Added OPENVPN_PLUGIN_TLS_FINAL plugin callback.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@862 e7ae566f-a301-0410-adde-c780ea21d3b5
2024-11-28 04:03:51 +08:00 · 2005-12-28 06:58:19 +00:00 · 2005-12-28 06:58:19 +00:00 · d92819fa1a
commit d92819fa1a
parent 1147885939
3 changed files with 15 additions and 2 deletions
--- a/openvpn-plugin.h
+++ b/openvpn-plugin.h
@ -38,7 +38,8 @@
 #define OPENVPN_PLUGIN_CLIENT_DISCONNECT     7
 #define OPENVPN_PLUGIN_LEARN_ADDRESS         8
 #define OPENVPN_PLUGIN_CLIENT_CONNECT_V2     9
-#define OPENVPN_PLUGIN_N                     10
+#define OPENVPN_PLUGIN_TLS_FINAL             10
+#define OPENVPN_PLUGIN_N                     11

 /*
 * Build a mask out of a set of plug-in types.
--- a/plugin.c
+++ b/plugin.c
@ -87,6 +87,8 @@ plugin_type_name (const int type)
      return "PLUGIN_CLIENT_DISCONNECT";
    case OPENVPN_PLUGIN_LEARN_ADDRESS:
      return "PLUGIN_LEARN_ADDRESS";
+    case OPENVPN_PLUGIN_TLS_FINAL:
+      return "PLUGIN_TLS_FINAL";
    default:
      return "PLUGIN_???";
    }
--- a/ssl.c
+++ b/ssl.c
@ -3087,7 +3087,17 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
  buf_clear (buf);

  /*
-   * generate tunnel keys if client
+   * Call OPENVPN_PLUGIN_TLS_FINAL plugin if defined, for final
+   * veto opportunity over authentication decision.
+   */
+  if (ks->authenticated && plugin_defined (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL))
+    {
+      if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es))
+	ks->authenticated = false;
+    }
+
+  /*
+   * Generate tunnel keys if client
   */
  if (!session->opt->server)
    {