mirrors/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-11-27 11:43:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for the plugin system:

Browse Source 
- Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins
 - Fixed example plugin code to include USE_SSL when needed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
This commit is contained in:
Adriaan de Jong 2011-07-07 09:21:03 +02:00 committed by David Sommerseth
parent 557624e0a7
commit 1876ccd012
11 changed files with 83 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
init.c
View File

@ -1337,7 +1337,7 @@ do_route (const struct options *options,
if (plugin_defined (plugins, OPENVPN_PLUGIN_ROUTE_UP))
{
if (plugin_call (plugins, OPENVPN_PLUGIN_ROUTE_UP, NULL, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (plugins, OPENVPN_PLUGIN_ROUTE_UP, NULL, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_WARN, "WARNING: route-up plugin call failed");
}

2
misc.c
View File

@ -213,7 +213,7 @@ run_up_down (const char *command,
ifconfig_local, ifconfig_remote,
context);
if (plugin_call (plugins, plugin_type, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (plugins, plugin_type, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_FATAL, "ERROR: up/down plugin call failed");
argv_reset (&argv);

8
multi.c
View File

@ -91,7 +91,7 @@ learn_address_script (const struct multi_context *m,
mroute_addr_print (addr, &gc));
if (mi)
argv_printf_cat (&argv, "%s", tls_common_name (mi->context.c2.tls_multi, false));
if (plugin_call (plugins, OPENVPN_PLUGIN_LEARN_ADDRESS, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (plugins, OPENVPN_PLUGIN_LEARN_ADDRESS, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
msg (M_WARN, "WARNING: learn-address plugin call failed");
ret = false;
@ -476,7 +476,7 @@ multi_client_disconnect_script (struct multi_context *m,
if (plugin_defined (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT))
{
if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT, NULL, NULL, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT, NULL, NULL, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_WARN, "WARNING: client-disconnect plugin call failed");
}
@ -1668,7 +1668,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
}
argv_printf (&argv, "%s", dc_file);
if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT, &argv, NULL, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT, &argv, NULL, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
msg (M_WARN, "WARNING: client-connect plugin call failed");
cc_succeeded = false;
@ -1689,7 +1689,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
plugin_return_init (&pr);
if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, NULL, &pr, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, NULL, &pr, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
msg (M_WARN, "WARNING: client-connect-v2 plugin call failed");
cc_succeeded = false;

18
openvpn-plugin.h
View File

@ -25,12 +25,15 @@
#ifndef OPENVPN_PLUGIN_H_
#define OPENVPN_PLUGIN_H_
#ifdef USE_OPENSSL
#ifdef USE_SSL
#if defined(USE_OPENSSL)
#include "ssl_verify_openssl.h"
#endif
#ifdef USE_POLARSSL
#elif defined(USE_POLARSSL)
#include "ssl_verify_polarssl.h"
#else
#error "Either USE_OPENSSL or USE_POLARSSL should be defined"
#endif
#endif /*USE_SSL*/
#define OPENVPN_PLUGIN_VERSION 3
@ -267,9 +270,9 @@ struct openvpn_plugin_args_open_return
* *per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*
* current_cert_depth : Certificate depth of the certificate being passed over
* current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with USE_SSL defined)
*
* *current_cert : X509 Certificate object received from the client
* *current_cert : X509 Certificate object received from the client (only if compiled with USE_SSL defined)
*
*/
struct openvpn_plugin_args_func_in
@ -279,8 +282,13 @@ struct openvpn_plugin_args_func_in
const char ** const envp;
openvpn_plugin_handle_t handle;
void *per_client_context;
#ifdef USE_SSL
int current_cert_depth;
x509_cert_t *current_cert;
#else
int current_cert_depth; /* Unused, for compatibility purposes only */
void *current_cert; /* Unused, for compatibility purposes only */
#endif
};

2
pf.c
View File

@ -563,7 +563,7 @@ pf_init_context (struct context *c)
if( pf_file ) {
setenv_str (c->c2.es, "pf_file", pf_file);
if (plugin_call (c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es, -1, NULL) == OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es) == OPENVPN_PLUGIN_FUNC_SUCCESS)
{
event_timeout_init (&c->c2.pf.reload, 1, now);
c->c2.pf.filename = string_alloc (pf_file, NULL);

