diff options
| author | Arne Schwabe | 2018-10-10 16:25:27 +0200 |
|---|---|---|
| committer | Gert Doering | 2018-10-10 20:31:09 +0200 |
| commit | 66b9409bb25402c1bfcd66359332792cf57d0825 (patch) | |
| tree | 86c86264f72b4ee1fcc3ce88cca5d7a1b1a3c1dc /src | |
| parent | d1f0e2cf83c378b4064f316a2127c7a3d7c6ca21 (diff) | |
| download | openvpn-66b9409bb25402c1bfcd66359332792cf57d0825.zip openvpn-66b9409bb25402c1bfcd66359332792cf57d0825.tar.gz | |
Remove MANAGMENT_EXTERNAL_KEY, MANAGMENT_IN_EXTRA, ENABLE_CLIENT_CR
These defines are always defined when management is enabled.
We still have --disable-management as configure option, so we need
to replace these with ENABLE_MANAGEMENT in some cases.
PATCH v3: Rebase directly on master
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20181010142527.27025-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20181010142527.27025-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
| -rw-r--r-- | src/openvpn/init.c | 4 | ||||
| -rw-r--r-- | src/openvpn/manage.c | 38 | ||||
| -rw-r--r-- | src/openvpn/manage.h | 10 | ||||
| -rw-r--r-- | src/openvpn/misc.c | 14 | ||||
| -rw-r--r-- | src/openvpn/misc.h | 6 | ||||
| -rw-r--r-- | src/openvpn/options.c | 24 | ||||
| -rw-r--r-- | src/openvpn/options.h | 2 | ||||
| -rw-r--r-- | src/openvpn/push.c | 2 | ||||
| -rw-r--r-- | src/openvpn/ssl.c | 16 | ||||
| -rw-r--r-- | src/openvpn/ssl.h | 2 | ||||
| -rw-r--r-- | src/openvpn/ssl_backend.h | 4 | ||||
| -rw-r--r-- | src/openvpn/ssl_common.h | 2 | ||||
| -rw-r--r-- | src/openvpn/ssl_mbedtls.c | 4 | ||||
| -rw-r--r-- | src/openvpn/ssl_openssl.c | 4 | ||||
| -rw-r--r-- | src/openvpn/syshead.h | 22 |
15 files changed, 44 insertions, 110 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 52c64da..1b9f19d 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -540,7 +540,7 @@ init_query_passwords(const struct context *c) /* Auth user/pass input */ if (c->options.auth_user_pass_file) { -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT auth_user_pass_setup(c->options.auth_user_pass_file, &c->options.sc_info); #else auth_user_pass_setup(c->options.auth_user_pass_file, NULL); @@ -2800,7 +2800,7 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) to.x509_track = options->x509_track; #if P2MP -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT to.sci = &options->sc_info; #endif #endif diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index ed981ab..8b633f2 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -110,14 +110,12 @@ man_help(void) msg(M_CLIENT, "client-pf CID : Define packet filter for client CID (MULTILINE)"); #endif #endif -#ifdef MANAGMENT_EXTERNAL_KEY msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge"); msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END"); msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge"); msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END"); msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge"); msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END"); -#endif msg(M_CLIENT, "signal s : Send signal s to daemon,"); msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2."); msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history."); @@ -847,8 +845,6 @@ man_hold(struct management *man, const char *cmd) } } -#ifdef MANAGEMENT_IN_EXTRA - #define IER_RESET 0 #define IER_NEW 1 @@ -936,7 +932,6 @@ in_extra_dispatch(struct management *man) break; #endif /* ifdef MANAGEMENT_PF */ -#ifdef MANAGMENT_EXTERNAL_KEY case IEC_PK_SIGN: man->connection.ext_key_state = EKS_READY; buffer_list_free(man->connection.ext_key_input); @@ -950,13 +945,10 @@ in_extra_dispatch(struct management *man) man->connection.ext_cert_input = man->connection.in_extra; man->connection.in_extra = NULL; return; -#endif } in_extra_reset(&man->connection, IER_RESET); } -#endif /* MANAGEMENT_IN_EXTRA */ - #ifdef MANAGEMENT_DEF_AUTH static bool @@ -1102,8 +1094,6 @@ man_client_pf(struct management *man, const char *cid_str) #endif /* MANAGEMENT_PF */ #endif /* MANAGEMENT_DEF_AUTH */ -#ifdef MANAGMENT_EXTERNAL_KEY - static void man_pk_sig(struct management *man, const char *cmd_name) { @@ -1136,8 +1126,6 @@ man_certificate(struct management *man) } } -#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ - static