8 files changed, 234 insertions, 15 deletions
diff --git a/sample/Makefile.am b/sample/Makefile.am
index 58ae965..3be698e 100644
--- a/sample/Makefile.am
+++ b/sample/Makefile.am
@@ -5,7 +5,7 @@
 #             packet encryption, packet authentication, and
 #             packet compression.
 #
-#  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 #  Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
 #
 
diff --git a/sample/Makefile.in b/sample/Makefile.in
index 839d2cf..89367b0 100644
--- a/sample/Makefile.in
+++ b/sample/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -21,12 +21,22 @@
 #             packet encryption, packet authentication, and
 #             packet compression.
 #
-#  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 #  Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
 #
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -90,7 +100,6 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = sample
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
 	$(top_srcdir)/m4/ax_socklen_t.m4 \
@@ -101,6 +110,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
 	$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h \
 	$(top_builddir)/include/openvpn-plugin.h
@@ -155,6 +165,7 @@ am__uninstall_files_from_dir = { \
 am__installdirs = "$(DESTDIR)$(sampledir)"
 DATA = $(sample_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -203,6 +214,7 @@ LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 LZ4_CFLAGS = @LZ4_CFLAGS@
 LZ4_LIBS = @LZ4_LIBS@
 LZO_CFLAGS = @LZO_CFLAGS@
@@ -364,14 +376,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign sample/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --foreign sample/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -416,7 +427,10 @@ ctags CTAGS:
 cscope cscopelist:
 
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -564,6 +578,8 @@ uninstall-am: uninstall-sampleDATA
 	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
 	ps ps-am tags-am uninstall uninstall-am uninstall-sampleDATA
 
