| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Added the ability to have "COMMONNAME" replaced with certificate common
name in pam conversation.
Signed-off-by: Joe Patterson <j.m.patterson@gmail.com>
Acked-By: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After a review of the second round of the the v3 plug-in implementation, it
was decided to use a separate constant defining the version of the structs
used for argument and return value passing, instead of OPENVPN_PLUGIN_VERSION.
To not make it too complex, this patch uses a shared version constant for all
the v3 structures. It is not expected that these strucutures will change too
much and too often.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To build the plug-in, do ./build log_v3 in the plugin/examples directory.
This plug-in can be tested by running an OpenVPN server like this:
# ./openvpn --plugin plugin/examples/log_v3.so --dev tun \
--server 192.168.240.0 255.255.255.0 --ca sample-keys/ca.crt \
--cert sample-keys/server.crt --key sample-keys/server.key \
--dh sample-keys/dh1024.pem
The client can be started like this:
# ./openvpn --client --remote localhost --ca sample-keys/ca.crt \
--cert sample-keys/client.crt --key sample-keys/client.key \
--dev tun --nobind --auth-user-pass
This plug-in will only log arguments and environment variables it receives
during all the different plug-in phases OpenVPN currently supports. It will
also parse the X509 certificate information given during the TLS_VERIFY phase.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
the MS Active Directory through auth-pam and Samba. I used the following line in my configs (without the linebreak of course):
plugin /opt/openvpn/openvpn-auth-pam.so
"openvpn login OURDOMAIN+USERNAME password PASSWORD"
Finally I turned on more verbose logging and found that the plugin did
not recognize "USERNAME" as something to replace, because it expected
the string to be surrounded by whitespace. I wrote the following patch
to correct this. I hope you find it useful,
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1. Fail gracefully rather than segfault if calloc returns NULL.
2. The openvpn_plugin_abort_v1 function can potentially be called
with handle == NULL. Add code to detect this case, and if
so, avoid dereferencing pointers derived from handle.
(Thanks to David Sommerseth for finding this bug).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5261 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
| |
Telethra to OpenVPN Technologies.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* All external programs and scripts are now called by execve() on unix and
CreateProcess on Windows.
* The system() function is no longer used.
* Argument lists for external programs and scripts are now built by the new
argv_printf function which natively outputs to string arrays (i.e.
char *argv[] lists), never truncates its output, and eliminates the security
issues inherent in formatting and parsing command lines, and dealing with
argument quoting.
* The --script-security directive has been added to offer policy controls on
OpenVPN's execution of external programs and scripts.
Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
| |
never output passwords to stderr.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2979 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support asynchronous authentication by plugins by allowing
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return
OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in
openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH.
Added a simple packet filter functionality that can be driven by
a plugin. See comments in openvpn-plugin.h for documentation.
Enabled by ENABLE_PF.
See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH
and ENABLE_PF.
"TLS Error: local/remote TLS keys are out of sync" is no longer a
fatal error for TCP-based sessions, since the error can arise
normally in the course of deferred authentication. In a related
change, allow packet-id sequence to begin at some number n > 0 for
TCP sessions, rather than strictly requiring sequence to begin
at 1.
Added a test to configure.ac for LoadLibrary function on Windows.
Modified "make dist" function to include all files from
install-win32 so that ./domake-win can be run from a
tarball-expanded directory.
setenv and setenv-safe directives may now omit a value argument
which defaults to "".
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to not be called for the top-level "generic" client template.
Added additional documentation to openvpn-plugin.h that more clearly
illustrates the full sequence and ordering of plugin callbacks
(plugin/defer/simple.c was extended to provide the raw data for this
documentation).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2973 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
|
|
| |
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler.
See documentation in openvpn-plugin.h and example
usage in plugin/defer/simple.c.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
| |
than dlopen (Roy Marples).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1421 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
| |
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@638 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
|
| |
strange automake issue.
2.1_beta2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@603 e7ae566f-a301-0410-adde-c780ea21d3b5
|
| |
|
|
|
|
|
| |
2.1_beta1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@591 e7ae566f-a301-0410-adde-c780ea21d3b5
|
|
|
It includes the --topology feature, and
TAP-Win32 driver changes to allow
non-admin access.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
|
