diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/Makefile.am | 2 | ||||
-rw-r--r-- | include/Makefile.in | 18 | ||||
-rw-r--r-- | include/openvpn-msg.h | 20 | ||||
-rw-r--r-- | include/openvpn-plugin.h | 80 | ||||
-rw-r--r-- | include/openvpn-plugin.h.in | 76 |
5 files changed, 113 insertions, 83 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index 484e4e1..bd4f21d 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> +# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net> # Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> # diff --git a/include/Makefile.in b/include/Makefile.in index 67fbbc8..ed52b3d 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> +# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net> # Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> # @@ -164,8 +164,8 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(includedir)" HEADERS = $(include_HEADERS) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ - $(LISP)openvpn-plugin.h.in +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \ + openvpn-plugin.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. @@ -198,7 +198,8 @@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CMAKE = @CMAKE@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -212,6 +213,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ENABLE_UNITTESTS = @ENABLE_UNITTESTS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GIT = @GIT@ @@ -239,7 +241,6 @@ LZ4_LIBS = @LZ4_LIBS@ LZO_CFLAGS = @LZO_CFLAGS@ LZO_LIBS = @LZO_LIBS@ MAKEINFO = @MAKEINFO@ -MAN2HTML = @MAN2HTML@ MANIFEST_TOOL = @MANIFEST_TOOL@ MBEDTLS_CFLAGS = @MBEDTLS_CFLAGS@ MBEDTLS_LIBS = @MBEDTLS_LIBS@ @@ -290,6 +291,8 @@ PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@ RANLIB = @RANLIB@ RC = @RC@ ROUTE = @ROUTE@ +RST2HTML = @RST2HTML@ +RST2MAN = @RST2MAN@ SED = @SED@ SELINUX_LIBS = @SELINUX_LIBS@ SET_MAKE = @SET_MAKE@ @@ -353,6 +356,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h index 66177a2..83344ee 100644 --- a/include/openvpn-msg.h +++ b/include/openvpn-msg.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2013-2018 Heiko Hund <heiko.hund@sophos.com> + * Copyright (C) 2013-2021 Heiko Hund <heiko.hund@sophos.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -39,6 +39,8 @@ typedef enum { msg_del_block_dns, msg_register_dns, msg_enable_dhcp, + msg_register_ring_buffers, + msg_set_mtu } message_type_t; typedef struct { @@ -117,4 +119,20 @@ typedef struct { interface_t iface; } enable_dhcp_message_t; +typedef struct { + message_header_t header; + HANDLE device; + HANDLE send_ring_handle; + HANDLE receive_ring_handle; + HANDLE send_tail_moved; + HANDLE receive_tail_moved; +} register_ring_buffers_message_t; + +typedef struct { + message_header_t header; + interface_t iface; + short family; + int mtu; +} set_mtu_message_t; + #endif /* ifndef OPENVPN_MSG_H_ */ diff --git a/include/openvpn-plugin.h b/include/openvpn-plugin.h index 03399f9..934248d 100644 --- a/include/openvpn-plugin.h +++ b/include/openvpn-plugin.h @@ -6,7 +6,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> + * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -27,7 +27,6 @@ #define OPENVPN_PLUGIN_VERSION 3 -#ifdef ENABLE_CRYPTO #ifdef ENABLE_CRYPTO_MBEDTLS #include <mbedtls/x509_crt.h> #ifndef __OPENVPN_X509_CERT_T_DECLARED @@ -41,7 +40,6 @@ typedef mbedtls_x509_crt openvpn_x509_cert_t; typedef X509 openvpn_x509_cert_t; #endif #endif -#endif #include <stdarg.h> #include <stddef.h> @@ -54,8 +52,8 @@ extern "C" { * This is will not be the complete version */ #define OPENVPN_VERSION_MAJOR 2 -#define OPENVPN_VERSION_MINOR 4 -#define OPENVPN_VERSION_PATCH ".9" +#define OPENVPN_VERSION_MINOR 5 +#define OPENVPN_VERSION_PATCH ".4" /* * Plug-in types. These types correspond to the set of script callbacks @@ -119,20 +117,22 @@ extern "C" { * FUNC: openvpn_plugin_client_destructor_v1 (top-level "generic" client) * FUNC: openvpn_plugin_close_v1 */ -#define OPENVPN_PLUGIN_UP 0 -#define OPENVPN_PLUGIN_DOWN 1 -#define OPENVPN_PLUGIN_ROUTE_UP 2 -#define OPENVPN_PLUGIN_IPCHANGE 3 -#define OPENVPN_PLUGIN_TLS_VERIFY 4 -#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5 -#define OPENVPN_PLUGIN_CLIENT_CONNECT 6 -#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 -#define OPENVPN_PLUGIN_LEARN_ADDRESS 8 -#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 -#define OPENVPN_PLUGIN_TLS_FINAL 10 -#define OPENVPN_PLUGIN_ENABLE_PF 11 -#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12 -#define OPENVPN_PLUGIN_N 13 +#define OPENVPN_PLUGIN_UP 0 +#define OPENVPN_PLUGIN_DOWN 1 +#define OPENVPN_PLUGIN_ROUTE_UP 2 +#define OPENVPN_PLUGIN_IPCHANGE 3 +#define OPENVPN_PLUGIN_TLS_VERIFY 4 +#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5 +#define OPENVPN_PLUGIN_CLIENT_CONNECT 6 +#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 +#define OPENVPN_PLUGIN_LEARN_ADDRESS 8 +#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 +#define OPENVPN_PLUGIN_TLS_FINAL 