39
plugin.c
View File

@ -345,9 +345,12 @@ plugin_call_item (const struct plugin *p,
const int type,
const struct argv *av,
struct openvpn_plugin_string_list **retlist,
const char **envp,
int certdepth,
x509_cert_t *current_cert)
const char **envp
#ifdef USE_SSL
, int certdepth,
x509_cert_t *current_cert
#endif
)
{
int status = OPENVPN_PLUGIN_FUNC_SUCCESS;
@ -372,8 +375,15 @@ plugin_call_item (const struct plugin *p,
(const char ** const) envp,
p->plugin_handle,
per_client_context,
(current_cert ? certdepth : -1),
current_cert };
#ifdef USE_SSL
(current_cert ? certdepth : -1),
current_cert
#else
-1,
NULL
#endif
};
struct openvpn_plugin_args_func_return retargs;
CLEAR(retargs);
@ -570,13 +580,16 @@ plugin_list_open (struct plugin_list *pl,
}
int
plugin_call (const struct plugin_list *pl,
plugin_call_ssl (const struct plugin_list *pl,
const int type,
const struct argv *av,
struct plugin_return *pr,
struct env_set *es,
int certdepth,
x509_cert_t *current_cert)
struct env_set *es
#ifdef USE_SSL
, int certdepth,
x509_cert_t *current_cert
#endif
)
{
if (pr)
plugin_return_init (pr);
@ -601,8 +614,12 @@ plugin_call (const struct plugin_list *pl,
type,
av,
pr ? &pr->list[i] : NULL,
envp,
certdepth, current_cert);
envp
#ifdef USE_SSL
,certdepth,
current_cert
#endif
);
switch (status)
{
case OPENVPN_PLUGIN_FUNC_SUCCESS:

35
plugin.h
View File

@ -116,13 +116,31 @@ void plugin_list_open (struct plugin_list *pl,
struct plugin_list *plugin_list_inherit (const struct plugin_list *src);
int plugin_call (const struct plugin_list *pl,
static inline int
plugin_call(const struct plugin_list *pl,
const int type,
const struct argv *av,
struct plugin_return *pr,
struct env_set *es)
{
return plugin_call_ssl(pl, type, av, pr, es
#ifdef USE_SSL
-1, NULL
#endif
);
}
int plugin_call_ssl (const struct plugin_list *pl,
const int type,
const struct argv *av,
struct plugin_return *pr,
struct env_set *es,
int current_cert_depth,
x509_cert_t *current_cert);
struct env_set *es
#ifdef USE_SSL
, int current_cert_depth,
x509_cert_t *current_cert
#endif
);
void plugin_list_close (struct plugin_list *pl);
bool plugin_defined (const struct plugin_list *pl, const int type);
@ -174,9 +192,12 @@ plugin_call (const struct plugin_list *pl,
const int type,
const struct argv *av,
struct plugin_return *pr,
struct env_set *es,
int current_cert_depth,
x509_cert_t *current_cert)
struct env_set *es
#ifdef USE_SSL
, int current_cert_depth,
x509_cert_t *current_cert
#endif
)
{
return 0;
}

3
plugin/examples/log_v3.c
View File

@ -36,6 +36,9 @@
#include <string.h>
#include <stdlib.h>
#define USE_SSL
#define USE_OPENSSL
#include "openvpn-plugin.h"
/*

2
socket.c
View File

@ -2117,7 +2117,7 @@ link_socket_connection_initiated (const struct buffer *buf,
{
struct argv argv = argv_new ();
ipchange_fmt (false, &argv, info, &gc);
if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_WARN, "WARNING: ipchange plugin call failed");
argv_reset (&argv);
}

2
ssl.c
View File

@ -1943,7 +1943,7 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
*/
if (ks->authenticated && plugin_defined (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL))
{
if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
ks->authenticated = false;
}

4
ssl_verify.c
View File

@ -445,7 +445,7 @@ verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es,
argv_printf (&argv, "%d %s", cert_depth, subject);
ret = plugin_call (plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert);
ret = plugin_call_ssl (plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert);
argv_reset (&argv);
@ -1026,7 +1026,7 @@ verify_user_pass_plugin (struct tls_session *session, const struct user_pass *up
#endif
/* call command */
retval = plugin_call (session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, NULL, NULL, session->opt->es, -1, NULL);
retval = plugin_call (session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, NULL, NULL, session->opt->es);
#ifdef PLUGIN_DEF_AUTH
/* purge auth control filename (and file itself) for non-deferred returns */