From d92819fa1adc5d2ee8f1c2bbd0d32829635eacf1 Mon Sep 17 00:00:00 2001 From: james Date: Wed, 28 Dec 2005 06:58:19 +0000 Subject: Added OPENVPN_PLUGIN_TLS_FINAL plugin callback. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@862 e7ae566f-a301-0410-adde-c780ea21d3b5 --- openvpn-plugin.h | 3 ++- plugin.c | 2 ++ ssl.c | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/openvpn-plugin.h b/openvpn-plugin.h index 1f53eea..b333168 100644 --- a/openvpn-plugin.h +++ b/openvpn-plugin.h @@ -38,7 +38,8 @@ #define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 #define OPENVPN_PLUGIN_LEARN_ADDRESS 8 #define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 -#define OPENVPN_PLUGIN_N 10 +#define OPENVPN_PLUGIN_TLS_FINAL 10 +#define OPENVPN_PLUGIN_N 11 /* * Build a mask out of a set of plug-in types. diff --git a/plugin.c b/plugin.c index 190b2c0..e841dc7 100644 --- a/plugin.c +++ b/plugin.c @@ -87,6 +87,8 @@ plugin_type_name (const int type) return "PLUGIN_CLIENT_DISCONNECT"; case OPENVPN_PLUGIN_LEARN_ADDRESS: return "PLUGIN_LEARN_ADDRESS"; + case OPENVPN_PLUGIN_TLS_FINAL: + return "PLUGIN_TLS_FINAL"; default: return "PLUGIN_???"; } diff --git a/ssl.c b/ssl.c index 7be2394..5f8b5d1 100644 --- a/ssl.c +++ b/ssl.c @@ -3087,7 +3087,17 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi buf_clear (buf); /* - * generate tunnel keys if client + * Call OPENVPN_PLUGIN_TLS_FINAL plugin if defined, for final + * veto opportunity over authentication decision. + */ + if (ks->authenticated && plugin_defined (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL)) + { + if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es)) + ks->authenticated = false; + } + + /* + * Generate tunnel keys if client */ if (!session->opt->server) { -- cgit