10 +#define OPENVPN_PLUGIN_ENABLE_PF 11 +#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12 +#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER 13 +#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 14 +#define OPENVPN_PLUGIN_N 15 /* * Build a mask out of a set of plug-in types. @@ -424,9 +424,9 @@ struct openvpn_plugin_args_open_return * per_client_context : the per-client context pointer which was returned by * openvpn_plugin_client_constructor_v1, if defined. * - * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with ENABLE_CRYPTO defined) + * current_cert_depth : Certificate depth of the certificate being passed over * - * *current_cert : X509 Certificate object received from the client (only if compiled with ENABLE_CRYPTO defined) + * *current_cert : X509 Certificate object received from the client * */ struct openvpn_plugin_args_func_in @@ -436,13 +436,8 @@ struct openvpn_plugin_args_func_in const char **const envp; openvpn_plugin_handle_t handle; void *per_client_context; -#ifdef ENABLE_CRYPTO int current_cert_depth; openvpn_x509_cert_t *current_cert; -#else - int __current_cert_depth_disabled; /* Unused, for compatibility purposes only */ - void *__current_cert_disabled; /* Unused, for compatibility purposes only */ -#endif }; @@ -563,12 +558,21 @@ OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_op * OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure * * In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by - * OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY. This enables asynchronous - * authentication where the plugin (or one of its agents) may indicate - * authentication success/failure some number of seconds after the return - * of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single - * char to the file named by auth_control_file in the environmental variable - * list (envp). + * OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, OPENVPN_PLUGIN_CLIENT_CONNECT and + * OPENVPN_PLUGIN_CLIENT_CONNECT_V2. This enables asynchronous + * authentication or client connect where the plugin (or one of its agents) + * may indicate authentication success/failure or client configuration some + * number of seconds after the return of the function handler. + * For OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY and OPENVPN_PLUGIN_CLIENT_CONNECT + * this is done by writing a single char to the file named by + * auth_control_file/client_connect_deferred_file + * in the environmental variable list (envp). + * + * In addition the OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER and + * OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 are called when OpenVPN tries to + * get the deferred result. For a V2 call implementing this function is + * required as information is not passed by files. For the normal version + * the call is optional. * * first char of auth_control_file: * '0' -- indicates auth failure @@ -667,12 +671,12 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3) * ARGUMENTS * * version : fixed value, defines the API version of the OpenVPN plug-in API. The plug-in - * should validate that this value is matching the OPENVPN_PLUGIN_VERSION value. + * should validate that this value is matching the OPENVPN_PLUGINv3_STRUCTVER + * value. * - * handle : the openvpn_plugin_handle_t value which was returned by - * openvpn_plugin_open. + * arguments : Structure with all arguments available to the plug-in. * - * return_list : used to return data back to OpenVPN. + * retptr : used to return data back to OpenVPN. * * RETURN VALUE * @@ -733,8 +737,8 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3) * A given client or subnet rule applies to both incoming and outgoing * packets. * - * See plugin/defer/simple.c for an example on using asynchronous - * authentication and client-specific packet filtering. + * See sample/sample-plugins/defer/simple.c for an example on using + * asynchronous authentication and client-specific packet filtering. */ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v3) (const int version, diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in index a604f1c..7ee68bb 100644 --- a/include/openvpn-plugin.h.in +++ b/include/openvpn-plugin.h.in @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> + * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -26,7 +26,6 @@ #define OPENVPN_PLUGIN_VERSION 3 -#ifdef ENABLE_CRYPTO #ifdef ENABLE_CRYPTO_MBEDTLS #include <mbedtls/x509_crt.h> #ifndef __OPENVPN_X509_CERT_T_DECLARED @@ -40,7 +39,6 @@ typedef mbedtls_x509_crt openvpn_x509_cert_t; typedef X509 openvpn_x509_cert_t; #endif #endif -#endif #include <stdarg.h> #include <stddef.h> @@ -118,20 +116,22 @@ extern "C" { * FUNC: openvpn_plugin_client_destructor_v1 (top-level "generic" client) * FUNC: openvpn_plugin_close_v1 */ -#define OPENVPN_PLUGIN_UP 0 -#define OPENVPN_PLUGIN_DOWN 1 -#define OPENVPN_PLUGIN_ROUTE_UP 2 -#define OPENVPN_PLUGIN_IPCHANGE 3 -#define