From 47ae8457f9e9c2bb0f5c1e8f28822e1bbc16c196 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Wed, 4 Jun 2008 05:16:44 +0000
Subject: Incremented version to 2.1_rc7d.

Support asynchronous authentication by plugins by allowing
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return
OPENVPN_PLUGIN_FUNC_DEFERRED.  See comments in
openvpn-plugin.h for documentation.  Enabled by ENABLE_DEF_AUTH.

Added a simple packet filter functionality that can be driven by
a plugin.  See comments in openvpn-plugin.h for documentation.
Enabled by ENABLE_PF.

See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH
and ENABLE_PF.

"TLS Error: local/remote TLS keys are out of sync" is no longer a
fatal error for TCP-based sessions, since the error can arise
normally in the course of deferred authentication.  In a related
change, allow packet-id sequence to begin at some number n > 0 for
TCP sessions, rather than strictly requiring sequence to begin
at 1.

Added a test to configure.ac for LoadLibrary function on Windows.

Modified "make dist" function to include all files from
install-win32 so that ./domake-win can be run from a
tarball-expanded directory.

setenv and setenv-safe directives may now omit a value argument
which defaults to "".


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 plugin.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'plugin.c')

diff --git a/plugin.c b/plugin.c
index 1c1b545..508b12e 100644
--- a/plugin.c
+++ b/plugin.c
@@ -83,6 +83,8 @@ plugin_type_name (const int type)
       return "PLUGIN_LEARN_ADDRESS";
     case OPENVPN_PLUGIN_TLS_FINAL:
       return "PLUGIN_TLS_FINAL";
+    case OPENVPN_PLUGIN_ENABLE_PF:
+      return "OPENVPN_PLUGIN_ENABLE_PF";
     default:
       return "PLUGIN_???";
     }
@@ -540,6 +542,7 @@ plugin_call (const struct plugin_list *pl,
       int i;
       const char **envp;
       const int n = plugin_n (pl);
+      bool success = false;
       bool error = false;
       bool deferred = false;
       
@@ -556,10 +559,18 @@ plugin_call (const struct plugin_list *pl,
 					       args,
 					       pr ? &pr->list[i] : NULL,
 					       envp);
-	  if (status == OPENVPN_PLUGIN_FUNC_ERROR)
-	    error = true;
-	  else if (status == OPENVPN_PLUGIN_FUNC_DEFERRED)
-	    deferred = true;
+	  switch (status)
+	    {
+	    case OPENVPN_PLUGIN_FUNC_SUCCESS:
+	      success = true;
+	      break;
+	    case OPENVPN_PLUGIN_FUNC_DEFERRED:
+	      deferred = true;
+	      break;
+	    default:
+	      error = true;
+	      break;
+	    }
 	}
 
       if (pr)
@@ -569,7 +580,9 @@ plugin_call (const struct plugin_list *pl,
 
       gc_free (&gc);
 
-      if (error)
+      if (type == OPENVPN_PLUGIN_ENABLE_PF && success)
+	return OPENVPN_PLUGIN_FUNC_SUCCESS;
+      else if (error)
 	return OPENVPN_PLUGIN_FUNC_ERROR;
       else if (deferred)
 	return OPENVPN_PLUGIN_FUNC_DEFERRED;
-- 
cgit