#include <openssl/x509.h>#include <stdarg.h>#include <stddef.h>
Go to the source code of this file.
Data Structures | |
| struct | openvpn_plugin_string_list |
| struct | openvpn_plugin_callbacks |
| Used by the openvpn_plugin_open_v3() function to pass callback function pointers to the plug-in. More... | |
| struct | openvpn_plugin_args_open_in |
| Arguments used to transport variables to the plug-in. More... | |
| struct | openvpn_plugin_args_open_return |
| Arguments used to transport variables from the plug-in back to the OpenVPN process. More... | |
| struct | openvpn_plugin_args_func_in |
| Arguments used to transport variables to and from the plug-in. More... | |
| struct | openvpn_plugin_args_func_return |
| Arguments used to transport variables to and from the plug-in. More... | |
Typedefs | |
| typedef X509 | openvpn_x509_cert_t |
| typedef void * | openvpn_plugin_handle_t |
| typedef void(* | plugin_log_t) (openvpn_plugin_log_flags_t flags, const char *plugin_name, const char *format,...) _ovpn_chk_fmt(3 |
| typedef void(*) typedef void(* | plugin_vlog_t) (openvpn_plugin_log_flags_t flags, const char *plugin_name, const char *format, va_list arglist) _ovpn_chk_fmt(3 |
| typedef void(*) typedef void(*) typedef void(* | plugin_secure_memzero_t) (void *data, size_t len) |
| Export of secure_memzero() to be used inside plug-ins. More... | |
| typedef int(* | plugin_base64_encode_t) (const void *data, int size, char **str) |
| Export of openvpn_base64_encode() to be used inside plug-ins. More... | |
| typedef int(* | plugin_base64_decode_t) (const char *str, void *data, int size) |
| Export of openvpn_base64_decode() to be used inside plug-ins. More... | |
Enumerations | |
| enum | openvpn_plugin_log_flags_t { PLOG_ERR = (1 << 0), PLOG_WARN = (1 << 1), PLOG_NOTE = (1 << 2), PLOG_DEBUG = (1 << 3), PLOG_ERRNO = (1 << 8), PLOG_NOMUTE = (1 << 9) } |
| Definitions needed for the plug-in callback functions. More... | |
| enum | ovpnSSLAPI { SSLAPI_NONE, SSLAPI_OPENSSL, SSLAPI_MBEDTLS } |
| Used by the openvpn_plugin_open_v3() function to indicate to the plug-in what kind of SSL implementation OpenVPN uses. More... | |
Macro Definition Documentation
◆ __OPENVPN_X509_CERT_T_DECLARED
| #define __OPENVPN_X509_CERT_T_DECLARED |
Definition at line 39 of file openvpn-plugin.h.
◆ _ovpn_chk_fmt
| #define _ovpn_chk_fmt | ( | a, | |
| b | |||
| ) |
Definition at line 251 of file openvpn-plugin.h.
◆ OPENVPN_EXPORT
| #define OPENVPN_EXPORT __declspec(dllexport) |
Definition at line 156 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
| #define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5 |
Definition at line 122 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_CLIENT_CONNECT
| #define OPENVPN_PLUGIN_CLIENT_CONNECT 6 |
Definition at line 123 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER
| #define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER 13 |
Definition at line 130 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2
| #define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 14 |
Definition at line 131 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_CLIENT_CONNECT_V2
| #define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 |
Definition at line 126 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_CLIENT_DISCONNECT
| #define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 |
Definition at line 124 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_DEF
| #define OPENVPN_PLUGIN_DEF OPENVPN_EXPORT |
Definition at line 178 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_DOWN
| #define OPENVPN_PLUGIN_DOWN 1 |
Definition at line 118 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_FUNC
| #define OPENVPN_PLUGIN_FUNC | ( | name | ) | name |
Definition at line 179 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_FUNC_DEFERRED
| #define OPENVPN_PLUGIN_FUNC_DEFERRED 2 |
Definition at line 150 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_FUNC_ERROR
| #define OPENVPN_PLUGIN_FUNC_ERROR 1 |
Definition at line 149 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_FUNC_SUCCESS
| #define OPENVPN_PLUGIN_FUNC_SUCCESS 0 |
Definition at line 148 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_INIT_POST_DAEMON
| #define OPENVPN_PLUGIN_INIT_POST_DAEMON 3 |
Definition at line 768 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_INIT_POST_UID_CHANGE
| #define OPENVPN_PLUGIN_INIT_POST_UID_CHANGE 4 |
Definition at line 769 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE
| #define OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE 1 |
Definition at line 766 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_INIT_PRE_DAEMON
| #define OPENVPN_PLUGIN_INIT_PRE_DAEMON 2 /* default */ |
Definition at line 767 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_IPCHANGE
| #define OPENVPN_PLUGIN_IPCHANGE 3 |
Definition at line 120 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_LEARN_ADDRESS
| #define OPENVPN_PLUGIN_LEARN_ADDRESS 8 |
Definition at line 125 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_MASK
| #define OPENVPN_PLUGIN_MASK | ( | x | ) | (1<<(x)) |
Definition at line 137 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_N
| #define OPENVPN_PLUGIN_N 15 |
Definition at line 132 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_ROUTE_PREDOWN
| #define OPENVPN_PLUGIN_ROUTE_PREDOWN 12 |
Definition at line 129 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_ROUTE_UP
| #define OPENVPN_PLUGIN_ROUTE_UP 2 |
Definition at line 119 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_TLS_FINAL
| #define OPENVPN_PLUGIN_TLS_FINAL 10 |
Definition at line 127 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_TLS_VERIFY
| #define OPENVPN_PLUGIN_TLS_VERIFY 4 |
Definition at line 121 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_UP
| #define OPENVPN_PLUGIN_UP 0 |
Definition at line 117 of file openvpn-plugin.h.
