defined; 435 in_addr_t ifconfig_pool_start; 436 in_addr_t ifconfig_pool_end; 437 in_addr_t ifconfig_pool_netmask; 438 const char *ifconfig_pool_persist_filename; 439 int ifconfig_pool_persist_refresh_freq; 440 441 bool ifconfig_ipv6_pool_defined; /* IPv6 */ 442 struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */ 443 int ifconfig_ipv6_pool_netbits; /* IPv6 */ 444 445 int real_hash_size; 446 int virtual_hash_size; 447 const char *client_connect_script; 448 const char *client_disconnect_script; 449 const char *learn_address_script; 450 const char *client_config_dir; 451 bool ccd_exclusive; 452 bool disable; 453 int n_bcast_buf; 454 int tcp_queue_limit; 455 struct iroute *iroutes; 456 struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */ 457 bool push_ifconfig_defined; 458 in_addr_t push_ifconfig_local; 459 in_addr_t push_ifconfig_remote_netmask; 460 in_addr_t push_ifconfig_local_alias; 461 bool push_ifconfig_constraint_defined; 462 in_addr_t push_ifconfig_constraint_network; 463 in_addr_t push_ifconfig_constraint_netmask; 464 bool push_ifconfig_ipv4_blocked; /* IPv4 */ 465 bool push_ifconfig_ipv6_defined; /* IPv6 */ 466 struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */ 467 int push_ifconfig_ipv6_netbits; /* IPv6 */ 468 struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */ 469 bool push_ifconfig_ipv6_blocked; /* IPv6 */ 470 bool enable_c2c; 471 bool duplicate_cn; 472 int cf_max; 473 int cf_per; 474 int max_clients; 475 int max_routes_per_client; 476 int stale_routes_check_interval; 477 int stale_routes_ageing_time; 478 479 const char *auth_user_pass_verify_script; 480 bool auth_user_pass_verify_script_via_file; 481 bool auth_token_generate; 482 bool auth_token_gen_secret_file; 483 bool auth_token_call_auth; 484 int auth_token_lifetime; 485 const char *auth_token_secret_file; 486 bool auth_token_secret_file_inline; 487 488 #if PORT_SHARE 489 char *port_share_host; 490 char *port_share_port; 491 const char *port_share_journal_dir; 492 #endif 493 494 bool client; 495 bool pull; /* client pull of config options from server */ 496 int push_continuation; 497 unsigned int push_option_types_found; 498 const char *auth_user_pass_file; 499 struct options_pre_pull *pre_pull; 500 501 int scheduled_exit_interval; 502 503 #ifdef ENABLE_MANAGEMENT 504 struct static_challenge_info sc_info; 505 #endif 506 #endif /* if P2MP */ 507 508 /* Cipher parms */ 509 const char *shared_secret_file; 510 bool shared_secret_file_inline; 511 int key_direction; 512 const char *ciphername; 513 bool enable_ncp_fallback; /**< If defined fall back to 514 * ciphername if NCP fails */ 515 bool ncp_enabled; 516 const char *ncp_ciphers; 517 const char *authname; 518 int keysize; 519 const char *prng_hash; 520 int prng_nonce_secret_len; 521 const char *engine; 522 bool replay; 523 bool mute_replay_warnings; 524 int replay_window; 525 int replay_time; 526 const char *packet_id_file; 527 bool test_crypto; 528 #ifdef ENABLE_PREDICTION_RESISTANCE 529 bool use_prediction_resistance; 530 #endif 531 532 /* TLS (control channel) parms */ 533 bool tls_server; 534 bool tls_client; 535 const char *ca_file; 536 bool ca_file_inline; 537 const char *ca_path; 538 const char *dh_file; 539 bool dh_file_inline; 540 const char *cert_file; 541 bool cert_file_inline; 542 const char *extra_certs_file; 543 bool extra_certs_file_inline; 544 const char *priv_key_file; 545 bool priv_key_file_inline; 546 const char *pkcs12_file; 547 bool pkcs12_file_inline; 548 const char *cipher_list; 549 const char *cipher_list_tls13; 550 const char *tls_groups; 551 const char *tls_cert_profile; 552 const char *ecdh_curve; 553 const char *tls_verify; 554 int verify_x509_type; 555 const char *verify_x509_name; 556 const char *tls_export_cert; 557 const char *crl_file; 558 bool crl_file_inline; 559 560 int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */ 561 unsigned remote_cert_ku[MAX_PARMS]; 562 const char *remote_cert_eku; 563 uint8_t *verify_hash; 564 hash_algo_type verify_hash_algo; 565 unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */ 566 567 #ifdef ENABLE_PKCS11 