summaryrefslogtreecommitdiff
path: root/sample/sample-plugins
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-27 18:25:47 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-27 18:25:47 +0100
commit3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (patch)
treef29063da5bec4caf3853d49a22a09c8619eebd21 /sample/sample-plugins
parentd53dba59e78da865c4fe820386ff2f4f76925f3b (diff)
New upstream version 2.4.0upstream/2.4.0
Diffstat (limited to 'sample/sample-plugins')
-rw-r--r--sample/sample-plugins/defer/simple.c393
-rw-r--r--sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c289
-rw-r--r--sample/sample-plugins/log/log.c234
-rw-r--r--sample/sample-plugins/log/log_v3.c369
-rw-r--r--sample/sample-plugins/simple/simple.c102
5 files changed, 752 insertions, 635 deletions
diff --git a/sample/sample-plugins/defer/simple.c b/sample/sample-plugins/defer/simple.c
index 6539865..ad1bbb0 100644
--- a/sample/sample-plugins/defer/simple.c
+++ b/sample/sample-plugins/defer/simple.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -25,7 +25,7 @@
/*
* This file implements a simple OpenVPN plugin module which
* will test deferred authentication and packet filtering.
- *
+ *
* Will run on Windows or *nix.
*
* Sample usage:
@@ -68,13 +68,13 @@
*/
struct plugin_context {
- int test_deferred_auth;
- int test_packet_filter;
+ int test_deferred_auth;
+ int test_packet_filter;
};
struct plugin_per_client_context {
- int n_calls;
- bool generated_pf_file;
+ int n_calls;
+ bool generated_pf_file;
};
/*
@@ -83,223 +83,258 @@ struct plugin_per_client_context {
* if found or NULL otherwise.
*/
static const char *
-get_env (const char *name, const char *envp[])
+get_env(const char *name, const char *envp[])
{
- if (envp)
+ if (envp)
{
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
+ int i;
+ const int namelen = strlen(name);
+ for (i = 0; envp[i]; ++i)
+ {
+ if (!strncmp(envp[i], name, namelen))
+ {
+ const char *cp = envp[i] + namelen;
+ if (*cp == '=')
+ {
+ return cp + 1;
+ }
+ }
+ }
}
- return NULL;
+ return NULL;
}
/* used for safe printf of possible NULL strings */
static const char *
-np (const char *str)
+np(const char *str)
{
- if (str)
- return str;
- else
- return "[NULL]";
+ if (str)
+ {
+ return str;
+ }
+ else
+ {
+ return "[NULL]";
+ }
}
static int
-atoi_null0 (const char *str)
+atoi_null0(const char *str)
{
- if (str)
- return atoi (str);
- else
- return 0;
+ if (str)
+ {
+ return atoi(str);
+ }
+ else
+ {
+ return 0;
+ }
}
OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
+openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
{
- struct plugin_context *context;
-
- printf ("FUNC: openvpn_plugin_open_v1\n");
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp));
- printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth);
-
- context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp));
- printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter);
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF);
-
- return (openvpn_plugin_handle_t) context;
+ struct plugin_context *context;
+
+ printf("FUNC: openvpn_plugin_open_v1\n");
+
+ /*
+ * Allocate our context
+ */
+ context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context));
+
+ context->test_deferred_auth = atoi_null0(get_env("test_deferred_auth", envp));
+ printf("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth);
+
+ context->test_packet_filter = atoi_null0(get_env("test_packet_filter", envp));
+ printf("TEST_PACKET_FILTER %d\n", context->test_packet_filter);
+
+ /*
+ * Which callbacks to intercept.
