New upstream version 2.4.3upstream/2.4.3

4 files changed, 86 insertions, 31 deletions

diff --git a/include/Makefile.in b/include/Makefile.in
index ebd3f24..c0d4bd2 100644
--- a/include/Makefile.in
+++ b/include/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -26,7 +26,17 @@
 #
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -90,8 +100,6 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = include
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(srcdir)/openvpn-plugin.h.in $(include_HEADERS)
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
 	$(top_srcdir)/m4/ax_socklen_t.m4 \
@@ -102,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
 	$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(include_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h openvpn-plugin.h
 CONFIG_CLEAN_FILES =
@@ -174,6 +184,7 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/openvpn-plugin.h.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -222,6 +233,7 @@ LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 LZ4_CFLAGS = @LZ4_CFLAGS@
 LZ4_LIBS = @LZ4_LIBS@
 LZO_CFLAGS = @LZO_CFLAGS@
@@ -270,6 +282,7 @@ PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGINDIR = @PLUGINDIR@
 PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
 PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
 RANLIB = @RANLIB@
@@ -282,12 +295,14 @@ SHELL = @SHELL@
 SOCKETS_LIBS = @SOCKETS_LIBS@
 STRIP = @STRIP@
 SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@
+SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@
 TAP_CFLAGS = @TAP_CFLAGS@
 TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
 TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
 TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
 TEST_CFLAGS = @TEST_CFLAGS@
 TEST_LDFLAGS = @TEST_LDFLAGS@
+TMPFILES_DIR = @TMPFILES_DIR@
 VENDOR_BUILD_ROOT = @VENDOR_BUILD_ROOT@
 VENDOR_DIST_ROOT = @VENDOR_DIST_ROOT@
 VENDOR_SRC_ROOT = @VENDOR_SRC_ROOT@
@@ -344,7 +359,9 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
+tmpfilesdir = @tmpfilesdir@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
@@ -372,7 +389,6 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --foreign include/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -392,8 +408,8 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 $(am__aclocal_m4_deps):
 
 openvpn-plugin.h: stamp-h2
-	@if test ! -f $@; then rm -f stamp-h2; else :; fi
-	@if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h2; else :; fi
+	@test -f $@ || rm -f stamp-h2
+	@test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h2
 
 stamp-h2: $(srcdir)/openvpn-plugin.h.in $(top_builddir)/config.status
 	@rm -f stamp-h2
@@ -631,6 +647,8 @@ uninstall-am: uninstall-includeHEADERS
 	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
 	uninstall-am uninstall-includeHEADERS
 
+.PRECIOUS: Makefile
+
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h
index 5f3c96c..91e0ccc 100644
--- a/include/openvpn-msg.h
+++ b/include/openvpn-msg.h
@@ -16,10 +16,9 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef OPENVPN_MSG_H_
diff --git a/include/openvpn-plugin.h b/include/openvpn-plugin.h
index 8ce8ea7..5cc5d42 100644
--- a/include/openvpn-plugin.h
+++ b/include/openvpn-plugin.h
@@ -17,10 +17,9 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef OPENVPN_PLUGIN_H_
@@ -45,6 +44,7 @@ typedef X509 openvpn_x509_cert_t;
 #endif
 
 #include <stdarg.h>
+#include <stddef.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -55,7 +55,7 @@ extern "C" {
  */
 #define OPENVPN_VERSION_MAJOR 2
 #define OPENVPN_VERSION_MINOR 4
-#define OPENVPN_VERSION_PATCH ".0"
+#define OPENVPN_VERSION_PATCH ".3"
 
 /*
  * Plug-in types.  These types correspond to the set of script callbacks
@@ -200,7 +200,8 @@ struct openvpn_plugin_string_list
 
 /* openvpn_plugin_{open,func}_v3() related structs */
 
-/* Defines version of the v3 plugin argument structs
+/**
+ * Defines version of the v3 plugin argument structs
  *
  * Whenever one or more of these structs are modified, this constant
  * must be updated.  A changelog should be appended in this comment
@@ -219,8 +220,10 @@ struct openvpn_plugin_string_list
  *    3      Added ovpn_version, ovpn_version_major, ovpn_version_minor
  *           and ovpn_version_patch to provide the runtime version of
  *           OpenVPN to plug-ins.
+ *
+ *    4      Exported secure_memzero() as plugin_secure_memzero()
  */
-#define OPENVPN_PLUGINv3_STRUCTVER 3
+#define OPENVPN_PLUGINv3_STRUCTVER 4
 
 /**
  * Definitions needed for the plug-in callback functions.
@@ -256,10 +259,19 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
                               const char *plugin_name,
                               const char *format,
                               va_list arglist) _ovpn_chk_fmt (3, 0);
-
 /* #undef _ovpn_chk_fmt */
 
