diff options
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/eurephia-auth.c | 125 |
1 files changed, 121 insertions, 4 deletions
diff --git a/plugin/eurephia-auth.c b/plugin/eurephia-auth.c index 97fb38f..47ee55e 100644 --- a/plugin/eurephia-auth.c +++ b/plugin/eurephia-auth.c @@ -1,7 +1,7 @@ /* eurephia-auth.c -- Main OpenVPN plug-in functions. * The API level between OpenVPN and eurephia-auth * - * GPLv2 only - Copyright (C) 2008 - 2012 + * GPLv2 only - Copyright (C) 2008 - 2013 * David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or @@ -179,7 +179,7 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) /** * Prepares a eurephiaCTX (context) for the openvpn process and tells openvpn which hooks eurephia - * will make use of. + * will make use of. This is used by OpenVPN 2.2. * * @param type_mask int pointer, containing the hooks eurephia will make use of * @param argv arguments from the openvpn --plugin configuration option. @@ -206,7 +206,7 @@ OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS); // Setup a eurephia context - context = eurephiaInit(argv, envp); + context = eurephiaInit(argv, envp, NULL); if( context ) { // Make sure tunnel type is unknown context->tuntype = tuntype_UNKN; @@ -217,8 +217,54 @@ OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type /** + * Prepares a eurephiaCTX (context) for the openvpn process and tells openvpn which hooks eurephia + * will make use of. This is used by OpenVPN 2.3 and newer, using the OpenVPN v3 plug-in API. + * + * @param type_mask int pointer, containing the hooks eurephia will make use of + * @param argv arguments from the openvpn --plugin configuration option. + * @param envp openvpn environmental table + * + * @return Returns a pointer to the eurephiaCTX. + */ +OPENVPN_EXPORT int openvpn_plugin_open_v3(const int apiversion, + struct openvpn_plugin_args_open_in const *arguments, + struct openvpn_plugin_args_open_return *ovpnret) +{ + eurephiaCTX *context = NULL; + +#ifdef MEMWATCH + mwStatistics(3); +#warning MEMWATCH enabled +#endif + // Check that we are API compatible + if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + // Define what will trigger eurephia + ovpnret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS); + + // Setup a eurephia context + context = eurephiaInit(arguments->argv, arguments->envp, arguments->callbacks); + if( context ) { + // Make sure tunnel type is unknown at this point. + context->tuntype = tuntype_UNKN; + } + eurephia_log(context, LOG_INFO, 3, "Using OpenVPN plug-in v3 API"); + ovpnret->handle = (void *) context; + + return OPENVPN_PLUGIN_FUNC_SUCCESS; +} + + +/** * On each hook defined in openvpn_plugin_open_v1(), this function will be called when - * openvpn reaches that phase. + * openvpn reaches that phase. This is used by OpenVPN 2.2. * * @param handle Contains a pointer to the eurephiaCTX * @param type What kind of event is openvpn processing now @@ -287,6 +333,77 @@ OPENVPN_EXPORT int openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, /** + * On each hook defined in openvpn_plugin_open_v3(), this function will be called when + * openvpn reaches that phase. This is used by OpenVPN 2.3 or newer, using the + * OpenVPN v3 plug-in API. + * + * @param handle Contains a pointer to the eurephiaCTX + * @param type What kind of event is openvpn processing now + * @param argv openvpn arguments for the current event + * @param envp openvpn environmental table + * + * @return Returns OPENVPN_PLUGIN_FUNC_SUCCESS on success, otherwise OPENVPN_PLUGIN_FUNC_ERROR + */ +OPENVPN_EXPORT int openvpn_plugin_func_v3(const int apiver, + struct openvpn_plugin_args_func_in const *args, + struct openvpn_plugin_args_func_return *ovpn_return) +{ + eurephiaCTX *ctx = (eurephiaCTX *) args->handle; + int result = 0; + + if( (ctx == NULL) || (ctx->dbc == NULL) || (ctx->dbc->dbhandle == NULL) ) { + return OPENVPN_PLUGIN_FUNC_ERROR; + } + + DEBUG(ctx, 10, "openvpn_plugin_func_v3(ctx, %s, ...)", plugin_type_name(args->type)); + +#ifdef ENABLE_DEBUG + if( (ctx->log->loglevel >= 30) && (ctx->log->logfile != NULL) ) { + dump_env(ctx->log->logfile, "ENV: ", args->envp); + dump_env(ctx->log->logfile, "ARG: ", args->argv); + } +#endif + + switch( args->type ) { + case OPENVPN_PLUGIN_UP: + // Figure out what kind of tunnel type we got. + result = detect_tunnel_type(ctx, args->envp); + if( result == 0 ) { + // If we cannot identify the tunnel type, we will anyway reject + // OpenVPN from starting up. In that case, shutdown eurephia properly + eurephiaShutdown(ctx); + } + break; + + case OPENVPN_PLUGIN_TLS_VERIFY: // Validate certificates + result = eurephia_tlsverify(ctx, args->envp, args->argv[1]); + break; + + case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: // Validate user name and password + result = eurephia_userauth(ctx, args->envp); + break; + + case OPENVPN_PLUGIN_CLIENT_CONNECT: // Register login + result = eurephia_connect(ctx, args->envp); + break; + + case OPENVPN_PLUGIN_CLIENT_DISCONNECT: // Register logout + result = eurephia_disconnect(ctx, args->envp); + break; + + case OPENVPN_PLUGIN_LEARN_ADDRESS: // Log IP address, MAC address and update firewall + result = eurephia_learn_address(ctx, args->argv[1], args->argv[2], args->envp); + break; + + default: // This should normally not be reached at all + eurephia_log(ctx, LOG_FATAL, 0, "Unknown OPENVPN_PLUGIN type: %i", args->type); + break; + } + return (result == 1 ? OPENVPN_PLUGIN_FUNC_SUCCESS : OPENVPN_PLUGIN_FUNC_ERROR); +} + + +/** * Called when openvpn is shutting down. This makes sure that eurephia disconnects, * unloads drivers and frees the memory it has been using. * |