OPENVPN_PLUGIN_TLS_VERIFY 4 -#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5 -#define OPENVPN_PLUGIN_CLIENT_CONNECT 6 -#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 -#define OPENVPN_PLUGIN_LEARN_ADDRESS 8 -#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 -#define OPENVPN_PLUGIN_TLS_FINAL 10 -#define OPENVPN_PLUGIN_ENABLE_PF 11 -#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12 -#define OPENVPN_PLUGIN_N 13 +#define OPENVPN_PLUGIN_UP 0 +#define OPENVPN_PLUGIN_DOWN 1 +#define OPENVPN_PLUGIN_ROUTE_UP 2 +#define OPENVPN_PLUGIN_IPCHANGE 3 +#define OPENVPN_PLUGIN_TLS_VERIFY 4 +#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5 +#define OPENVPN_PLUGIN_CLIENT_CONNECT 6 +#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 +#define OPENVPN_PLUGIN_LEARN_ADDRESS 8 +#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 +#define OPENVPN_PLUGIN_TLS_FINAL 10 +#define OPENVPN_PLUGIN_ENABLE_PF 11 +#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12 +#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER 13 +#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 14 +#define OPENVPN_PLUGIN_N 15 /* * Build a mask out of a set of plug-in types. @@ -423,9 +423,9 @@ struct openvpn_plugin_args_open_return * per_client_context : the per-client context pointer which was returned by * openvpn_plugin_client_constructor_v1, if defined. * - * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with ENABLE_CRYPTO defined) + * current_cert_depth : Certificate depth of the certificate being passed over * - * *current_cert : X509 Certificate object received from the client (only if compiled with ENABLE_CRYPTO defined) + * *current_cert : X509 Certificate object received from the client * */ struct openvpn_plugin_args_func_in @@ -435,13 +435,8 @@ struct openvpn_plugin_args_func_in const char **const envp; openvpn_plugin_handle_t handle; void *per_client_context; -#ifdef ENABLE_CRYPTO int current_cert_depth; openvpn_x509_cert_t *current_cert; -#else - int __current_cert_depth_disabled; /* Unused, for compatibility purposes only */ - void *__current_cert_disabled; /* Unused, for compatibility purposes only */ -#endif }; @@ -562,12 +557,21 @@ OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_op * OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure * * In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by - * OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY. This enables asynchronous - * authentication where the plugin (or one of its agents) may indicate - * authentication success/failure some number of seconds after the return - * of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single - * char to the file named by auth_control_file in the environmental variable - * list (envp). + * OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, OPENVPN_PLUGIN_CLIENT_CONNECT and + * OPENVPN_PLUGIN_CLIENT_CONNECT_V2. This enables asynchronous + * authentication or client connect where the plugin (or one of its agents) + * may indicate authentication success/failure or client configuration some + * number of seconds after the return of the function handler. + * For OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY and OPENVPN_PLUGIN_CLIENT_CONNECT + * this is done by writing a single char to the file named by + * auth_control_file/client_connect_deferred_file + * in the environmental variable list (envp). + * + * In addition the OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER and + * OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 are called when OpenVPN tries to + * get the deferred result. For a V2 call implementing this function is + * required as information is not passed by files. For the normal version + * the call is optional. * * first char of auth_control_file: * '0' -- indicates auth failure @@ -666,12 +670,12 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3) * ARGUMENTS * * version : fixed value, defines the API version of the OpenVPN plug-in API. The plug-in - * should validate that this value is matching the OPENVPN_PLUGIN_VERSION value. + * should validate that this value is matching the OPENVPN_PLUGINv3_STRUCTVER + * value. * - * handle : the openvpn_plugin_handle_t value which was returned by - * openvpn_plugin_open. + * arguments : Structure with all arguments available to the plug-in. * - * return_list : used to return data back to OpenVPN. + * retptr : used to return data back to OpenVPN. * * RETURN VALUE * @@ -732,8 +736,8 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3) * A given client or subnet rule applies to both incoming and outgoing * packets. * - * See plugin/defer/simple.c for an example on using asynchronous - * authentication and client-specific packet filtering. + * See sample/sample-plugins/defer/simple.c for an example on using + * asynchronous authentication and client-specific packet filtering. */ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v3) (const int version, |