+.PRECIOUS: Makefile
+
 
 @WIN32_TRUE@client.ovpn: sample-config-files/client.conf
 @WIN32_TRUE@	-rm -f client.ovpn
diff --git a/sample/sample-plugins/defer/simple.c b/sample/sample-plugins/defer/simple.c
index 4960497..d18695b 100644
--- a/sample/sample-plugins/defer/simple.c
+++ b/sample/sample-plugins/defer/simple.c
@@ -5,7 +5,7 @@
  *             packet encryption, packet authentication, and
  *             packet compression.
  *
- *  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
index c483907..5d3ca14 100644
--- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
+++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
@@ -5,7 +5,7 @@
  *             packet encryption, packet authentication, and
  *             packet compression.
  *
- *  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
diff --git a/sample/sample-plugins/log/log.c b/sample/sample-plugins/log/log.c
index c59027f..ecf62c0 100644
--- a/sample/sample-plugins/log/log.c
+++ b/sample/sample-plugins/log/log.c
@@ -5,7 +5,7 @@
  *             packet encryption, packet authentication, and
  *             packet compression.
  *
- *  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c
index f913a19..c972951 100644
--- a/sample/sample-plugins/log/log_v3.c
+++ b/sample/sample-plugins/log/log_v3.c
@@ -5,7 +5,7 @@
  *             packet encryption, packet authentication, and
  *             packet compression.
  *
- *  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
  *  Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net>
  *
  *  This program is free software; you can redistribute it and/or modify
diff --git a/sample/sample-plugins/simple/base64.c b/sample/sample-plugins/simple/base64.c
new file mode 100644
index 0000000..bd95e79
--- /dev/null
+++ b/sample/sample-plugins/simple/base64.c
@@ -0,0 +1,203 @@
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ *             over a single TCP/UDP port, with support for SSL/TLS-based
+ *             session authentication and key exchange,
+ *             packet encryption, packet authentication, and
+ *             packet compression.
+ *
+ *  Copyright (C) 2017  David Sommerseth <davids@openvpn.net>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "openvpn-plugin.h"
+
+#define PLUGIN_NAME "base64.c"
+
+/* Exported plug-in v3 API functions */
+plugin_log_t ovpn_log = NULL;                      /**< Pointer to the OpenVPN log function.  See plugin_log() */
+plugin_vlog_t ovpn_vlog = NULL;                    /**< Pointer to the OpenVPN vlog function. See plugin_vlog() */
+plugin_base64_encode_t ovpn_base64_encode = NULL;  /**< Pointer to the openvpn_base64_encode () function */
+plugin_base64_decode_t ovpn_base64_decode = NULL;  /**< Pointer to the openvpn_base64_decode () function */
+
+/**
+ * Search the environment pointer for a specific env var name
+ *
+ * PLEASE NOTE! The result is not valid outside the local
+ * scope of the calling function.  Once the calling function
+ * returns, any returned pointers are invalid.
+ *
+ * @param name  String containing the env.var name to search for
+ * @param envp  String array pointer to the environment variable
+ *
+ * @return Returns a pointer to the value in the environment variable
+ *         table on successful match.  Otherwise NULL is returned
+ *
+ */
+static const char *
+get_env(const char *name, const char *envp[])
+{
+    if (envp)
+    {
+        int i;
+        const int namelen = strlen(name);
+        for (i = 0; envp[i]; ++i)
+        {
+            if (!strncmp(envp[i], name, namelen))
+            {
+                const char *cp = envp[i] + namelen;
+                if (*cp == '=')
+                {
+                    return cp + 1;
+                }
+            }
+        }
+    }
+    return NULL;
+}
+
+
+/**
+ * This function is called when OpenVPN loads the plug-in.
+ * The purpose is to initialize the plug-in and tell OpenVPN
+ * which plug-in hooks this plug-in wants to be involved in
+ *
+ * For the arguments, see the include/openvpn-plugin.h file
+ * for details on the function parameters
+ *
+ * @param v3structver  An integer containing the API version of
+ *                     the plug-in structs OpenVPN uses
+ * @param args         A pointer to the argument struct for
+ *                     information and features provided by
+ *                     OpenVPN to the plug-in
+ * @param ret          A pointer to the struct OpenVPN uses to
+ *                     receive information back from the plug-in
+ *
+ * @return Must return OPENVPN_PLUGIN_FUNC_SUCCESS when everything
+ *         completed successfully.  Otherwise it must be returned
+ *         OPENVPN_PLUGIN_FUNC_ERROR, which will stop OpenVPN
+ *         from running
+ *
+ */
+OPENVPN_EXPORT int
+openvpn_plugin_open_v3(const int v3structver,
+                       struct openvpn_plugin_args_open_in const *args,
+                       struct openvpn_plugin_args_open_return *ret)
+{
+    /* Check that we are API compatible */
+    if (v3structver != OPENVPN_PLUGINv3_STRUCTVER)
+    {
+        printf("base64.c: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n");
+        return OPENVPN_PLUGIN_FUNC_ERROR;
+    }
+
+    /*  Which callbacks to intercept.  */
+    ret->type_mask =
+        OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY)
+        |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2);
+
+    /* we don't need a plug-in context in this example, but OpenVPN expects "something" */
+    ret->handle = calloc(1, 1);
+
+    /* Hook into the exported functions from OpenVPN */
+    ovpn_log = args->callbacks->plugin_log;
+    ovpn_vlog = args->callbacks->plugin_vlog;
+    ovpn_base64_encode = args->callbacks->plugin_base64_encode;
+    ovpn_base64_decode = args->callbacks->plugin_base64_decode;
+
+    /* Print some version information about the OpenVPN process using this plug-in */
+    ovpn_log(PLOG_NOTE, PLUGIN_NAME, "OpenVPN %s  (Major: %i, Minor: %i, Patch: %s)\n",
+             args->ovpn_version, args->ovpn_version_major,
+             args->ovpn_version_minor, args->ovpn_version_patch);
+
+    return OPENVPN_PLUGIN_FUNC_SUCCESS;
+}
+
+
+/**
+ * This function is called by OpenVPN each time the OpenVPN reaches
+ * a point where plug-in calls should happen.  It only happens for those
+ * plug-in hooks enabled in openvpn_plugin_open_v3().
+ *
+ * For the arguments, see the include/openvpn-plugin.h file
+ * for details on the function parameters
+ *
+ * @param args        Pointer to a struct with details about the plug-in
+ *                    call from the main OpenVPN process.
+ * @param returndata  Pointer to a struct where the plug-in can provide
+ *                    information back to OpenVPN to be processed
+ *
+ * @return  Must return OPENVPN_PLUGIN_FUNC_SUCCESS or
+ *          OPENVPN_PLUGIN_FUNC_DEFERRED on success.  Otherwise it
+ *          should return OPENVPN_FUNC_ERROR, which will stop and reject
+ *          the client session from progressing.
+ *
+ */
+
+OPENVPN_EXPORT int
+openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
+{
+    if (type != OPENVPN_PLUGIN_TLS_VERIFY
+        && type != OPENVPN_PLUGIN_CLIENT_CONNECT_V2)
+    {
+        ovpn_log(PLOG_ERR, PLUGIN_NAME, "Unsupported plug-in hook call attempted");
+        return OPENVPN_PLUGIN_FUNC_ERROR;
+    }
+
+    /* get username/password from envp string array */
+    const char *clcert_cn = get_env("X509_0_CN", envp);
+    if (!clcert_cn)
+    {
+        /* Ignore certificate checks not being a client certificate */
+        return OPENVPN_PLUGIN_FUNC_SUCCESS;
+    }
+
+    /* test the BASE64 encode function */
+    char *buf = NULL;
+    int r = ovpn_base64_encode(clcert_cn, strlen(clcert_cn), &buf);
+    ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 encoded '%s' (return value %i):  '%s'",
+             clcert_cn, r, buf);
+
+    /* test the BASE64 decode function */
+    char buf2[256] = {0};
+    r = ovpn_base64_decode(buf, &buf2, 255);
+    ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 decoded '%s' (return value %i):  '%s'",
+             buf, r, buf2);
+
+    /* Verify the result, and free the buffer allocated by ovpn_base64_encode() */
+    r = strcmp(clcert_cn, buf2);
+    free(buf);
+
+    return (r == 0) ? OPENVPN_PLUGIN_FUNC_SUCCESS : OPENVPN_PLUGIN_FUNC_ERROR;
+}
+
+
+/**
+ * This cleans up the last part of the plug-in, allows it to
+ * shut down cleanly and release the plug-in global context buffer
+ *
+ * @param handle   Pointer to the plug-in global context buffer, which
+ *                 need to be released by this function
+ */
+OPENVPN_EXPORT void
+openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
+{
+    struct plugin_context *context = (struct plugin_context *) handle;
+    free(context);
+}
diff --git a/sample/sample-plugins/simple/simple.c b/sample/sample-plugins/simple/simple.c
index 0a05240..950c547 100644
--- a/sample/sample-plugins/simple/simple.c
+++ b/sample/sample-plugins/simple/simple.c
@@ -5,7 +5,7 @@
  *             packet encryption, packet authentication, and
  *             packet compression.
  *
- *  Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2