summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Sommerseth <dazo@users.sourceforge.net>2013-06-05 21:14:45 +0200
committerDavid Sommerseth <dazo@users.sourceforge.net>2013-06-05 21:30:39 +0200
commit0b9e183b2cbd4c1058e8fe4a5b0945d52285dd7e (patch)
treee75ef2bd91503de8540656fbf12df2eabdc1a378
parent6f80a314b634f63dee9f79b94a31df22e85836b2 (diff)
downloadeurephia-0b9e183b2cbd4c1058e8fe4a5b0945d52285dd7e.tar.gz
eurephia-0b9e183b2cbd4c1058e8fe4a5b0945d52285dd7e.tar.xz
eurephia-0b9e183b2cbd4c1058e8fe4a5b0945d52285dd7e.zip
plugin: Start the implementation of OpenVPN 2.3's plug-in API v3
These changes should provide both the v1 API and the new v3 API, depending on which OpenVPN is being used. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
-rw-r--r--plugin/eurephia-auth.c125
1 files changed, 121 insertions, 4 deletions
diff --git a/plugin/eurephia-auth.c b/plugin/eurephia-auth.c
index 97fb38f..47ee55e 100644
--- a/plugin/eurephia-auth.c
+++ b/plugin/eurephia-auth.c
@@ -1,7 +1,7 @@
/* eurephia-auth.c -- Main OpenVPN plug-in functions.
* The API level between OpenVPN and eurephia-auth
*
- * GPLv2 only - Copyright (C) 2008 - 2012
+ * GPLv2 only - Copyright (C) 2008 - 2013
* David Sommerseth <dazo@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or
@@ -179,7 +179,7 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[])
/**
* Prepares a eurephiaCTX (context) for the openvpn process and tells openvpn which hooks eurephia
- * will make use of.
+ * will make use of. This is used by OpenVPN 2.2.
*
* @param type_mask int pointer, containing the hooks eurephia will make use of
* @param argv arguments from the openvpn --plugin configuration option.
@@ -206,7 +206,7 @@ OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type
| OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS);
// Setup a eurephia context
- context = eurephiaInit(argv, envp);
+ context = eurephiaInit(argv, envp, NULL);
if( context ) {
// Make sure tunnel type is unknown
context->tuntype = tuntype_UNKN;
@@ -217,8 +217,54 @@ OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type
/**
+ * Prepares a eurephiaCTX (context) for the openvpn process and tells openvpn which hooks eurephia
+ * will make use of. This is used by OpenVPN 2.3 and newer, using the OpenVPN v3 plug-in API.
+ *
+ * @param type_mask int pointer, containing the hooks eurephia will make use of
+ * @param argv arguments from the openvpn --plugin configuration option.
+ * @param envp openvpn environmental table
+ *
+ * @return Returns a pointer to the eurephiaCTX.
+ */
+OPENVPN_EXPORT int openvpn_plugin_open_v3(const int apiversion,
+ struct openvpn_plugin_args_open_in const *arguments,
+ struct openvpn_plugin_args_open_return *ovpnret)
+{
+ eurephiaCTX *context = NULL;
+
+#ifdef MEMWATCH
+ mwStatistics(3);
+#warning MEMWATCH enabled
+#endif
+ // Check that we are API compatible
+ if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
+ // Define what will trigger eurephia
+ ovpnret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP)
+ | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY)
+ | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
+ | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
+ | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS);
+
+ // Setup a eurephia context
+ context = eurephiaInit(arguments->argv, arguments->envp, arguments->callbacks);
+ if( context ) {
+ // Make sure tunnel type is unknown at this point.
+ context->tuntype = tuntype_UNKN;
+ }
+ eurephia_log(context, LOG_INFO, 3, "Using OpenVPN plug-in v3 API");
+ ovpnret->handle = (void *) context;
+
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
+}
+
+
+/**
* On each hook defined in openvpn_plugin_open_v1(), this function will be called when
- * openvpn reaches that phase.
+ * openvpn reaches that phase. This is used by OpenVPN 2.2.
*
* @param handle Contains a pointer to the eurephiaCTX
* @param type What kind of event is openvpn processing now
@@ -287,6 +333,77 @@ OPENVPN_EXPORT int openvpn_plugin_func_v1(openvpn_plugin_handle_t handle,
/**
+ * On each hook defined in openvpn_plugin_open_v3(), this function will be called when
+ * openvpn reaches that phase. This is used by OpenVPN 2.3 or newer, using the
+ * OpenVPN v3 plug-in API.
+ *
+ * @param handle Contains a pointer to the eurephiaCTX
+ * @param type What kind of event is openvpn processing now
+ * @param argv openvpn arguments for the current event
+ * @param envp openvpn environmental table
+ *
+ * @return Returns OPENVPN_PLUGIN_FUNC_SUCCESS on success, otherwise OPENVPN_PLUGIN_FUNC_ERROR
+ */
+OPENVPN_EXPORT int openvpn_plugin_func_v3(const int apiver,
+ struct openvpn_plugin_args_func_in const *args,
+ struct openvpn_plugin_args_func_return *ovpn_return)
+{
+ eurephiaCTX *ctx = (eurephiaCTX *) args->handle;
+ int result = 0;
+
+ if( (ctx == NULL) || (ctx->dbc == NULL) || (ctx->dbc->dbhandle == NULL) ) {
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
+ DEBUG(ctx, 10, "openvpn_plugin_func_v3(ctx, %s, ...)", plugin_type_name(args->type));
+
+#ifdef ENABLE_DEBUG
+ if( (ctx->log->loglevel >= 30) && (ctx->log->logfile != NULL) ) {
+ dump_env(ctx->log->logfile, "ENV: ", args->envp);
+ dump_env(ctx->log->logfile, "ARG: ", args->argv);
+ }
+#endif
+
+ switch( args->type ) {
+ case OPENVPN_PLUGIN_UP:
+ // Figure out what kind of tunnel type we got.
+ result = detect_tunnel_type(ctx, args->envp);
+ if( result == 0 ) {
+ // If we cannot identify the tunnel type, we will anyway reject
+ // OpenVPN from starting up. In that case, shutdown eurephia properly
+ eurephiaShutdown(ctx);
+ }
+ break;
+
+ case OPENVPN_PLUGIN_TLS_VERIFY: // Validate certificates
+ result = eurephia_tlsverify(ctx, args->envp, args->argv[1]);
+ break;
+
+ case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: // Validate user name and password
+ result = eurephia_userauth(ctx, args->envp);
+ break;
+
+ case OPENVPN_PLUGIN_CLIENT_CONNECT: // Register login
+ result = eurephia_connect(ctx, args->envp);
+ break;
+
+ case OPENVPN_PLUGIN_CLIENT_DISCONNECT: // Register logout
+ result = eurephia_disconnect(ctx, args->envp);
+ break;
+
+ case OPENVPN_PLUGIN_LEARN_ADDRESS: // Log IP address, MAC address and update firewall
+ result = eurephia_learn_address(ctx, args->argv[1], args->argv[2], args->envp);
+ break;
+
+ default: // This should normally not be reached at all
+ eurephia_log(ctx, LOG_FATAL, 0, "Unknown OPENVPN_PLUGIN type: %i", args->type);
+ break;
+ }
+ return (result == 1 ? OPENVPN_PLUGIN_FUNC_SUCCESS : OPENVPN_PLUGIN_FUNC_ERROR);
+}
+
+
+/**
* Called when openvpn is shutting down. This makes sure that eurephia disconnects,
* unloads drivers and frees the memory it has been using.
*