568 const char *pkcs11_providers[MAX_PARMS]; 569 unsigned pkcs11_private_mode[MAX_PARMS]; 570 bool pkcs11_protected_authentication[MAX_PARMS]; 571 bool pkcs11_cert_private[MAX_PARMS]; 572 int pkcs11_pin_cache_period; 573 const char *pkcs11_id; 574 bool pkcs11_id_management; 575 #endif 576 577 #ifdef ENABLE_CRYPTOAPI 578 const char *cryptoapi_cert; 579 #endif 580 /* Per-packet timeout on control channel */ 581 int tls_timeout; 582 583 /* Data channel key renegotiation parameters */ 584 int renegotiate_bytes; 585 int renegotiate_packets; 586 int renegotiate_seconds; 587 int renegotiate_seconds_min; 588 589 /* Data channel key handshake must finalize 590 * within n seconds of handshake initiation. */ 591 int handshake_window; 592 593 #ifdef ENABLE_X509ALTUSERNAME 594 /* Field used to be the username in X509 cert. */ 595 char *x509_username_field; 596 #endif 597 598 /* Old key allowed to live n seconds after new key goes active */ 599 int transition_window; 600 601 /* Shared secret used for TLS control channel authentication */ 602 const char *tls_auth_file; 603 bool tls_auth_file_inline; 604 605 /* Shared secret used for TLS control channel authenticated encryption */ 606 const char *tls_crypt_file; 607 bool tls_crypt_file_inline; 608 609 /* Client-specific secret or server key used for TLS control channel 610 * authenticated encryption v2 */ 611 const char *tls_crypt_v2_file; 612 bool tls_crypt_v2_file_inline; 613 614 const char *tls_crypt_v2_metadata; 615 616 const char *tls_crypt_v2_verify_script; 617 618 /* Allow only one session */ 619 bool single_session; 620 621 bool push_peer_info; 622 623 bool tls_exit; 624 625 const struct x509_track *x509_track; 626 627 /* special state parms */ 628 int foreign_option_index; 629 630 #ifdef _WIN32 631 HANDLE msg_channel; 632 const char *exit_event_name; 633 bool exit_event_initial_state; 634 bool show_net_up; 635 int route_method; 636 bool block_outside_dns; 637 enum windows_driver_type windows_driver; 638 #endif 639 640 bool use_peer_id; 641 uint32_t peer_id; 642 643 #ifdef HAVE_EXPORT_KEYING_MATERIAL 644 /* Keying Material Exporters [RFC 5705] */ 645 const char *keying_material_exporter_label; 646 int keying_material_exporter_length; 647 #endif 648 649 bool vlan_tagging; 650 enum vlan_acceptable_frames vlan_accept; 651 uint16_t vlan_pvid; 652 653 struct pull_filter_list *pull_filter_list; 654 655 /* Useful when packets sent by openvpn itself are not subject 656 * to the routing tables that would move packets into the tunnel. */ 657 bool allow_recursive_routing; 658 }; 659 660 #define streq(x, y) (!strcmp((x), (y))) 661 662 /* 663 * Option classes. 664 */ 665 #define OPT_P_GENERAL (1<<0) 666 #define OPT_P_UP (1<<1) 667 #define OPT_P_ROUTE (1<<2) 668 #define OPT_P_IPWIN32 (1<<3) 669 #define OPT_P_SCRIPT (1<<4) 670 #define OPT_P_SETENV (1<<5) 671 #define OPT_P_SHAPER (1<<6) 672 #define OPT_P_TIMER (1<<7) 673 #define OPT_P_PERSIST (1<<8) 674 #define OPT_P_PERSIST_IP (1<<9) 675 #define OPT_P_COMP (1<<10) /* TODO */ 676 #define OPT_P_MESSAGES (1<<11) 677 #define OPT_P_NCP (1<<12) /**< Negotiable crypto parameters */ 678 #define OPT_P_TLS_PARMS (1<<13) /* TODO */ 679 #define OPT_P_MTU (1<<14) /* TODO */ 680 #define OPT_P_NICE (1<<15) 681 #define OPT_P_PUSH (1<<16) 682 #define OPT_P_INSTANCE (1<<17) /**< allowed in ccd, client-connect etc*/ 683 #define OPT_P_CONFIG (1<<18) 684 #define OPT_P_EXPLICIT_NOTIFY (1<<19) 685 #define OPT_P_ECHO (1<<20) 686 #define OPT_P_INHERIT (1<<21) 687 #define OPT_P_ROUTE_EXTRAS (1<<22) 688 #define OPT_P_PULL_MODE (1<<23) 689 #define OPT_P_PLUGIN (1<<24) 690 #define OPT_P_SOCKBUF (1<<25) 691 #define OPT_P_SOCKFLAGS (1<<26) 692 #define OPT_P_CONNECTION (1<<27) 693 #define OPT_P_PEER_ID (1<<28) 694 #define OPT_P_INLINE (1<<29) 695 696 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE)) 697 698 #if P2MP 699 #define PULL_DEFINED(opt) ((opt)->pull) 700 #define PUSH_DEFINED(opt) ((opt)->push_list) 701 #endif 702 703 #ifndef PULL_DEFINED 704 #define PULL_DEFINED(opt) (false) 705 #endif 706 707 #ifndef PUSH_DEFINED 708 #define PUSH_DEFINED(opt) (false) 709 #endif 710 711 #ifdef _WIN32 712 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK) 713 #else 714 #define ROUTE_OPTION_FLAGS(o) (0) 715 #endif 716 717 #ifdef ENABLE_FEATURE_SHAPER 718 #define SHAPER_DEFINED(opt) ((opt)->shaper) 719 #else 720 #define SHAPER_DEFINED(opt) (false) 721 #endif 722 723 #ifdef ENABLE_PLUGIN 724 #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list) 725 #else 726 #define PLUGIN_OPTION_LIST(opt) (NULL) 727 #endif 728 729 #ifdef MANAGEMENT_DEF_AUTH 730 #define MAN_CLIENT_AUTH_ENABLED(opt) ((opt)->management_flags & MF_CLIENT_AUTH) 731 #else 732 #define MAN_CLIENT_AUTH_ENABLED(opt) (false) 733 #endif 734 735 void parse_argv(struct options *options, 736 const int argc, 737 char *argv[], 738 const int msglevel, 739 const unsigned int permission_mask, 740 unsigned int *option_types_found, 741 struct env_set *es); 742 743 void notnull(const char *arg, const char *description); 744 745 void usage_small(void); 746 747 void show_library_versions(const unsigned int flags); 748 749 #ifdef _WIN32 750 void show_windows_version(const unsigned int flags); 751 752 #endif 753 754 void init_options(struct options *o, const bool init_gc); 755 756 void uninit_options(struct options *o); 757 758 void setenv_settings(struct env_set *es, const struct options *o); 759 760 void show_settings(const struct options *o); 761 762 bool string_defined_equal(const char *s1, const char *s2); 763 764 const char *options_string_version(const char *s, struct gc_arena *gc); 765 766 char *options_string(const struct options *o, 767 const struct frame *frame, 768 struct tuntap *tt, 769 openvpn_net_ctx_t *ctx, 770 bool remote, 771 struct gc_arena *gc); 772 773 bool options_cmp_equal_safe(char *actual, const char *expected, size_t actual_n); 774 775 void options_warning_safe(char *actual, const char *expected, size_t actual_n); 776 777 bool options_cmp_equal(char *actual, const char *expected); 778 779 void options_warning(char *actual, const char *expected); 780 781 /** 782 * Given an OpenVPN options string, extract the value of an option. 783 * 784 * @param options_string Zero-terminated, comma-separated options string 785 * @param opt_name The name of the option to extract 786 * @param gc The gc to allocate the return value 787 * 788 * @return gc-allocated value of option with name opt_name if option was found, 789 * or NULL otherwise. 790 */ 791 char *options_string_extract_option(const char *options_string, 792 const char *opt_name, struct gc_arena *gc); 793 794 795 void options_postprocess(struct options *options); 796 797 void pre_pull_save(struct options *o); 798 799 void pre_pull_restore(struct options *o, struct gc_arena *gc); 800 801 bool apply_push_options(struct options *options, 802 struct buffer *buf, 803 unsigned int permission_mask, 804 unsigned int *option_types_found, 805 struct env_set *es); 806 807 void options_detach(struct options *o); 808 809 void options_server_import(struct options *o, 810 const char *filename, 811 int msglevel, 812 unsigned int permission_mask, 813 unsigned int *option_types_found, 814 struct env_set *es); 815 816 void pre_pull_default(struct options *o); 817 818 void rol_check_alloc(struct options *options); 819 820 int parse_line(const char *line, 821 char *p[], 822 const int n, 823 const char *file, 824 const int line_num, 825 int msglevel, 826 struct gc_arena *gc); 827 828 /* 829 * parse/print topology coding 830 */ 831 832 int parse_topology(const char *str, const int msglevel); 833 834 const char *print_topology(const int topology); 835 836 /* 837 * Manage auth-retry variable 838 */ 839 840 #if P2MP 841 842 #define AR_NONE 0 843 #define AR_INTERACT 1 844 #define AR_NOINTERACT 2 845 846 int auth_retry_get(void); 847 848 bool auth_retry_set(const int msglevel, const char *option); 849 850 const char *auth_retry_print(void); 851 852 #endif 853 854 void options_string_import(struct options *options, 855 const char *config, 856 const int msglevel, 857 const unsigned int permission_mask, 858 unsigned int *option_types_found, 859 struct env_set *es); 860 861 #endif /* ifndef OPTIONS_H */ 862