+ */
+ *type_mask =
+ OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ENABLE_PF);
+
+ return (openvpn_plugin_handle_t) context;
}
static int
-auth_user_pass_verify (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
+auth_user_pass_verify(struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
{
- if (context->test_deferred_auth)
+ if (context->test_deferred_auth)
{
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- /* get auth_control_file filename from envp string array*/
- const char *auth_control_file = get_env ("auth_control_file", envp);
-
- printf ("DEFER u='%s' p='%s' acf='%s'\n",
- np(username),
- np(password),
- np(auth_control_file));
-
- /* Authenticate asynchronously in n seconds */
- if (auth_control_file)
- {
- char buf[256];
- int auth = 2;
- sscanf (username, "%d", &auth);
- snprintf (buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &",
- context->test_deferred_auth,
- auth_control_file,
- auth,
- pcc->n_calls < auth,
- auth_control_file);
- printf ("%s\n", buf);
- system (buf);
- pcc->n_calls++;
- return OPENVPN_PLUGIN_FUNC_DEFERRED;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
+ /* get username/password from envp string array */
+ const char *username = get_env("username", envp);
+ const char *password = get_env("password", envp);
+
+ /* get auth_control_file filename from envp string array*/
+ const char *auth_control_file = get_env("auth_control_file", envp);
+
+ printf("DEFER u='%s' p='%s' acf='%s'\n",
+ np(username),
+ np(password),
+ np(auth_control_file));
+
+ /* Authenticate asynchronously in n seconds */
+ if (auth_control_file)
+ {
+ char buf[256];
+ int auth = 2;
+ sscanf(username, "%d", &auth);
+ snprintf(buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &",
+ context->test_deferred_auth,
+ auth_control_file,
+ auth,
+ pcc->n_calls < auth,
+ auth_control_file);
+ printf("%s\n", buf);
+ system(buf);
+ pcc->n_calls++;
+ return OPENVPN_PLUGIN_FUNC_DEFERRED;
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
static int
-tls_final (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
+tls_final(struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
{
- if (context->test_packet_filter)
+ if (context->test_packet_filter)
+ {
+ if (!pcc->generated_pf_file)
+ {
+ const char *pff = get_env("pf_file", envp);
+ const char *cn = get_env("username", envp);
+ if (pff && cn)
+ {
+ char buf[256];
+ snprintf(buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &",
+ context->test_packet_filter, cn, pff, cn, pff);
+ printf("%s\n", buf);
+ system(buf);
+ pcc->generated_pf_file = true;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+ }
+ else
{
- if (!pcc->generated_pf_file)
- {
- const char *pff = get_env ("pf_file", envp);
- const char *cn = get_env ("username", envp);
- if (pff && cn)
- {
- char buf[256];
- snprintf (buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &",
- context->test_packet_filter, cn, pff, cn, pff);
- printf ("%s\n", buf);
- system (buf);
- pcc->generated_pf_file = true;
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT int
-openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle,
- const int type,
- const char *argv[],
- const char *envp[],
- void *per_client_context,
- struct openvpn_plugin_string_list **return_list)
+openvpn_plugin_func_v2(openvpn_plugin_handle_t handle,
+ const int type,
+ const char *argv[],
+ const char *envp[],
+ void *per_client_context,
+ struct openvpn_plugin_string_list **return_list)
{
- struct plugin_context *context = (struct plugin_context *) handle;
- struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context;
- switch (type)
+ struct plugin_context *context = (struct plugin_context *) handle;
+ struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context;
+ switch (type)
{
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- return auth_user_pass_verify (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- return tls_final (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_ENABLE_PF:
- printf ("OPENVPN_PLUGIN_ENABLE_PF\n");
- if (context->test_packet_filter)
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
+ case OPENVPN_PLUGIN_UP:
+ printf("OPENVPN_PLUGIN_UP\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_DOWN:
+ printf("OPENVPN_PLUGIN_DOWN\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_ROUTE_UP:
+ printf("OPENVPN_PLUGIN_ROUTE_UP\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_IPCHANGE:
+ printf("OPENVPN_PLUGIN_IPCHANGE\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_TLS_VERIFY:
+ printf("OPENVPN_PLUGIN_TLS_VERIFY\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
+ printf("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
+ return auth_user_pass_verify(context, pcc, argv, envp);
+
+ case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
+ printf("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
+ printf("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_LEARN_ADDRESS:
+ printf("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+
+ case OPENVPN_PLUGIN_TLS_FINAL:
+ printf("OPENVPN_PLUGIN_TLS_FINAL\n");
+ return tls_final(context, pcc, argv, envp);
+
+ case OPENVPN_PLUGIN_ENABLE_PF:
+ printf("OPENVPN_PLUGIN_ENABLE_PF\n");
+ if (context->test_packet_filter)
+ {
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
+ default:
+ printf("OPENVPN_PLUGIN_?\n");
+ return OPENVPN_PLUGIN_FUNC_ERROR;
}
}
OPENVPN_EXPORT void *
-openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle)
+openvpn_plugin_client_constructor_v1(openvpn_plugin_handle_t handle)
{
- printf ("FUNC: openvpn_plugin_client_constructor_v1\n");
- return calloc (1, sizeof (struct plugin_per_client_context));
+ printf("FUNC: openvpn_plugin_client_constructor_v1\n");
+ return calloc(1, sizeof(struct plugin_per_client_context));
}
OPENVPN_EXPORT void
-openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context)
+openvpn_plugin_client_destructor_v1(openvpn_plugin_handle_t handle, void *per_client_context)
{
- printf ("FUNC: openvpn_plugin_client_destructor_v1\n");
- free (per_client_context);
+ printf("FUNC: openvpn_plugin_client_destructor_v1\n");
+ free(per_client_context);
}
OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
+openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
{
- struct plugin_context *context = (struct plugin_context *) handle;
- printf ("FUNC: openvpn_plugin_close_v1\n");
- free (context);
+ struct plugin_context *context = (struct plugin_context *) handle;
+ printf("FUNC: openvpn_plugin_close_v1\n");
+ free(context);
}
diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
index b0240b8..177977d 100644
--- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
+++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -41,23 +41,23 @@
#endif
#define ovpn_err(fmt, ...) \
- plugin->log(PLOG_ERR, "SSO", fmt , ## __VA_ARGS__)
+ plugin->log(PLOG_ERR, "SSO", fmt, ## __VA_ARGS__)
#define ovpn_dbg(fmt, ...) \
- plugin->log(PLOG_DEBUG, "SSO", fmt , ## __VA_ARGS__)
+ plugin->log(PLOG_DEBUG, "SSO", fmt, ## __VA_ARGS__)
#define ovpn_note(fmt, ...) \
- plugin->log(PLOG_NOTE, "SSO", fmt , ## __VA_ARGS__)
+ plugin->log(PLOG_NOTE, "SSO", fmt, ## __VA_ARGS__)
enum endpoint { CLIENT = 1, SERVER = 2 };
struct plugin {
- plugin_log_t log;
- enum endpoint type;
- int mask;
+ plugin_log_t log;
+ enum endpoint type;
+ int mask;
};
struct session {
- char user[48];
- char key [48];
+ char user[48];
+ char key [48];
};
/*
@@ -69,201 +69,226 @@ struct session {
static const char *
get_env(const char *name, const char *envp[])
{
- if (envp)
+ if (envp)
{
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
+ int i;
+ const int namelen = strlen(name);
+ for (i = 0; envp[i]; ++i)
+ {
+ if (!strncmp(envp[i], name, namelen))
+ {
+ const char *cp = envp[i] + namelen;
+ if (*cp == '=')
+ {
+ return cp + 1;
+ }
+ }
+ }
}
- return NULL;
+ return NULL;
}
OPENVPN_EXPORT int
-openvpn_plugin_open_v3 (const int version,
- struct openvpn_plugin_args_open_in const *args,
- struct openvpn_plugin_args_open_return *rv)
+openvpn_plugin_open_v3(const int version,
+ struct openvpn_plugin_args_open_in const *args,
+ struct openvpn_plugin_args_open_return *rv)
{
- struct plugin *plugin = calloc (1, sizeof(*plugin));
+ struct plugin *plugin = calloc(1, sizeof(*plugin));
- plugin->type = get_env ("remote_1", args->envp) ? CLIENT : SERVER;
- plugin->log = args->callbacks->plugin_log;
+ plugin->type = get_env("remote_1", args->envp) ? CLIENT : SERVER;
+ plugin->log = args->callbacks->plugin_log;
- plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL);
- plugin->mask |= OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY);
+ plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL);
+ plugin->mask |= OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY);
