From 9683f890944ffb114f5f8214f694e0b339cf5a5a Mon Sep 17 00:00:00 2001 From: Alberto Gonzalez Iniesta Date: Thu, 22 Jun 2017 13:16:46 +0200 Subject: New upstream version 2.4.3 --- include/Makefile.in | 34 ++++++++++++++++++++++++++-------- include/openvpn-msg.h | 7 +++---- include/openvpn-plugin.h | 39 +++++++++++++++++++++++++++++---------- include/openvpn-plugin.h.in | 37 ++++++++++++++++++++++++++++--------- 4 files changed, 86 insertions(+), 31 deletions(-) (limited to 'include') diff --git a/include/Makefile.in b/include/Makefile.in index ebd3f24..c0d4bd2 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -26,7 +26,17 @@ # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -90,8 +100,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = include -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/openvpn-plugin.h.in $(include_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \ $(top_srcdir)/m4/ax_socklen_t.m4 \ @@ -102,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \ $(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(include_HEADERS) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h openvpn-plugin.h CONFIG_CLEAN_FILES = @@ -174,6 +184,7 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/openvpn-plugin.h.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -222,6 +233,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ LZ4_CFLAGS = @LZ4_CFLAGS@ LZ4_LIBS = @LZ4_LIBS@ LZO_CFLAGS = @LZO_CFLAGS@ @@ -270,6 +282,7 @@ PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGINDIR = @PLUGINDIR@ PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@ PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@ RANLIB = @RANLIB@ @@ -282,12 +295,14 @@ SHELL = @SHELL@ SOCKETS_LIBS = @SOCKETS_LIBS@ STRIP = @STRIP@ SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@ +SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ TAP_CFLAGS = @TAP_CFLAGS@ TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@ TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@ TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@ TEST_CFLAGS = @TEST_CFLAGS@ TEST_LDFLAGS = @TEST_LDFLAGS@ +TMPFILES_DIR = @TMPFILES_DIR@ VENDOR_BUILD_ROOT = @VENDOR_BUILD_ROOT@ VENDOR_DIST_ROOT = @VENDOR_DIST_ROOT@ VENDOR_SRC_ROOT = @VENDOR_SRC_ROOT@ @@ -344,7 +359,9 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ +tmpfilesdir = @tmpfilesdir@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @@ -372,7 +389,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign include/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -392,8 +408,8 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__aclocal_m4_deps): openvpn-plugin.h: stamp-h2 - @if test ! -f $@; then rm -f stamp-h2; else :; fi - @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h2; else :; fi + @test -f $@ || rm -f stamp-h2 + @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h2 stamp-h2: $(srcdir)/openvpn-plugin.h.in $(top_builddir)/config.status @rm -f stamp-h2 @@ -631,6 +647,8 @@ uninstall-am: uninstall-includeHEADERS mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-includeHEADERS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h index 5f3c96c..91e0ccc 100644 --- a/include/openvpn-msg.h +++ b/include/openvpn-msg.h @@ -16,10 +16,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef OPENVPN_MSG_H_ diff --git a/include/openvpn-plugin.h b/include/openvpn-plugin.h index 8ce8ea7..5cc5d42 100644 --- a/include/openvpn-plugin.h +++ b/include/openvpn-plugin.h @@ -17,10 +17,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef OPENVPN_PLUGIN_H_ @@ -45,6 +44,7 @@ typedef X509 openvpn_x509_cert_t; #endif #include +#include #ifdef __cplusplus extern "C" { @@ -55,7 +55,7 @@ extern "C" { */ #define OPENVPN_VERSION_MAJOR 2 #define OPENVPN_VERSION_MINOR 4 -#define OPENVPN_VERSION_PATCH ".0" +#define OPENVPN_VERSION_PATCH ".3" /* * Plug-in types. These types correspond to the set of script callbacks @@ -200,7 +200,8 @@ struct openvpn_plugin_string_list /* openvpn_plugin_{open,func}_v3() related structs */ -/* Defines version of the v3 plugin argument structs +/** + * Defines version of the v3 plugin argument structs * * Whenever one or more of these structs are modified, this constant * must be updated. A changelog should be appended in this comment @@ -219,8 +220,10 @@ struct openvpn_plugin_string_list * 3 Added ovpn_version, ovpn_version_major, ovpn_version_minor * and ovpn_version_patch to provide the runtime version of * OpenVPN to plug-ins. + * + * 4 Exported secure_memzero() as plugin_secure_memzero() */ -#define OPENVPN_PLUGINv3_STRUCTVER 3 +#define OPENVPN_PLUGINv3_STRUCTVER 4 /** * Definitions needed for the plug-in callback functions. @@ -256,9 +259,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags, const