diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-07-07 09:21:03 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-22 17:22:51 +0200 |
commit | 1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb (patch) | |
tree | 4ccb3c4e2c142dce66a95fef769af1196ba734e5 | |
parent | 557624e0a7282cf31cd3b58f8155f11f0517f254 (diff) | |
download | openvpn-1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb.tar.gz openvpn-1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb.tar.xz openvpn-1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb.zip |
Fixes for the plugin system:
- Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins
- Fixed example plugin code to include USE_SSL when needed
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
-rw-r--r-- | init.c | 2 | ||||
-rw-r--r-- | misc.c | 2 | ||||
-rw-r--r-- | multi.c | 8 | ||||
-rw-r--r-- | openvpn-plugin.h | 18 | ||||
-rw-r--r-- | pf.c | 2 | ||||
-rw-r--r-- | plugin.c | 39 | ||||
-rw-r--r-- | plugin.h | 35 | ||||
-rw-r--r-- | plugin/examples/log_v3.c | 3 | ||||
-rw-r--r-- | socket.c | 2 | ||||
-rw-r--r-- | ssl.c | 2 | ||||
-rw-r--r-- | ssl_verify.c | 4 |
11 files changed, 83 insertions, 34 deletions
@@ -1337,7 +1337,7 @@ do_route (const struct options *options, if (plugin_defined (plugins, OPENVPN_PLUGIN_ROUTE_UP)) { - if (plugin_call (plugins, OPENVPN_PLUGIN_ROUTE_UP, NULL, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (plugins, OPENVPN_PLUGIN_ROUTE_UP, NULL, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS) msg (M_WARN, "WARNING: route-up plugin call failed"); } @@ -213,7 +213,7 @@ run_up_down (const char *command, ifconfig_local, ifconfig_remote, context); - if (plugin_call (plugins, plugin_type, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (plugins, plugin_type, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS) msg (M_FATAL, "ERROR: up/down plugin call failed"); argv_reset (&argv); @@ -91,7 +91,7 @@ learn_address_script (const struct multi_context *m, mroute_addr_print (addr, &gc)); if (mi) argv_printf_cat (&argv, "%s", tls_common_name (mi->context.c2.tls_multi, false)); - if (plugin_call (plugins, OPENVPN_PLUGIN_LEARN_ADDRESS, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (plugins, OPENVPN_PLUGIN_LEARN_ADDRESS, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS) { msg (M_WARN, "WARNING: learn-address plugin call failed"); ret = false; @@ -476,7 +476,7 @@ multi_client_disconnect_script (struct multi_context *m, if (plugin_defined (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT)) { - if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT, NULL, NULL, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT, NULL, NULL, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS) msg (M_WARN, "WARNING: client-disconnect plugin call failed"); } @@ -1668,7 +1668,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi } argv_printf (&argv, "%s", dc_file); - if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT, &argv, NULL, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT, &argv, NULL, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS) { msg (M_WARN, "WARNING: client-connect plugin call failed"); cc_succeeded = false; @@ -1689,7 +1689,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi plugin_return_init (&pr); - if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, NULL, &pr, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, NULL, &pr, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS) { msg (M_WARN, "WARNING: client-connect-v2 plugin call failed"); cc_succeeded = false; diff --git a/openvpn-plugin.h b/openvpn-plugin.h index 9cce9d8..65a3ffd 100644 --- a/openvpn-plugin.h +++ b/openvpn-plugin.h @@ -25,12 +25,15 @@ #ifndef OPENVPN_PLUGIN_H_ #define OPENVPN_PLUGIN_H_ -#ifdef USE_OPENSSL +#ifdef USE_SSL +#if defined(USE_OPENSSL) #include "ssl_verify_openssl.h" -#endif -#ifdef USE_POLARSSL +#elif defined(USE_POLARSSL) #include "ssl_verify_polarssl.h" +#else +#error "Either USE_OPENSSL or USE_POLARSSL should be defined" #endif +#endif /*USE_SSL*/ #define OPENVPN_PLUGIN_VERSION 3 @@ -267,9 +270,9 @@ struct openvpn_plugin_args_open_return * *per_client_context : the per-client context pointer which was returned by * openvpn_plugin_client_constructor_v1, if defined. * - * current_cert_depth : Certificate depth of the certificate being passed over + * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with USE_SSL defined) * - * *current_cert : X509 Certificate object received from the client + * *current_cert : X509 Certificate object received from the client (only if compiled with USE_SSL defined) * */ struct openvpn_plugin_args_func_in @@ -279,8 +282,13 @@ struct openvpn_plugin_args_func_in const char ** const envp; openvpn_plugin_handle_t handle; void *per_client_context; +#ifdef USE_SSL int current_cert_depth; x509_cert_t *current_cert; +#else + int current_cert_depth; /* Unused, for compatibility purposes only */ + void *current_cert; /* Unused, for compatibility purposes only */ +#endif }; @@ -563,7 +563,7 @@ pf_init_context (struct context *c) if( pf_file ) { setenv_str (c->c2.es, "pf_file", pf_file); - if (plugin_call (c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es, -1, NULL) == OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es) == OPENVPN_PLUGIN_FUNC_SUCCESS) { event_timeout_init (&c->c2.pf.reload, 1, now); c->c2.pf.filename = string_alloc (pf_file, NULL); @@ -345,9 +345,12 @@ plugin_call_item (const struct plugin *p, const int type, const struct argv *av, struct openvpn_plugin_string_list **retlist, - const char **envp, - int certdepth, - x509_cert_t *current_cert) + const char **envp +#ifdef USE_SSL + , int certdepth, + x509_cert_t *current_cert +#endif + ) { int status = OPENVPN_PLUGIN_FUNC_SUCCESS; @@ -372,8 +375,15 @@ plugin_call_item (const struct plugin *p, (const char ** const) envp, p->plugin_handle, per_client_context, - (current_cert ? certdepth : -1), - current_cert }; +#ifdef USE_SSL + (current_cert ? certdepth : -1), + current_cert +#else + -1, + NULL +#endif + }; + struct openvpn_plugin_args_func_return retargs; CLEAR(retargs); @@ -570,13 +580,16 @@ plugin_list_open (struct plugin_list *pl, } int -plugin_call (const struct plugin_list *pl, +plugin_call_ssl (const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, - struct env_set *es, - int certdepth, - x509_cert_t *current_cert) + struct env_set *es +#ifdef USE_SSL + , int certdepth, + x509_cert_t *current_cert +#endif + ) { if (pr) plugin_return_init (pr); @@ -601,8 +614,12 @@ plugin_call (const struct plugin_list *pl, type, av, pr ? &pr->list[i] : NULL, - envp, - certdepth, current_cert); + envp +#ifdef USE_SSL + ,certdepth, + current_cert +#endif + ); switch (status) { case OPENVPN_PLUGIN_FUNC_SUCCESS: @@ -116,13 +116,31 @@ void plugin_list_open (struct plugin_list *pl, struct plugin_list *plugin_list_inherit (const struct plugin_list *src); -int plugin_call (const struct plugin_list *pl, + +static inline int +plugin_call(const struct plugin_list *pl, + const int type, + const struct argv *av, + struct plugin_return *pr, + struct env_set *es) +{ + return plugin_call_ssl(pl, type, av, pr, es +#ifdef USE_SSL + -1, NULL +#endif + ); +} + +int plugin_call_ssl (const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, - struct env_set *es, - int current_cert_depth, - x509_cert_t *current_cert); + struct env_set *es +#ifdef USE_SSL + , int current_cert_depth, + x509_cert_t *current_cert +#endif + ); void plugin_list_close (struct plugin_list *pl); bool plugin_defined (const struct plugin_list *pl, const int type); @@ -174,9 +192,12 @@ plugin_call (const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, - struct env_set *es, - int current_cert_depth, - x509_cert_t *current_cert) + struct env_set *es +#ifdef USE_SSL + , int current_cert_depth, + x509_cert_t *current_cert +#endif + ) { return 0; } diff --git a/plugin/examples/log_v3.c b/plugin/examples/log_v3.c index bf2f1dc..2dff6a6 100644 --- a/plugin/examples/log_v3.c +++ b/plugin/examples/log_v3.c @@ -36,6 +36,9 @@ #include <string.h> #include <stdlib.h> +#define USE_SSL +#define USE_OPENSSL + #include "openvpn-plugin.h" /* @@ -2117,7 +2117,7 @@ link_socket_connection_initiated (const struct buffer *buf, { struct argv argv = argv_new (); ipchange_fmt (false, &argv, info, &gc); - if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS) msg (M_WARN, "WARNING: ipchange plugin call failed"); argv_reset (&argv); } @@ -1943,7 +1943,7 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi */ if (ks->authenticated && plugin_defined (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL)) { - if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS) + if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es) != OPENVPN_PLUGIN_FUNC_SUCCESS) ks->authenticated = false; } diff --git a/ssl_verify.c b/ssl_verify.c index 8233147..8a9dc74 100644 --- a/ssl_verify.c +++ b/ssl_verify.c @@ -445,7 +445,7 @@ verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es, argv_printf (&argv, "%d %s", cert_depth, subject); - ret = plugin_call (plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert); + ret = plugin_call_ssl (plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert); argv_reset (&argv); @@ -1026,7 +1026,7 @@ verify_user_pass_plugin (struct tls_session *session, const struct user_pass *up #endif /* call command */ - retval = plugin_call (session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, NULL, NULL, session->opt->es, -1, NULL); + retval = plugin_call (session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, NULL, NULL, session->opt->es); #ifdef PLUGIN_DEF_AUTH /* purge auth control filename (and file itself) for non-deferred returns */ |