- ovpn_note("vpn endpoint type=%s",plugin->type == CLIENT ? "client":"server");
+ ovpn_note("vpn endpoint type=%s",plugin->type == CLIENT ? "client" : "server");
- rv->type_mask = plugin->mask;
- rv->handle = (void *)plugin;
+ rv->type_mask = plugin->mask;
+ rv->handle = (void *)plugin;
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
static void
session_user_set(struct session *sess, X509 *x509)
{
- int fn_nid;
- ASN1_OBJECT *fn;
- ASN1_STRING *val;
- X509_NAME *x509_name;
- X509_NAME_ENTRY *ent;
- const char *objbuf;
-
- x509_name = X509_get_subject_name (x509);
- int i, n = X509_NAME_entry_count (x509_name);
- for (i = 0; i < n; ++i)
+ int fn_nid;
+ ASN1_OBJECT *fn;
+ ASN1_STRING *val;
+ X509_NAME *x509_name;
+ X509_NAME_ENTRY *ent;
+ const char *objbuf;
+
+ x509_name = X509_get_subject_name(x509);
+ int i, n = X509_NAME_entry_count(x509_name);
+ for (i = 0; i < n; ++i)
{
- if (!(ent = X509_NAME_get_entry (x509_name, i)))
- continue;
- if (!(fn = X509_NAME_ENTRY_get_object (ent)))
- continue;
- if (!(val = X509_NAME_ENTRY_get_data (ent)))
- continue;
- if ((fn_nid = OBJ_obj2nid (fn)) == NID_undef)
- continue;
- if (!(objbuf = OBJ_nid2sn (fn_nid)))
- continue;
- /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- unsigned char *buf = (unsigned char *)1;
- if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
- continue;
-
- if (!strncasecmp(objbuf, "CN", 2))
- snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf);
-
- OPENSSL_free (buf);
+ if (!(ent = X509_NAME_get_entry(x509_name, i)))
+ {
+ continue;
+ }
+ if (!(fn = X509_NAME_ENTRY_get_object(ent)))
+ {
+ continue;
+ }
+ if (!(val = X509_NAME_ENTRY_get_data(ent)))
+ {
+ continue;
+ }
+ if ((fn_nid = OBJ_obj2nid(fn)) == NID_undef)
+ {
+ continue;
+ }
+ if (!(objbuf = OBJ_nid2sn(fn_nid)))
+ {
+ continue;
+ }
+ /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
+ unsigned char *buf = (unsigned char *)1;
+ if (ASN1_STRING_to_UTF8(&buf, val) <= 0)
+ {
+ continue;
+ }
+
+ if (!strncasecmp(objbuf, "CN", 2))
+ {
+ snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf);
+ }
+
+ OPENSSL_free(buf);
}
}
static int
tls_verify(struct openvpn_plugin_args_func_in const *args)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- /* we store cert subject for the server end point only */
- if (plugin->type != SERVER)
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ /* we store cert subject for the server end point only */
+ if (plugin->type != SERVER)
+ {
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
- if (!args->current_cert) {
- ovpn_err("this example plugin requires client certificate");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
+ if (!args->current_cert)
+ {
+ ovpn_err("this example plugin requires client certificate");
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
- session_user_set(sess, args->current_cert);
+ session_user_set(sess, args->current_cert);
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
static void
file_store(char *file, char *content)
{
- FILE *f;
- if (!(f = fopen(file, "w+")))
- return;
+ FILE *f;
+ if (!(f = fopen(file, "w+")))
+ {
+ return;
+ }
- fprintf(f, "%s", content);
- fclose(f);
+ fprintf(f, "%s", content);
+ fclose(f);
}
static void
server_store(struct openvpn_plugin_args_func_in const *args)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- char file[MAXPATH];
- snprintf(file, sizeof(file) - 1, "/tmp/openvpn_sso_%s", sess->key);
- ovpn_note("app session file: %s", file);
- file_store(file, sess->user);
+ char file[MAXPATH];
+ snprintf(file, sizeof(file) - 1, "/tmp/openvpn_sso_%s", sess->key);
+ ovpn_note("app session file: %s", file);
+ file_store(file, sess->user);
}
static void
client_store(struct openvpn_plugin_args_func_in const *args)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- char *file = "/tmp/openvpn_sso_user";
- ovpn_note("app session file: %s", file);
- file_store(file, sess->key);
+ char *file = "/tmp/openvpn_sso_user";
+ ovpn_note("app session file: %s", file);
+ file_store(file, sess->key);
}
static int
tls_final(struct openvpn_plugin_args_func_in const *args,
struct openvpn_plugin_args_func_return *rv)
{
- struct plugin *plugin = (struct plugin *)args->handle;
- struct session *sess = (struct session *)args->per_client_context;
-
- const char *key;
- if (!(key = get_env ("exported_keying_material", args->envp)))
