diff options
author | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:11:51 +0100 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2019-02-20 14:11:51 +0100 |
commit | 39ddb9cc8281bd239b94a3023da6329edb6718c1 (patch) | |
tree | dc6a8e7f1018f59f088c5b06b48eb24efe17f22d /sample/sample-plugins | |
parent | d5078cc44b8919a25cb7507e9e6da1d66f25bb5b (diff) | |
parent | 87356242baf10c8b2a94d9013e436ed2a0dada53 (diff) |
Update upstream source from tag 'upstream/2.4.7'
Update to upstream version '2.4.7'
with Debian dir d01da6ef78dc8ce91265e8f319468f6c34d23af8
Diffstat (limited to 'sample/sample-plugins')
-rw-r--r-- | sample/sample-plugins/simple/base64.c | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/sample/sample-plugins/simple/base64.c b/sample/sample-plugins/simple/base64.c new file mode 100644 index 0000000..bd95e79 --- /dev/null +++ b/sample/sample-plugins/simple/base64.c @@ -0,0 +1,203 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2017 David Sommerseth <davids@openvpn.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "openvpn-plugin.h" + +#define PLUGIN_NAME "base64.c" + +/* Exported plug-in v3 API functions */ +plugin_log_t ovpn_log = NULL; /**< Pointer to the OpenVPN log function. See plugin_log() */ +plugin_vlog_t ovpn_vlog = NULL; /**< Pointer to the OpenVPN vlog function. See plugin_vlog() */ +plugin_base64_encode_t ovpn_base64_encode = NULL; /**< Pointer to the openvpn_base64_encode () function */ +plugin_base64_decode_t ovpn_base64_decode = NULL; /**< Pointer to the openvpn_base64_decode () function */ + +/** + * Search the environment pointer for a specific env var name + * + * PLEASE NOTE! The result is not valid outside the local + * scope of the calling function. Once the calling function + * returns, any returned pointers are invalid. + * + * @param name String containing the env.var name to search for + * @param envp String array pointer to the environment variable + * + * @return Returns a pointer to the value in the environment variable + * table on successful match. Otherwise NULL is returned + * + */ +static const char * +get_env(const char *name, const char *envp[]) +{ + if (envp) + { + int i; + const int namelen = strlen(name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp(envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + { + return cp + 1; + } + } + } + } + return NULL; +} + + +/** + * This function is called when OpenVPN loads the plug-in. + * The purpose is to initialize the plug-in and tell OpenVPN + * which plug-in hooks this plug-in wants to be involved in + * + * For the arguments, see the include/openvpn-plugin.h file + * for details on the function parameters + * + * @param v3structver An integer containing the API version of + * the plug-in structs OpenVPN uses + * @param args A pointer to the argument struct for + * information and features provided by + * OpenVPN to the plug-in + * @param ret A pointer to the struct OpenVPN uses to + * receive information back from the plug-in + * + * @return Must return OPENVPN_PLUGIN_FUNC_SUCCESS when everything + * completed successfully. Otherwise it must be returned + * OPENVPN_PLUGIN_FUNC_ERROR, which will stop OpenVPN + * from running + * + */ +OPENVPN_EXPORT int +openvpn_plugin_open_v3(const int v3structver, + struct openvpn_plugin_args_open_in const *args, + struct openvpn_plugin_args_open_return *ret) +{ + /* Check that we are API compatible */ + if (v3structver != OPENVPN_PLUGINv3_STRUCTVER) + { + printf("base64.c: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + /* Which callbacks to intercept. */ + ret->type_mask = + OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2); + + /* we don't need a plug-in context in this example, but OpenVPN expects "something" */ + ret->handle = calloc(1, 1); + + /* Hook into the exported functions from OpenVPN */ + ovpn_log = args->callbacks->plugin_log; + ovpn_vlog = args->callbacks->plugin_vlog; + ovpn_base64_encode = args->callbacks->plugin_base64_encode; + ovpn_base64_decode = args->callbacks->plugin_base64_decode; + + /* Print some version information about the OpenVPN process using this plug-in */ + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", + args->ovpn_version, args->ovpn_version_major, + args->ovpn_version_minor, args->ovpn_version_patch); + + return OPENVPN_PLUGIN_FUNC_SUCCESS; +} + + +/** + * This function is called by OpenVPN each time the OpenVPN reaches + * a point where plug-in calls should happen. It only happens for those + * plug-in hooks enabled in openvpn_plugin_open_v3(). + * + * For the arguments, see the include/openvpn-plugin.h file + * for details on the function parameters + * + * @param args Pointer to a struct with details about the plug-in + * call from the main OpenVPN process. + * @param returndata Pointer to a struct where the plug-in can provide + * information back to OpenVPN to be processed + * + * @return Must return OPENVPN_PLUGIN_FUNC_SUCCESS or + * OPENVPN_PLUGIN_FUNC_DEFERRED on success. Otherwise it + * should return OPENVPN_FUNC_ERROR, which will stop and reject + * the client session from progressing. + * + */ + +OPENVPN_EXPORT int +openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) +{ + if (type != OPENVPN_PLUGIN_TLS_VERIFY + && type != OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + { + ovpn_log(PLOG_ERR, PLUGIN_NAME, "Unsupported plug-in hook call attempted"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + /* get username/password from envp string array */ + const char *clcert_cn = get_env("X509_0_CN", envp); + if (!clcert_cn) + { + /* Ignore certificate checks not being a client certificate */ + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + + /* test the BASE64 encode function */ + char *buf = NULL; + int r = ovpn_base64_encode(clcert_cn, strlen(clcert_cn), &buf); + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 encoded '%s' (return value %i): '%s'", + clcert_cn, r, buf); + + /* test the BASE64 decode function */ + char buf2[256] = {0}; + r = ovpn_base64_decode(buf, &buf2, 255); + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 decoded '%s' (return value %i): '%s'", + buf, r, buf2); + + /* Verify the result, and free the buffer allocated by ovpn_base64_encode() */ + r = strcmp(clcert_cn, buf2); + free(buf); + + return (r == 0) ? OPENVPN_PLUGIN_FUNC_SUCCESS : OPENVPN_PLUGIN_FUNC_ERROR; +} + + +/** + * This cleans up the last part of the plug-in, allows it to + * shut down cleanly and release the plug-in global context buffer + * + * @param handle Pointer to the plug-in global context buffer, which + * need to be released by this function + */ +OPENVPN_EXPORT void +openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) +{ + struct plugin_context *context = (struct plugin_context *) handle; + free(context); +} |