char *plugin_name, const char *format, va_list arglist) _ovpn_chk_fmt (3, 0); - /* #undef _ovpn_chk_fmt */ +/** + * Export of secure_memzero() to be used inside plug-ins + * + * @param data Pointer to data to zeroise + * @param len Length of data, in bytes + * + */ +typedef void (*plugin_secure_memzero_t)(void *data, size_t len); + + /** * Used by the openvpn_plugin_open_v3() function to pass callback * function pointers to the plug-in. @@ -268,11 +280,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags, * Messages will only be displayed if the plugin_name parameter * is set. PLOG_DEBUG messages will only be displayed with plug-in * debug log verbosity (at the time of writing that's verb >= 7). + * + * plugin_secure_memzero + * : Use this function to securely wipe sensitive information from + * memory. This function is declared in a way that the compiler + * will not remove these function calls during the compiler + * optimization phase. */ struct openvpn_plugin_callbacks { plugin_log_t plugin_log; plugin_vlog_t plugin_vlog; + plugin_secure_memzero_t plugin_secure_memzero; }; /** @@ -329,12 +348,12 @@ struct openvpn_plugin_args_open_in * * STRUCT MEMBERS * - * *type_mask : The plug-in should set this value to the logical OR of all script + * type_mask : The plug-in should set this value to the logical OR of all script * types which the plug-in wants to intercept. For example, if the * script wants to intercept the client-connect and client-disconnect * script types: * - * *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) + * type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) * | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) * * *handle : Pointer to a global plug-in context, created by the plug-in. This pointer diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in index 0b30352..f29b3a0 100644 --- a/include/openvpn-plugin.h.in +++ b/include/openvpn-plugin.h.in @@ -16,10 +16,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef OPENVPN_PLUGIN_H_ @@ -44,6 +43,7 @@ typedef X509 openvpn_x509_cert_t; #endif #include +#include #ifdef __cplusplus extern "C" { @@ -199,7 +199,8 @@ struct openvpn_plugin_string_list /* openvpn_plugin_{open,func}_v3() related structs */ -/* Defines version of the v3 plugin argument structs +/** + * Defines version of the v3 plugin argument structs * * Whenever one or more of these structs are modified, this constant * must be updated. A changelog should be appended in this comment @@ -218,8 +219,10 @@ struct openvpn_plugin_string_list * 3 Added ovpn_version, ovpn_version_major, ovpn_version_minor * and ovpn_version_patch to provide the runtime version of * OpenVPN to plug-ins. + * + * 4 Exported secure_memzero() as plugin_secure_memzero() */ -#define OPENVPN_PLUGINv3_STRUCTVER 3 +#define OPENVPN_PLUGINv3_STRUCTVER 4 /** * Definitions needed for the plug-in callback functions. @@ -255,9 +258,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags, const char *plugin_name, const char *format, va_list arglist) _ovpn_chk_fmt (3, 0); - #undef _ovpn_chk_fmt +/** + * Export of secure_memzero() to be used inside plug-ins + * + * @param data Pointer to data to zeroise + * @param len Length of data, in bytes + * + */ +typedef void (*plugin_secure_memzero_t)(void *data, size_t len); + + /** * Used by the openvpn_plugin_open_v3() function to pass callback * function pointers to the plug-in. @@ -267,11 +279,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags, * Messages will only be displayed if the plugin_name parameter * is set. PLOG_DEBUG messages will only be displayed with plug-in * debug log verbosity (at the time of writing that's verb >= 7). + * + * plugin_secure_memzero + * : Use this function to securely wipe sensitive information from + * memory. This function is declared in a way that the compiler + * will not remove these function calls during the compiler + * optimization phase. */ struct openvpn_plugin_callbacks { plugin_log_t plugin_log; plugin_vlog_t plugin_vlog; + plugin_secure_memzero_t plugin_secure_memzero; }; /** @@ -328,12 +347,12 @@ struct openvpn_plugin_args_open_in * * STRUCT MEMBERS * - * *type_mask : The plug-in should set this value to the logical OR of all script + * type_mask : The plug-in should set this value to the logical OR of all script * types which the plug-in wants to intercept. For example, if the * script wants to intercept the client-connect and client-disconnect * script types: * - * *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) + * type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) * | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) * * *handle : Pointer to a global plug-in context, created by the plug-in. This pointer -- cgit v1.2.3