- return OPENVPN_PLUGIN_FUNC_ERROR;
-
- snprintf(sess->key, sizeof(sess->key) - 1, "%s", key);
- ovpn_note("app session key: %s", sess->key);
-
- switch (plugin->type) {
- case SERVER:
- server_store(args);
- break;
- case CLIENT:
- client_store(args);
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- }
+ struct plugin *plugin = (struct plugin *)args->handle;
+ struct session *sess = (struct session *)args->per_client_context;
- ovpn_note("app session user: %s", sess->user);
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ const char *key;
+ if (!(key = get_env("exported_keying_material", args->envp)))
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
+ snprintf(sess->key, sizeof(sess->key) - 1, "%s", key);
+ ovpn_note("app session key: %s", sess->key);
+
+ switch (plugin->type) {
+ case SERVER:
+ server_store(args);
+ break;
+
+ case CLIENT:
+ client_store(args);
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
+
+ ovpn_note("app session user: %s", sess->user);
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT int
-openvpn_plugin_func_v3 (const int version,
- struct openvpn_plugin_args_func_in const *args,
- struct openvpn_plugin_args_func_return *rv)
+openvpn_plugin_func_v3(const int version,
+ struct openvpn_plugin_args_func_in const *args,
+ struct openvpn_plugin_args_func_return *rv)
{
- switch(args->type) {
- case OPENVPN_PLUGIN_TLS_VERIFY:
- return tls_verify(args);
- case OPENVPN_PLUGIN_TLS_FINAL:
- return tls_final(args, rv);
- }
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ switch (args->type) {
+ case OPENVPN_PLUGIN_TLS_VERIFY:
+ return tls_verify(args);
+
+ case OPENVPN_PLUGIN_TLS_FINAL:
+ return tls_final(args, rv);
+ }
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT void *
openvpn_plugin_client_constructor_v1(openvpn_plugin_handle_t handle)
{
- struct plugin *plugin = (struct plugin *)handle;
- struct session *sess = calloc (1, sizeof(*sess));
+ struct plugin *plugin = (struct plugin *)handle;
+ struct session *sess = calloc(1, sizeof(*sess));
- ovpn_note("app session created");
+ ovpn_note("app session created");
- return (void *)sess;
+ return (void *)sess;
}
OPENVPN_EXPORT void
openvpn_plugin_client_destructor_v1(openvpn_plugin_handle_t handle, void *ctx)
{
- struct plugin *plugin = (struct plugin *)handle;
- struct session *sess = (struct session *)ctx;
+ struct plugin *plugin = (struct plugin *)handle;
+ struct session *sess = (struct session *)ctx;
- ovpn_note("app session key: %s", sess->key);
- ovpn_note("app session destroyed");
+ ovpn_note("app session key: %s", sess->key);
+ ovpn_note("app session destroyed");
- free (sess);
+ free(sess);
}
OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
+openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
{
- struct plugin *plugin = (struct plugin *)handle;
- free (plugin);
+ struct plugin *plugin = (struct plugin *)handle;
+ free(plugin);
}
diff --git a/sample/sample-plugins/log/log.c b/sample/sample-plugins/log/log.c
index 1cc4650..0201628 100644
--- a/sample/sample-plugins/log/log.c
+++ b/sample/sample-plugins/log/log.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -39,8 +39,8 @@
* Our context, where we keep our state.
*/
struct plugin_context {
- const char *username;
- const char *password;
+ const char *username;
+ const char *password;
};
/*
@@ -49,136 +49,154 @@ struct plugin_context {
* if found or NULL otherwise.
*/
static const char *
-get_env (const char *name, const char *envp[])
+get_env(const char *name, const char *envp[])
{
- if (envp)
+ if (envp)
{
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
+ int i;
+ const int namelen = strlen(name);
+ for (i = 0; envp[i]; ++i)
+ {
+ if (!strncmp(envp[i], name, namelen))
+ {
+ const char *cp = envp[i] + namelen;
+ if (*cp == '=')
+ {
+ return cp + 1;
+ }
+ }
+ }
}
- return NULL;
+ return NULL;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
+openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
{
- struct plugin_context *context;
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
- return (openvpn_plugin_handle_t) context;
+ struct plugin_context *context;
+
+ /*
+ * Allocate our context
+ */
+ context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context));
+
+ /*
+ * Set the username/password we will require.
+ */
+ context->username = "foo";
+ context->password = "bar";
+
+ /*
+ * Which callbacks to intercept.
