summaryrefslogtreecommitdiff
path: root/sample/sample-plugins/keying-material-exporter-demo
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-27 18:25:47 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-27 18:25:47 +0100
commit79f3537f69e125f19f59c36aa090120a63186a54 (patch)
tree2089a3b7dac990841dbc2e4d9b2f535b82dbb0af /sample/sample-plugins/keying-material-exporter-demo
parentf2137fedb30cb87448eb03b2f288920df6187571 (diff)
parent3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (diff)
Merge tag 'upstream/2.4.0'
Upstream version 2.4.0
Diffstat (limited to 'sample/sample-plugins/keying-material-exporter-demo')
-rw-r--r--sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c289
1 files changed, 157 insertions, 132 deletions
diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
index b0240b8..177977d 100644
--- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
+++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -41,23 +41,23 @@
#endif
#define ovpn_err(fmt, ...) \
- plugin->log(PLOG_ERR, "SSO", fmt , ## __VA_ARGS__)
+ plugin->log(PLOG_ERR, "SSO", fmt, ## __VA_ARGS__)
#define ovpn_dbg(fmt, ...) \
- plugin->log(PLOG_DEBUG, "SSO", fmt , ## __VA_ARGS__)
+ plugin->log(PLOG_DEBUG, "SSO", fmt, ## __VA_ARGS__)
#define ovpn_note(fmt, ...) \
- plugin->log(PLOG_NOTE, "SSO", fmt , ## __VA_ARGS__)
+ plugin->log(PLOG_NOTE, "SSO", fmt, ## __VA_ARGS__)
enum endpoint { CLIENT = 1, SERVER = 2 };
struct plugin {
- plugin_log_t log;
- enum endpoint type;
- int mask;
+ plugin_log_t log;
+ enum endpoint type;
+ int mask;
};
struct session {
- char user[48];
- char key [48];
+ char user[48];
+ char key [48];
};
/*
@@ -69,201 +69,226 @@ struct session {
static const char *
get_env(const char *name, const char *envp[])
{
- if (envp)
+ if (envp)
{
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
+ int i;
+ const int namelen = strlen(name);
+ for (i = 0; envp[i]; ++i)
+ {
+ if (!strncmp(envp[i], name, namelen))
+ {
+ const char *cp = envp[i] + namelen;
+ if (*cp == '=')
+ {
+ return cp + 1;
+ }
+ }
+ }
}
- return NULL;
+ return NULL;
}
OPENVPN_EXPORT int
-openvpn_plugin_open_v3 (const int version,
- struct openvpn_plugin_args_open_in const *args,
- struct openvpn_plugin_args_open_return *rv)
+openvpn_plugin_open_v3(const int version,
+ struct openvpn_plugin_args_open_in const *args,
+ struct openvpn_plugin_args_open_return *rv)
{
- struct plugin *plugin = calloc (1, sizeof(*plugin));
+ struct plugin *plugin = calloc(1, sizeof(*plugin));
- plugin->type = get_env ("remote_1", args->envp) ? CLIENT : SERVER;
- plugin->log = args->callbacks->plugin_log;
+ plugin->type = get_env("remote_1", args->envp) ? CLIENT : SERVER;
+ plugin->log = args->callbacks->plugin_log;
- plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL);
- plugin->mask |= OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY);
+ plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL);
+ plugin->mask |= OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY);
- ovpn_note("vpn endpoint type=%s",plugin->type == CLIENT ? "client":"server");
+ ovpn_note("vpn endpoint type=%s",plugin->type == CLIENT ? "client" : "server");
- rv->type_mask = plugin->mask;
- rv->handle = (void *)plugin;
+ rv->type_mask = plugin->mask;
+ rv->handle = (void *)plugin;
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
static void
session_user_set(struct session *sess, X509 *x509)
{
- int fn_nid;
- ASN1_OBJECT *fn;
- ASN1_STRING *val;
- X509_NAME *x509_name;
- X509_NAME_ENTRY *ent;
- const char *objbuf;
-
- x509_name = X509_get_subject_name (x509);
- int i, n = X509_NAME_entry_count (x509_name);
- for (i = 0; i < n; ++i)
+ int fn_nid;
+ ASN1_OBJECT *fn;
+ ASN1_STRING *val;
+ X509_NAME *x509_name;
+ X509_NAME_ENTRY *ent;
+ const char *objbuf;
+
+ x509_name = X509_get_subject_name(x509);
+ int i, n = X509_NAME_entry_count(x509_name);
+ for (i = 0; i < n; ++i)
{
- if (!(ent = X509_NAME_get_entry (x509_name, i)))
- continue;
- if (!(fn = X509_NAME_ENTRY_get_object (ent)))
- continue;
- if (!(val = X509_NAME_ENTRY_get_data (ent)))
- continue;
- if ((fn_nid = OBJ_obj2nid (fn)) == NID_undef)
- continue;
- if (!(objbuf = OBJ_nid2sn (fn_nid)))
- continue;
- /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- unsigned char *buf = (unsigned char *)1;
- if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
- continue;
-
- if (!strncasecmp(objbuf, "CN", 2))
- snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf);
-
- OPENSSL_free (buf);
+ if (!(ent = X509_NAME_get_entry(x509_name, i)))
+ {
+ continue;
+ }
+ if (!(fn = X509_NAME_ENTRY_get_object(ent)))
+ {
+ continue;
+ }
+ if (!(val = X509_NAME_ENTRY_get_data(ent)))
+ {
+ continue;
+ }
+ if ((fn_nid = OBJ_obj2nid(fn)) == NID_undef)
+ {
+ continue;
+ }
+ if (!(objbuf = OBJ_nid2sn(fn_nid)))
+ {
+ continue;
+ }
+ /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
+ unsigned char *buf = (unsigned char *)1;
+ if (ASN1_STRING_to_UTF8(&buf, val) <= 0)
+ {
+ continue;
+ }
+
+ if (!strncasecmp(objbuf, "CN", 2))
+ {
+ snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf);