void man_load_stats(struct management *man) { @@ -1526,7 +1514,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha } #endif #endif /* ifdef MANAGEMENT_DEF_AUTH */ -#ifdef MANAGMENT_EXTERNAL_KEY else if (streq(p[0], "rsa-sig")) { man_pk_sig(man, "rsa-sig"); @@ -1539,7 +1526,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha { man_certificate(man); } -#endif #ifdef ENABLE_PKCS11 else if (streq(p[0], "pkcs11-id-count")) { @@ -1928,9 +1914,7 @@ man_reset_client_socket(struct management *man, const bool exiting) man->connection.state = MS_INITIAL; command_line_reset(man->connection.in); buffer_list_reset(man->connection.out); -#ifdef MANAGEMENT_IN_EXTRA in_extra_reset(&man->connection, IER_RESET); -#endif msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected"); } if (!exiting) @@ -1972,9 +1956,7 @@ man_process_command(struct management *man, const char *line) CLEAR(parms); so = status_open(NULL, 0, -1, &man->persist.vout, 0); -#ifdef MANAGEMENT_IN_EXTRA in_extra_reset(&man->connection, IER_RESET); -#endif if (man_password_needed(man)) { @@ -2212,7 +2194,6 @@ man_read(struct management *man) const char *line; while ((line = command_line_get(man->connection.in))) { -#ifdef MANAGEMENT_IN_EXTRA if (man->connection.in_extra) { if (!strcmp(line, "END")) @@ -2225,8 +2206,9 @@ man_read(struct management *man) } } else -#endif - man_process_command(man, (char *) line); + { + man_process_command(man, (char *) line); + } if (man->connection.halt) { break; @@ -2572,12 +2554,8 @@ man_connection_close(struct management *man) { buffer_list_free(mc->out); } -#ifdef MANAGEMENT_IN_EXTRA in_extra_reset(&man->connection, IER_RESET); -#endif -#ifdef MANAGMENT_EXTERNAL_KEY buffer_list_free(mc->ext_key_input); -#endif man_connection_clear(mc); } @@ -3412,9 +3390,7 @@ management_query_user_pass(struct management *man, const char *alert_type = NULL; const char *prefix = NULL; unsigned int up_query_mode = 0; -#ifdef ENABLE_CLIENT_CR const char *sc = NULL; -#endif ret = true; man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */ man->persist.special_state_msg = NULL; @@ -3444,12 +3420,10 @@ management_query_user_pass(struct management *man, up_query_mode = UP_QUERY_USER_PASS; prefix = "PASSWORD"; alert_type = "username/password"; -#ifdef ENABLE_CLIENT_CR if (static_challenge) { sc = static_challenge; } -#endif } buf_printf(&alert_msg, ">%s:Need '%s' %s", prefix, @@ -3461,14 +3435,12 @@ management_query_user_pass(struct management *man, buf_printf(&alert_msg, " MSG:%s", up->username); } -#ifdef ENABLE_CLIENT_CR if (sc) { buf_printf(&alert_msg, " SC:%d,%s", BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO), sc); } -#endif man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT); if (signal_received) @@ -3531,8 +3503,6 @@ management_query_user_pass(struct management *man, return ret; } -#ifdef MANAGMENT_EXTERNAL_KEY - static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input) @@ -3699,8 +3669,6 @@ management_query_cert(struct management *man, const char *cert_name) return result; } -#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ - /* * Return true if management_hold() would block */ diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index ff143fc..d24abe0 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -275,7 +275,6 @@ struct man_connection { struct command_line *in; struct buffer_list *out; -#ifdef MANAGEMENT_IN_EXTRA #define IEC_UNDEF 0 #define IEC_CLIENT_AUTH 1 #define IEC_CLIENT_PF 2 @@ -288,7 +287,6 @@ struct man_connection { unsigned long in_extra_cid; unsigned int in_extra_kid; #endif -#ifdef MANAGMENT_EXTERNAL_KEY #define EKS_UNDEF 0 #define EKS_SOLICIT 1 #define EKS_INPUT 2 @@ -297,8 +295,6 @@ struct man_connection { struct buffer_list *ext_key_input; int ext_cert_state; struct buffer_list *ext_cert_input; -#endif -#endif /* ifdef MANAGEMENT_IN_EXTRA */ struct event_set *es; int env_filter_level; @@ -346,9 +342,7 @@ struct management *management_init(void); #define MF_CLIENT_PF (1<<7) #endif #define MF_UNIX_SOCK (1<<8) -#ifdef MANAGMENT_EXTERNAL_KEY #define MF_EXTERNAL_KEY (1<<9) -#endif #define MF_UP_DOWN (1<<10) #define MF_QUERY_REMOTE (1<<11) #define MF_QUERY_PROXY (1<<12) @@ -436,14 +430,10 @@ void management_learn_addr(struct management *management, #endif -#ifdef MANAGMENT_EXTERNAL_KEY - char *management_query_pk_sig(struct management *man, const char *b64_data); char *management_query_cert(struct management *man, const char *cert_name); -#endif - static inline bool management_connected(const struct management *man) { diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 2759d98..d75b768 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -157,12 +157,10 @@ get_user_pass_cr(struct user_pass *up, management_auth_failure(management, prefix, "previous auth credentials failed"); } -#ifdef ENABLE_CLIENT_CR if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) { sc = auth_challenge; } -#endif if (!management_query_user_pass(management, up, prefix, flags, sc)) { if ((flags & GET_USER_PASS_NOFATAL) != 0) @@ -272,7 +270,7 @@ get_user_pass_cr(struct user_pass *up, */ if (username_from_stdin || password_from_stdin || response_from_stdin) { -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE) && response_from_stdin) { struct auth_challenge_info *ac = get_auth_challenge(auth_challenge, &gc); @@ -299,7 +297,7 @@ get_user_pass_cr(struct user_pass *up, } } else -#endif /* ifdef ENABLE_CLIENT_CR */ +#endif /* ifdef ENABLE_MANAGEMENT */ { struct buffer user_prompt = alloc_buf_gc(128, &gc); struct buffer pass_prompt = alloc_buf_gc(128, &gc); @@ -333,7 +331,7 @@ get_user_pass_cr(struct user_pass *up, } } -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE) && response_from_stdin) { char *response = (char *) gc_malloc(USER_PASS_LEN, false, &gc); @@ -361,7 +359,7 @@ get_user_pass_cr(struct user_pass *up, string_clear(resp64); free(resp64); } -#endif /* ifdef ENABLE_CLIENT_CR */ +#endif /* ifdef ENABLE_MANAGEMENT */ } } @@ -380,7 +378,7 @@ get_user_pass_cr(struct user_pass *up, return true; } -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT /* * See management/management-notes.txt for more info on the @@ -455,7 +453,7 @@ get_auth_challenge(const char *auth_challenge, struct gc_arena *gc) } } -#endif /* ifdef ENABLE_CLIENT_CR */ +#endif /* ifdef ENABLE_MANAGEMENT */ void purge_user_pass(struct user_pass *up, const bool force) diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index b4d9d03..a54185f 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -76,7 +76,7 @@ struct user_pass char password[USER_PASS_LEN]; }; -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT /* * Challenge response info on client as pushed by server. */ @@ -102,10 +102,10 @@ struct static_challenge_info { const char *challenge_text; }; -#else /* ifdef ENABLE_CLIENT_CR */ +#else /* ifdef ENABLE_MANAGEMENT */ struct auth_challenge_info {}; struct static_challenge_info {}; -#endif /* ifdef ENABLE_CLIENT_CR */ +#endif /* ifdef ENABLE_MANAGEMENT */ /* * Flags for get_user_pass and management_query_user_pass diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e42029c..f0762f2 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1735,7 +1735,7 @@ show_settings(const struct options *o) SHOW_STR(ca_file); SHOW_STR(ca_path); SHOW_STR(dh_file); -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if ((o->management_flags & MF_EXTERNAL_CERT)) { SHOW_PARM("cert_file","EXTERNAL_CERT","%s"); @@ -1745,7 +1745,7 @@ show_settings(const struct options *o) SHOW_STR(cert_file); SHOW_STR(extra_certs_file); -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if ((o->management_flags & MF_EXTERNAL_KEY)) { SHOW_PARM("priv_key_file","EXTERNAL_PRIVATE_KEY","%s"); @@ -2567,7 +2567,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec { msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); } -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if (options->management_flags & MF_EXTERNAL_KEY) { msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); @@ -2590,7 +2590,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec } else #endif /* ifdef ENABLE_PKCS11 */ -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if ((options->management_flags & MF_EXTERNAL_KEY) && options->priv_key_file) { msg(M_USAGE, "--key and --management-external-key are mutually exclusive"); @@ -2627,7 +2627,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec { msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); } -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if (options->management_flags & MF_EXTERNAL_KEY) { msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); @@ -2657,7 +2657,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec { msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); } -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if (options->management_flags & MF_EXTERNAL_KEY) { msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs12 is also specified."); @@ -2690,7 +2690,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec { const int sum = -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT ((options->cert_file != NULL) || (options->management_flags & MF_EXTERNAL_CERT)) +((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); #else @@ -2714,11 +2714,11 @@ options_postprocess_verify_ce(const struct options *options, const struct connec } else { -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if (!(options->management_flags & MF_EXTERNAL_CERT)) #endif notnull(options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if (!(options->management_flags & MF_EXTERNAL_KEY)) #endif notnull(options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); @@ -3308,7 +3308,7 @@ options_postprocess_filechecks(struct options *options) errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->cert_file, R_OK, "--cert"); errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK, "--extra-certs"); -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT if (!(options->management_flags & MF_EXTERNAL_KEY)) #endif { @@ -5155,7 +5155,7 @@ add_option(struct options *options, options->management_flags |= MF_CONNECT_AS_CLIENT; options->management_write_peer_info_file = p[1]; } -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT else if (streq(p[0], "management-external-key") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL); @@ -7023,7 +7023,7 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); auth_retry_set(msglevel, p[1]); } -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT else if (streq(p[0], "static-challenge") && p[1] && p[2] && !p[3]) { VERIFY_PERMISSION(OPT_P_GENERAL); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index acbd108..33aa71f 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -469,7 +469,7 @@ struct options int scheduled_exit_interval; -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT struct static_challenge_info sc_info; #endif #endif /* if P2MP */ diff --git a/src/openvpn/push.c b/src/openvpn/push.c index a7ec4dd..72f0996 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -88,7 +88,7 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) * Save the dynamic-challenge text even when management is defined */ { -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT struct buffer buf = *buffer; if (buf_string_match_head_str(&buf, "AUTH_FAILED,CRV1:") && BLEN(&buf)) { diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 455adfb..58261e6 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -399,7 +399,7 @@ pem_password_callback(char *buf, int size, int rwflag, void *u) static bool auth_user_pass_enabled; /* GLOBAL */ static struct user_pass auth_user_pass; /* GLOBAL */ -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT static char *auth_challenge; /* GLOBAL */ #endif @@ -409,7 +409,7 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * auth_user_pass_enabled = true; if (!auth_user_pass.defined) { -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT if (auth_challenge) /* dynamic challenge/response */ { get_user_pass_cr(&auth_user_pass, @@ -432,7 +432,7 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * sci->challenge_text); } else -#endif /* ifdef ENABLE_CLIENT_CR */ +#endif /* ifdef ENABLE_MANAGEMENT */ get_user_pass(&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT); } } @@ -480,12 +480,12 @@ ssl_purge_auth(const bool auth_user_pass_only) purge_user_pass(&passbuf, true); } purge_user_pass(&auth_user_pass, true); -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT ssl_purge_auth_challenge(); #endif } -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT void ssl_purge_auth_challenge(void) @@ -652,7 +652,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) tls_ctx_load_cryptoapi(new_ctx, options->cryptoapi_cert); } #endif -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT else if (options->management_flags & MF_EXTERNAL_CERT) { char *cert = management_query_cert(management, @@ -674,7 +674,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) goto err; } } -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT else if (options->management_flags & MF_EXTERNAL_KEY) { if (tls_ctx_use_management_external_key(new_ctx)) @@ -2364,7 +2364,7 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) /* write username/password if specified */ if (auth_user_pass_enabled) { -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT auth_user_pass_setup(session->opt->auth_user_pass_file, session->opt->sci); #else auth_user_pass_setup(session->opt->auth_user_pass_file, NULL); diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 72227d9..e874519 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -428,7 +428,7 @@ void ssl_purge_auth(const bool auth_user_pass_only); void ssl_set_auth_token(const char *token); -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT /* * ssl_get_auth_challenge will parse the server-pushed auth-failed * reason string and return a dynamically allocated diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 5023c02..856e809 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -272,7 +272,7 @@ void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, const char *priv_key_file_inline); -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT /** * Tell the management interface to load the given certificate and the external @@ -284,7 +284,7 @@ int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, */ int tls_ctx_use_management_external_key(struct tls_root_ctx *ctx); -#endif /* MANAGMENT_EXTERNAL_KEY */ +#endif /* ENABLE_MANAGEMENT */ /** * Load certificate authority certificates from the given file or path. diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index 08ef6ff..919ec57 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -332,7 +332,7 @@ struct tls_options const struct x509_track *x509_track; -#ifdef ENABLE_CLIENT_CR +#ifdef ENABLE_MANAGEMENT const struct static_challenge_info *sci; #endif diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index e4850cb..00e5d81 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -605,7 +605,7 @@ tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, return 0; } -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT /** Query the management interface for a signature, see external_sign_func. */ static bool @@ -645,7 +645,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) return tls_ctx_use_external_signing_func(ctx, management_sign_func, NULL); } -#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ +#endif /* ifdef ENABLE_MANAGEMENT */ void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 1a66d17..0858d5e 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -997,7 +997,7 @@ end: } -#ifdef MANAGMENT_EXTERNAL_KEY +#ifdef ENABLE_MANAGEMENT /* encrypt */ static int @@ -1340,7 +1340,7 @@ cleanup: return ret; } -#endif /* ifdef MANAGMENT_EXTERNAL_KEY */ +#endif /* ifdef ENABLE_MANAGEMENT */ static int sk_x509_name_cmp(const X509_NAME *const *a, const X509_NAME *const *b) diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 487b32a..d2a5034 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -548,27 +548,12 @@ socket_defined(const socket_descriptor_t sd) #undef ENABLE_DEF_AUTH #endif -/* - * Enable external private key - */ -#if defined(ENABLE_MANAGEMENT) -#define MANAGMENT_EXTERNAL_KEY -#endif - /* Enable mbed TLS RNG prediction resistance support */ #ifdef ENABLE_CRYPTO_MBEDTLS #define ENABLE_PREDICTION_RESISTANCE #endif /* ENABLE_CRYPTO_MBEDTLS */ /* - * MANAGEMENT_IN_EXTRA allows the management interface to - * read multi-line inputs from clients. - */ -#if defined(MANAGEMENT_DEF_AUTH) || defined(MANAGMENT_EXTERNAL_KEY) -#define MANAGEMENT_IN_EXTRA -#endif - -/* * Enable packet filter? */ #if defined(ENABLE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && defined(HAVE_STAT) @@ -659,13 +644,6 @@ socket_defined(const socket_descriptor_t sd) #endif /* - * Do we support challenge/response authentication as client? - */ -#if defined(ENABLE_MANAGEMENT) -#define ENABLE_CLIENT_CR -#endif - -/* * Compression support */ #if defined(ENABLE_LZO) || defined(ENABLE_LZ4) \ |