+ */
+ *type_mask =
+ OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL);
+
+ return (openvpn_plugin_handle_t) context;
}
void
-show (const int type, const char *argv[], const char *envp[])
+show(const int type, const char *argv[], const char *envp[])
{
- size_t i;
- switch (type)
+ size_t i;
+ switch (type)
{
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
+ case OPENVPN_PLUGIN_UP:
+ printf("OPENVPN_PLUGIN_UP\n");
+ break;
+
+ case OPENVPN_PLUGIN_DOWN:
+ printf("OPENVPN_PLUGIN_DOWN\n");
+ break;
+
+ case OPENVPN_PLUGIN_ROUTE_UP:
+ printf("OPENVPN_PLUGIN_ROUTE_UP\n");
+ break;
+
+ case OPENVPN_PLUGIN_IPCHANGE:
+ printf("OPENVPN_PLUGIN_IPCHANGE\n");
+ break;
+
+ case OPENVPN_PLUGIN_TLS_VERIFY:
+ printf("OPENVPN_PLUGIN_TLS_VERIFY\n");
+ break;
+
+ case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
+ printf("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
+ break;
+
+ case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
+ printf("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
+ break;
+
+ case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
+ printf("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
+ break;
+
+ case OPENVPN_PLUGIN_LEARN_ADDRESS:
+ printf("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
+ break;
+
+ case OPENVPN_PLUGIN_TLS_FINAL:
+ printf("OPENVPN_PLUGIN_TLS_FINAL\n");
+ break;
+
+ default:
+ printf("OPENVPN_PLUGIN_?\n");
+ break;
}
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
+ printf("ARGV\n");
+ for (i = 0; argv[i] != NULL; ++i)
+ printf("%d '%s'\n", (int)i, argv[i]);
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
+ printf("ENVP\n");
+ for (i = 0; envp[i] != NULL; ++i)
+ printf("%d '%s'\n", (int)i, envp[i]);
}
OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
+openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
{
- struct plugin_context *context = (struct plugin_context *) handle;
+ struct plugin_context *context = (struct plugin_context *) handle;
- show (type, argv, envp);
+ show(type, argv, envp);
- /* check entered username/password against what we require */
- if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ /* check entered username/password against what we require */
+ if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ {
+ /* get username/password from envp string array */
+ const char *username = get_env("username", envp);
+ const char *password = get_env("password", envp);
+
+ if (username && !strcmp(username, context->username)
+ && password && !strcmp(password, context->password))
+ {
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+ }
+ else
{
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
+openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
+ struct plugin_context *context = (struct plugin_context *) handle;
+ free(context);
}
diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c
index 275b1e7..9037225 100644
--- a/sample/sample-plugins/log/log_v3.c
+++ b/sample/sample-plugins/log/log_v3.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
* Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
@@ -44,8 +44,8 @@
* Our context, where we keep our state.
*/
struct plugin_context {
- const char *username;
- const char *password;
+ const char *username;
+ const char *password;
};
/*
@@ -54,205 +54,238 @@ struct plugin_context {
* if found or NULL otherwise.
*/
static const char *
-get_env (const char *name, const char *envp[])
+get_env(const char *name, const char *envp[])
{
- if (envp)
+ if (envp)
{
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
+ int i;
+ const int namelen = strlen(name);
+ for (i = 0; envp[i]; ++i)
+ {
+ if (!strncmp(envp[i], name, namelen))
+ {
+ const char *cp = envp[i] + namelen;
+ if (*cp == '=')
+ {
+ return cp + 1;
+ }
+ }
+ }
}
- return NULL;
+ return NULL;
}
OPENVPN_EXPORT int
-openvpn_plugin_open_v3 (const int v3structver,
- struct openvpn_plugin_args_open_in const *args,
- struct openvpn_plugin_args_open_return *ret)
+openvpn_plugin_open_v3(const int v3structver,
+ struct openvpn_plugin_args_open_in const *args,
+ struct openvpn_plugin_args_open_return *ret)
{
- struct plugin_context *context = NULL;
-
- /* Check that we are API compatible */
- if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) {
- printf("log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-
- if( args->ssl_api != SSLAPI_OPENSSL ) {
- printf("This plug-in can only be used against OpenVPN with OpenSSL\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-
- /* Print some version information about the OpenVPN process using this plug-in */
- printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n",
- args->ovpn_version, args->ovpn_version_major,
- args->ovpn_version_minor, args->ovpn_version_patch);
-
- /* Which callbacks to intercept. */
- ret->type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
-
- /* Allocate our context */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /* Set the username/password we will require. */