 /**
+ *  Export of secure_memzero() to be used inside plug-ins
+ *
+ *  @param data   Pointer to data to zeroise
+ *  @param len    Length of data, in bytes
+ *
+ */
+typedef void (*plugin_secure_memzero_t)(void *data, size_t len);
+
+
+/**
  * Used by the openvpn_plugin_open_v3() function to pass callback
  * function pointers to the plug-in.
  *
@@ -268,11 +280,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
  *               Messages will only be displayed if the plugin_name parameter
  *               is set. PLOG_DEBUG messages will only be displayed with plug-in
  *               debug log verbosity (at the time of writing that's verb >= 7).
+ *
+ * plugin_secure_memzero
+ *             : Use this function to securely wipe sensitive information from
+ *               memory.  This function is declared in a way that the compiler
+ *               will not remove these function calls during the compiler
+ *               optimization phase.
  */
 struct openvpn_plugin_callbacks
 {
     plugin_log_t plugin_log;
     plugin_vlog_t plugin_vlog;
+    plugin_secure_memzero_t plugin_secure_memzero;
 };
 
 /**
@@ -329,12 +348,12 @@ struct openvpn_plugin_args_open_in
  *
  * STRUCT MEMBERS
  *
- * *type_mask : The plug-in should set this value to the logical OR of all script
+ * type_mask  : The plug-in should set this value to the logical OR of all script
  *              types which the plug-in wants to intercept.  For example, if the
  *              script wants to intercept the client-connect and client-disconnect
  *              script types:
  *
- *              *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
+ *              type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
  *                         | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
  *
  * *handle :    Pointer to a global plug-in context, created by the plug-in.  This pointer
diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in
index 0b30352..f29b3a0 100644
--- a/include/openvpn-plugin.h.in
+++ b/include/openvpn-plugin.h.in
@@ -16,10 +16,9 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #ifndef OPENVPN_PLUGIN_H_
@@ -44,6 +43,7 @@ typedef X509 openvpn_x509_cert_t;
 #endif
 
 #include <stdarg.h>
+#include <stddef.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -199,7 +199,8 @@ struct openvpn_plugin_string_list
 
 /* openvpn_plugin_{open,func}_v3() related structs */
 
-/* Defines version of the v3 plugin argument structs
+/**
+ * Defines version of the v3 plugin argument structs
  *
  * Whenever one or more of these structs are modified, this constant
  * must be updated.  A changelog should be appended in this comment
@@ -218,8 +219,10 @@ struct openvpn_plugin_string_list
  *    3      Added ovpn_version, ovpn_version_major, ovpn_version_minor
  *           and ovpn_version_patch to provide the runtime version of
  *           OpenVPN to plug-ins.
+ *
+ *    4      Exported secure_memzero() as plugin_secure_memzero()
  */
-#define OPENVPN_PLUGINv3_STRUCTVER 3
+#define OPENVPN_PLUGINv3_STRUCTVER 4
 
 /**
  * Definitions needed for the plug-in callback functions.
@@ -255,10 +258,19 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
                               const char *plugin_name,
                               const char *format,
                               va_list arglist) _ovpn_chk_fmt (3, 0);
-
 #undef _ovpn_chk_fmt
 
 /**
+ *  Export of secure_memzero() to be used inside plug-ins
+ *
+ *  @param data   Pointer to data to zeroise
+ *  @param len    Length of data, in bytes
+ *
+ */
+typedef void (*plugin_secure_memzero_t)(void *data, size_t len);
+
+
+/**
  * Used by the openvpn_plugin_open_v3() function to pass callback
  * function pointers to the plug-in.
  *
@@ -267,11 +279,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
  *               Messages will only be displayed if the plugin_name parameter
  *               is set. PLOG_DEBUG messages will only be displayed with plug-in
  *               debug log verbosity (at the time of writing that's verb >= 7).
+ *
+ * plugin_secure_memzero
+ *             : Use this function to securely wipe sensitive information from
+ *               memory.  This function is declared in a way that the compiler
+ *               will not remove these function calls during the compiler
+ *               optimization phase.
  */
 struct openvpn_plugin_callbacks
 {
     plugin_log_t plugin_log;
     plugin_vlog_t plugin_vlog;
+    plugin_secure_memzero_t plugin_secure_memzero;
 };
 
 /**
@@ -328,12 +347,12 @@ struct openvpn_plugin_args_open_in
  *
  * STRUCT MEMBERS
  *
- * *type_mask : The plug-in should set this value to the logical OR of all script
+ * type_mask  : The plug-in should set this value to the logical OR of all script
  *              types which the plug-in wants to intercept.  For example, if the
  *              script wants to intercept the client-connect and client-disconnect
  *              script types:
  *
- *              *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
+ *              type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
  *                         | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
  *
  * *handle :    Pointer to a global plug-in context, created by the plug-in.  This pointer