From 4afa7ed562410a1170223a7bc06efb3708af6a36 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Sun, 4 Mar 2018 22:55:51 +0100 Subject: New upstream version 2.4.5 --- sample/Makefile.am | 2 +- sample/Makefile.in | 26 +++++++++++++++++----- sample/sample-plugins/defer/simple.c | 2 +- .../keyingmaterialexporter.c | 2 +- sample/sample-plugins/log/log.c | 2 +- sample/sample-plugins/log/log_v3.c | 2 +- sample/sample-plugins/simple/simple.c | 2 +- 7 files changed, 26 insertions(+), 12 deletions(-) (limited to 'sample') diff --git a/sample/Makefile.am b/sample/Makefile.am index 58ae965..3be698e 100644 --- a/sample/Makefile.am +++ b/sample/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2017 OpenVPN Technologies, Inc. +# Copyright (C) 2002-2018 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # diff --git a/sample/Makefile.in b/sample/Makefile.in index 839d2cf..a130be4 100644 --- a/sample/Makefile.in +++ b/sample/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,12 +21,22 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2017 OpenVPN Technologies, Inc. +# Copyright (C) 2002-2018 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -90,7 +100,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = sample -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \ $(top_srcdir)/m4/ax_socklen_t.m4 \ @@ -101,6 +110,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \ $(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h \ $(top_builddir)/include/openvpn-plugin.h @@ -155,6 +165,7 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(sampledir)" DATA = $(sample_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -203,6 +214,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ LZ4_CFLAGS = @LZ4_CFLAGS@ LZ4_LIBS = @LZ4_LIBS@ LZO_CFLAGS = @LZO_CFLAGS@ @@ -323,6 +335,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ @@ -364,7 +377,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign sample/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign sample/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -564,6 +576,8 @@ uninstall-am: uninstall-sampleDATA mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags-am uninstall uninstall-am uninstall-sampleDATA +.PRECIOUS: Makefile + @WIN32_TRUE@client.ovpn: sample-config-files/client.conf @WIN32_TRUE@ -rm -f client.ovpn diff --git a/sample/sample-plugins/defer/simple.c b/sample/sample-plugins/defer/simple.c index 4960497..d18695b 100644 --- a/sample/sample-plugins/defer/simple.c +++ b/sample/sample-plugins/defer/simple.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2018 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c index c483907..5d3ca14 100644 --- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c +++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2018 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/sample/sample-plugins/log/log.c b/sample/sample-plugins/log/log.c index c59027f..ecf62c0 100644 --- a/sample/sample-plugins/log/log.c +++ b/sample/sample-plugins/log/log.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2018 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c index f913a19..c972951 100644 --- a/sample/sample-plugins/log/log_v3.c +++ b/sample/sample-plugins/log/log_v3.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2018 OpenVPN Inc * Copyright (C) 2010 David Sommerseth * * This program is free software; you can redistribute it and/or modify diff --git a/sample/sample-plugins/simple/simple.c b/sample/sample-plugins/simple/simple.c index 0a05240..950c547 100644 --- a/sample/sample-plugins/simple/simple.c +++ b/sample/sample-plugins/simple/simple.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2018 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 -- cgit v1.2.3 From 87356242baf10c8b2a94d9013e436ed2a0dada53 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Wed, 20 Feb 2019 14:11:46 +0100 Subject: New upstream version 2.4.7 --- sample/Makefile.in | 14 ++- sample/sample-plugins/simple/base64.c | 203 ++++++++++++++++++++++++++++++++++ 2 files changed, 211 insertions(+), 6 deletions(-) create mode 100644 sample/sample-plugins/simple/base64.c (limited to 'sample') diff --git a/sample/Makefile.in b/sample/Makefile.in index a130be4..89367b0 100644 --- a/sample/Makefile.in +++ b/sample/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -335,7 +335,6 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ @@ -382,8 +381,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -428,7 +427,10 @@ ctags CTAGS: cscope cscopelist: -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ diff --git a/sample/sample-plugins/simple/base64.c b/sample/sample-plugins/simple/base64.c new file mode 100644 index 0000000..bd95e79 --- /dev/null +++ b/sample/sample-plugins/simple/base64.c @@ -0,0 +1,203 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2017 David Sommerseth + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include +#include +#include + +#include "openvpn-plugin.h" + +#define PLUGIN_NAME "base64.c" + +/* Exported plug-in v3 API functions */ +plugin_log_t ovpn_log = NULL; /**< Pointer to the OpenVPN log function. See plugin_log() */ +plugin_vlog_t ovpn_vlog = NULL; /**< Pointer to the OpenVPN vlog function. See plugin_vlog() */ +plugin_base64_encode_t ovpn_base64_encode = NULL; /**< Pointer to the openvpn_base64_encode () function */ +plugin_base64_decode_t ovpn_base64_decode = NULL; /**< Pointer to the openvpn_base64_decode () function */ + +/** + * Search the environment pointer for a specific env var name + * + * PLEASE NOTE! The result is not valid outside the local + * scope of the calling function. Once the calling function + * returns, any returned pointers are invalid. + * + * @param name String containing the env.var name to search for + * @param envp String array pointer to the environment variable + * + * @return Returns a pointer to the value in the environment variable + * table on successful match. Otherwise NULL is returned + * + */ +static const char * +get_env(const char *name, const char *envp[]) +{ + if (envp) + { + int i; + const int namelen = strlen(name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp(envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + { + return cp + 1; + } + } + } + } + return NULL; +} + + +/** + * This function is called when OpenVPN loads the plug-in. + * The purpose is to initialize the plug-in and tell OpenVPN + * which plug-in hooks this plug-in wants to be involved in + * + * For the arguments, see the include/openvpn-plugin.h file + * for details on the function parameters + * + * @param v3structver An integer containing the API version of + * the plug-in structs OpenVPN uses + * @param args A pointer to the argument struct for + * information and features provided by + * OpenVPN to the plug-in + * @param ret A pointer to the struct OpenVPN uses to + * receive information back from the plug-in + * + * @return Must return OPENVPN_PLUGIN_FUNC_SUCCESS when everything + * completed successfully. Otherwise it must be returned + * OPENVPN_PLUGIN_FUNC_ERROR, which will stop OpenVPN + * from running + * + */ +OPENVPN_EXPORT int +openvpn_plugin_open_v3(const int v3structver, + struct openvpn_plugin_args_open_in const *args, + struct openvpn_plugin_args_open_return *ret) +{ + /* Check that we are API compatible */ + if (v3structver != OPENVPN_PLUGINv3_STRUCTVER) + { + printf("base64.c: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + /* Which callbacks to intercept. */ + ret->type_mask = + OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2); + + /* we don't need a plug-in context in this example, but OpenVPN expects "something" */ + ret->handle = calloc(1, 1); + + /* Hook into the exported functions from OpenVPN */ + ovpn_log = args->callbacks->plugin_log; + ovpn_vlog = args->callbacks->plugin_vlog; + ovpn_base64_encode = args->callbacks->plugin_base64_encode; + ovpn_base64_decode = args->callbacks->plugin_base64_decode; + + /* Print some version information about the OpenVPN process using this plug-in */ + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", + args->ovpn_version, args->ovpn_version_major, + args->ovpn_version_minor, args->ovpn_version_patch); + + return OPENVPN_PLUGIN_FUNC_SUCCESS; +} + + +/** + * This function is called by OpenVPN each time the OpenVPN reaches + * a point where plug-in calls should happen. It only happens for those + * plug-in hooks enabled in openvpn_plugin_open_v3(). + * + * For the arguments, see the include/openvpn-plugin.h file + * for details on the function parameters + * + * @param args Pointer to a struct with details about the plug-in + * call from the main OpenVPN process. + * @param returndata Pointer to a struct where the plug-in can provide + * information back to OpenVPN to be processed + * + * @return Must return OPENVPN_PLUGIN_FUNC_SUCCESS or + * OPENVPN_PLUGIN_FUNC_DEFERRED on success. Otherwise it + * should return OPENVPN_FUNC_ERROR, which will stop and reject + * the client session from progressing. + * + */ + +OPENVPN_EXPORT int +openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) +{ + if (type != OPENVPN_PLUGIN_TLS_VERIFY + && type != OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + { + ovpn_log(PLOG_ERR, PLUGIN_NAME, "Unsupported plug-in hook call attempted"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + /* get username/password from envp string array */ + const char *clcert_cn = get_env("X509_0_CN", envp); + if (!clcert_cn) + { + /* Ignore certificate checks not being a client certificate */ + return OPENVPN_PLUGIN_FUNC_SUCCESS; + } + + /* test the BASE64 encode function */ + char *buf = NULL; + int r = ovpn_base64_encode(clcert_cn, strlen(clcert_cn), &buf); + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 encoded '%s' (return value %i): '%s'", + clcert_cn, r, buf); + + /* test the BASE64 decode function */ + char buf2[256] = {0}; + r = ovpn_base64_decode(buf, &buf2, 255); + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 decoded '%s' (return value %i): '%s'", + buf, r, buf2); + + /* Verify the result, and free the buffer allocated by ovpn_base64_encode() */ + r = strcmp(clcert_cn, buf2); + free(buf); + + return (r == 0) ? OPENVPN_PLUGIN_FUNC_SUCCESS : OPENVPN_PLUGIN_FUNC_ERROR; +} + + +/** + * This cleans up the last part of the plug-in, allows it to + * shut down cleanly and release the plug-in global context buffer + * + * @param handle Pointer to the plug-in global context buffer, which + * need to be released by this function + */ +OPENVPN_EXPORT void +openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) +{ + struct plugin_context *context = (struct plugin_context *) handle; + free(context); +} -- cgit v1.2.3