- context->username = "foo";
- context->password = "bar";
-
- /* Point the global context handle to our newly created context */
- ret->handle = (void *) context;
-
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ struct plugin_context *context = NULL;
+
+ /* Check that we are API compatible */
+ if (v3structver != OPENVPN_PLUGINv3_STRUCTVER)
+ {
+ printf("log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n");
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
+ if (args->ssl_api != SSLAPI_OPENSSL)
+ {
+ printf("This plug-in can only be used against OpenVPN with OpenSSL\n");
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
+ /* Print some version information about the OpenVPN process using this plug-in */
+ printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n",
+ args->ovpn_version, args->ovpn_version_major,
+ args->ovpn_version_minor, args->ovpn_version_patch);
+
+ /* Which callbacks to intercept. */
+ ret->type_mask =
+ OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS)
+ |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL);
+
+
+ /* Allocate our context */
+ context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context));
+
+ /* Set the username/password we will require. */
+ context->username = "foo";
+ context->password = "bar";
+
+ /* Point the global context handle to our newly created context */
+ ret->handle = (void *) context;
+
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
void
-show (const int type, const char *argv[], const char *envp[])
+show(const int type, const char *argv[], const char *envp[])
{
- size_t i;
- switch (type)
+ size_t i;
+ switch (type)
{
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
+ case OPENVPN_PLUGIN_UP:
+ printf("OPENVPN_PLUGIN_UP\n");
+ break;
+
+ case OPENVPN_PLUGIN_DOWN:
+ printf("OPENVPN_PLUGIN_DOWN\n");
+ break;
+
+ case OPENVPN_PLUGIN_ROUTE_UP:
+ printf("OPENVPN_PLUGIN_ROUTE_UP\n");
+ break;
+
+ case OPENVPN_PLUGIN_IPCHANGE:
+ printf("OPENVPN_PLUGIN_IPCHANGE\n");
+ break;
+
+ case OPENVPN_PLUGIN_TLS_VERIFY:
+ printf("OPENVPN_PLUGIN_TLS_VERIFY\n");
+ break;
+
+ case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
+ printf("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
+ break;
+
+ case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
+ printf("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
+ break;
+
+ case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
+ printf("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
+ break;
+
+ case OPENVPN_PLUGIN_LEARN_ADDRESS:
+ printf("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
+ break;
+
+ case OPENVPN_PLUGIN_TLS_FINAL:
+ printf("OPENVPN_PLUGIN_TLS_FINAL\n");
+ break;
+
+ default:
+ printf("OPENVPN_PLUGIN_?\n");
+ break;
}
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
+ printf("ARGV\n");
+ for (i = 0; argv[i] != NULL; ++i)
+ printf("%d '%s'\n", (int)i, argv[i]);
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
+ printf("ENVP\n");
+ for (i = 0; envp[i] != NULL; ++i)
+ printf("%d '%s'\n", (int)i, envp[i]);
}
static void
-x509_print_info (X509 *x509crt)
+x509_print_info(X509 *x509crt)
{
- int i, n;
- int fn_nid;
- ASN1_OBJECT *fn;
- ASN1_STRING *val;
- X509_NAME *x509_name;
- X509_NAME_ENTRY *ent;
- const char *objbuf;
- unsigned char *buf;
-
- x509_name = X509_get_subject_name (x509crt);
- n = X509_NAME_entry_count (x509_name);
- for (i = 0; i < n; ++i)
+ int i, n;
+ int fn_nid;
+ ASN1_OBJECT *fn;
+ ASN1_STRING *val;
+ X509_NAME *x509_name;
+ X509_NAME_ENTRY *ent;
+ const char *objbuf;
+ unsigned char *buf;
+
+ x509_name = X509_get_subject_name(x509crt);
+ n = X509_NAME_entry_count(x509_name);
+ for (i = 0; i < n; ++i)
{
- ent = X509_NAME_get_entry (x509_name, i);
- if (!ent)
- continue;
- fn = X509_NAME_ENTRY_get_object (ent);
- if (!fn)
- continue;
- val = X509_NAME_ENTRY_get_data (ent);
- if (!val)
- continue;
- fn_nid = OBJ_obj2nid (fn);
- if (fn_nid == NID_undef)
- continue;
- objbuf = OBJ_nid2sn (fn_nid);
- if (!objbuf)
- continue;
- buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
- continue;
-
- printf("X509 %s: %s\n", objbuf, (char *)buf);
- OPENSSL_free (buf);
+ ent = X509_NAME_get_entry(x509_name, i);
+ if (!ent)
+ {
+ continue;
+ }
+ fn = X509_NAME_ENTRY_get_object(ent);
+ if (!fn)
+ {
+ continue;
+ }
+ val = X509_NAME_ENTRY_get_data(ent);
+ if (!val)
+ {
+ continue;
+ }
+ fn_nid = OBJ_obj2nid(fn);
+ if (fn_nid == NID_undef)
+ {
+ continue;
+ }
+ objbuf = OBJ_nid2sn(fn_nid);
+ if (!objbuf)
+ {
+ continue;
+ }
+ buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
+ if (ASN1_STRING_to_UTF8(&buf, val) <= 0)
+ {
+ continue;
+ }
+
+ printf("X509 %s: %s\n", objbuf, (char *)buf);
+ OPENSSL_free(buf);
}
}
OPENVPN_EXPORT int
-openvpn_plugin_func_v3 (const int version,
- struct openvpn_plugin_args_func_in const *args,
- struct openvpn_plugin_args_func_return *retptr)
+openvpn_plugin_func_v3(const int version,
+ struct openvpn_plugin_args_func_in const *args,