+ }
+
+ OPENSSL_free(buf);
}
}
static int
tls_verify(struct openvpn_plugin_args_func_in const *args)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- /* we store cert subject for the server end point only */
- if (plugin->type != SERVER)
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ /* we store cert subject for the server end point only */
+ if (plugin->type != SERVER)
+ {
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
- if (!args->current_cert) {
- ovpn_err("this example plugin requires client certificate");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
+ if (!args->current_cert)
+ {
+ ovpn_err("this example plugin requires client certificate");
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
- session_user_set(sess, args->current_cert);
+ session_user_set(sess, args->current_cert);
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
static void
file_store(char *file, char *content)
{
- FILE *f;
- if (!(f = fopen(file, "w+")))
- return;
+ FILE *f;
+ if (!(f = fopen(file, "w+")))
+ {
+ return;
+ }
- fprintf(f, "%s", content);
- fclose(f);
+ fprintf(f, "%s", content);
+ fclose(f);
}
static void
server_store(struct openvpn_plugin_args_func_in const *args)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- char file[MAXPATH];
- snprintf(file, sizeof(file) - 1, "/tmp/openvpn_sso_%s", sess->key);
- ovpn_note("app session file: %s", file);
- file_store(file, sess->user);
+ char file[MAXPATH];
+ snprintf(file, sizeof(file) - 1, "/tmp/openvpn_sso_%s", sess->key);
+ ovpn_note("app session file: %s", file);
+ file_store(file, sess->user);
}
static void
client_store(struct openvpn_plugin_args_func_in const *args)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- char *file = "/tmp/openvpn_sso_user";
- ovpn_note("app session file: %s", file);
- file_store(file, sess->key);
+ char *file = "/tmp/openvpn_sso_user";
+ ovpn_note("app session file: %s", file);
+ file_store(file, sess->key);
}
static int
tls_final(struct openvpn_plugin_args_func_in const *args,
struct openvpn_plugin_args_func_return *rv)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
-
- const char *key;
- if (!(key = get_env ("exported_keying_material", args->envp)))
- return OPENVPN_PLUGIN_FUNC_ERROR;
-
- snprintf(sess->key, sizeof(sess->key) - 1, "%s", key);
- ovpn_note("app session key: %s", sess->key);
-
- switch (plugin->type) {
- case SERVER:
- server_store(args);
- break;
- case CLIENT:
- client_store(args);
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- }
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- ovpn_note("app session user: %s", sess->user);
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ const char *key;
+ if (!(key = get_env("exported_keying_material", args->envp)))
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
+ snprintf(sess->key, sizeof(sess->key) - 1, "%s", key);
+ ovpn_note("app session key: %s", sess->key);
+
+ switch (plugin->type) {
+ case SERVER:
+ server_store(args);
+ break;
+
+ case CLIENT:
+ client_store(args);
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
+
+ ovpn_note("app session user: %s", sess->user);
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT int
-openvpn_plugin_func_v3 (const int version,
- struct openvpn_plugin_args_func_in const *args,
- struct openvpn_plugin_args_func_return *rv)
+openvpn_plugin_func_v3(const int version,
+ struct openvpn_plugin_args_func_in const *args,
+ struct openvpn_plugin_args_func_return *rv)
{
- switch(args->type) {
- case OPENVPN_PLUGIN_TLS_VERIFY:
- return tls_verify(args);
- case OPENVPN_PLUGIN_TLS_FINAL:
- return tls_final(args, rv);
- }
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ switch (args->type) {
+ case OPENVPN_PLUGIN_TLS_VERIFY:
+ return tls_verify(args);
+
+ case OPENVPN_PLUGIN_TLS_FINAL:
+ return tls_final(args, rv);
+ }
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT void *
openvpn_plugin_client_constructor_v1(openvpn_plugin_handle_t handle)
{
- struct plugin *plugin = (struct plugin *)handle;
- struct session *sess = calloc (1, sizeof(*sess));
+ struct plugin *plugin = (struct plugin *)handle;
+ struct session *sess = calloc(1, sizeof(*sess));
- ovpn_note("app session created");
+ ovpn_note("app session created");
- return (void *)sess;
+ return (void *)sess;
}
OPENVPN_EXPORT void
openvpn_plugin_client_destructor_v1(openvpn_plugin_handle_t handle, void *ctx)
{
- struct plugin *plugin = (struct plugin *)handle;
- struct session *sess = (struct session *)ctx;
+ struct plugin *plugin = (struct plugin *)handle;
+ struct session *sess = (struct session *)ctx;
- ovpn_note("app session key: %s", sess->key);
- ovpn_note("app session destroyed");
+ ovpn_note("app session key: %s", sess->key);
+ ovpn_note("app session destroyed");
- free (sess);
+ free(sess);
}
OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
+openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
{
- struct plugin *plugin = (struct plugin *)handle;
- free (plugin);
+ struct plugin *plugin = (struct plugin *)handle;
+ free(plugin);
}