+ struct openvpn_plugin_args_func_return *retptr)
{
- struct plugin_context *context = (struct plugin_context *) args->handle;
+ struct plugin_context *context = (struct plugin_context *) args->handle;
- printf("\nopenvpn_plugin_func_v3() :::::>> ");
- show (args->type, args->argv, args->envp);
+ printf("\nopenvpn_plugin_func_v3() :::::>> ");
+ show(args->type, args->argv, args->envp);
+
+ /* Dump some X509 information if we're in the TLS_VERIFY phase */
+ if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert)
+ {
+ printf("---- X509 Subject information ----\n");
+ printf("Certificate depth: %i\n", args->current_cert_depth);
+ x509_print_info(args->current_cert);
+ printf("----------------------------------\n");
+ }
- /* Dump some X509 information if we're in the TLS_VERIFY phase */
- if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert ) {
- printf("---- X509 Subject information ----\n");
- printf("Certificate depth: %i\n", args->current_cert_depth);
- x509_print_info(args->current_cert);
- printf("----------------------------------\n");
- }
+ /* check entered username/password against what we require */
+ if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ {
+ /* get username/password from envp string array */
+ const char *username = get_env("username", args->envp);
+ const char *password = get_env("password", args->envp);
- /* check entered username/password against what we require */
- if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ if (username && !strcmp(username, context->username)
+ && password && !strcmp(password, context->password))
+ {
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+ }
+ else
{
- /* get username/password from envp string array */
- const char *username = get_env ("username", args->envp);
- const char *password = get_env ("password", args->envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
+openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
+ struct plugin_context *context = (struct plugin_context *) handle;
+ free(context);
}
diff --git a/sample/sample-plugins/simple/simple.c b/sample/sample-plugins/simple/simple.c
index f26d89f..f595333 100644
--- a/sample/sample-plugins/simple/simple.c
+++ b/sample/sample-plugins/simple/simple.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -41,8 +41,8 @@
* Our context, where we keep our state.
*/
struct plugin_context {
- const char *username;
- const char *password;
+ const char *username;
+ const char *password;
};
/*
@@ -51,70 +51,76 @@ struct plugin_context {
* if found or NULL otherwise.
*/
static const char *
-get_env (const char *name, const char *envp[])
+get_env(const char *name, const char *envp[])
{
- if (envp)
+ if (envp)
{
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
+ int i;
+ const int namelen = strlen(name);
+ for (i = 0; envp[i]; ++i)
+ {
+ if (!strncmp(envp[i], name, namelen))
+ {
+ const char *cp = envp[i] + namelen;
+ if (*cp == '=')
+ {
+ return cp + 1;
+ }
+ }
+ }
}
- return NULL;
+ return NULL;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
+openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
{
- struct plugin_context *context;
+ struct plugin_context *context;
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
+ /*
+ * Allocate our context
+ */
+ context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context));
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
+ /*
+ * Set the username/password we will require.
+ */
+ context->username = "foo";
+ context->password = "bar";
- /*
- * We are only interested in intercepting the
- * --auth-user-pass-verify callback.
- */
- *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
+ /*
+ * We are only interested in intercepting the
+ * --auth-user-pass-verify callback.
+ */
+ *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
- return (openvpn_plugin_handle_t) context;
+ return (openvpn_plugin_handle_t) context;
}
OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
+openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
{
- struct plugin_context *context = (struct plugin_context *) handle;
+ struct plugin_context *context = (struct plugin_context *) handle;
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
+ /* get username/password from envp string array */
+ const char *username = get_env("username", envp);
+ const char *password = get_env("password", envp);
- /* check entered username/password against what we require */
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
+ /* check entered username/password against what we require */
+ if (username && !strcmp(username, context->username)
+ && password && !strcmp(password, context->password))
+ {
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+ }
+ else
+ {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
}
OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
+openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
+ struct plugin_context *context = (struct plugin_context *) handle;
+ free(context);
}