◆ OPENVPN_PLUGIN_VERSION
| #define OPENVPN_PLUGIN_VERSION 3 |
Definition at line 28 of file openvpn-plugin.h.
◆ OPENVPN_PLUGINv3_STRUCTVER
| #define OPENVPN_PLUGINv3_STRUCTVER 5 |
Defines version of the v3 plugin argument structs.
Whenever one or more of these structs are modified, this constant must be updated. A changelog should be appended in this comment as well, to make it easier to see what information is available in the different versions.
Version Comment 1 Initial plugin v3 structures providing the same API as the v2 plugin interface, X509 certificate information + a logging API for plug-ins.
2 Added ssl_api member in struct openvpn_plugin_args_open_in which identifies the SSL implementation OpenVPN is compiled against.
3 Added ovpn_version, ovpn_version_major, ovpn_version_minor and ovpn_version_patch to provide the runtime version of OpenVPN to plug-ins.
4 Exported secure_memzero() as plugin_secure_memzero()
5 Exported openvpn_base64_encode() as plugin_base64_encode() Exported openvpn_base64_decode() as plugin_base64_decode()
Definition at line 226 of file openvpn-plugin.h.
◆ OPENVPN_VERSION_MAJOR
| #define OPENVPN_VERSION_MAJOR 2 |
Definition at line 54 of file openvpn-plugin.h.
◆ OPENVPN_VERSION_MINOR
| #define OPENVPN_VERSION_MINOR 6 |
Definition at line 55 of file openvpn-plugin.h.
◆ OPENVPN_VERSION_PATCH
| #define OPENVPN_VERSION_PATCH "_git" |
Definition at line 56 of file openvpn-plugin.h.
Typedef Documentation
◆ openvpn_plugin_handle_t
| typedef void* openvpn_plugin_handle_t |
Definition at line 143 of file openvpn-plugin.h.
◆ openvpn_x509_cert_t
| typedef X509 openvpn_x509_cert_t |
Definition at line 40 of file openvpn-plugin.h.
◆ plugin_base64_decode_t
| typedef int(* plugin_base64_decode_t) (const char *str, void *data, int size) |
Export of openvpn_base64_decode() to be used inside plug-ins.
- Parameters
-
str Pointer to the BASE64 encoded data data Pointer to the buffer where save the decoded data size Size of the destination buffer
- Returns
- int Returns the length of the decoded data, or -1 on error or if the destination buffer is too small.
Definition at line 298 of file openvpn-plugin.h.
◆ plugin_base64_encode_t
| typedef int(* plugin_base64_encode_t) (const void *data, int size, char **str) |
Export of openvpn_base64_encode() to be used inside plug-ins.
- Parameters
-
data Pointer to data to BASE64 encode size Length of data, in bytes *str Pointer to the return buffer. This needed memory is allocated by openvpn_base64_encode() and needs to be free()d after use.
- Returns
- int Returns the length of the buffer created, or -1 on error.
Definition at line 285 of file openvpn-plugin.h.
◆ plugin_log_t
| typedef void(* plugin_log_t) (openvpn_plugin_log_flags_t flags, const char *plugin_name, const char *format,...) _ovpn_chk_fmt(3 |
Definition at line 254 of file openvpn-plugin.h.
◆ plugin_secure_memzero_t
| typedef void(*) typedef void(*) typedef void(* plugin_secure_memzero_t) (void *data, size_t len) |
Export of secure_memzero() to be used inside plug-ins.
- Parameters
-
data Pointer to data to zeroise len Length of data, in bytes
Definition at line 271 of file openvpn-plugin.h.
◆ plugin_vlog_t
| typedef void(*) typedef void(* plugin_vlog_t) (openvpn_plugin_log_flags_t flags, const char *plugin_name, const char *format, va_list arglist) _ovpn_chk_fmt(3 |
Definition at line 258 of file openvpn-plugin.h.
Enumeration Type Documentation
◆ openvpn_plugin_log_flags_t
Definitions needed for the plug-in callback functions.
| Enumerator | |
|---|---|
| PLOG_ERR | |
| PLOG_WARN | |
| PLOG_NOTE | |
| PLOG_DEBUG | |
| PLOG_ERRNO | |
| PLOG_NOMUTE | |
Definition at line 231 of file openvpn-plugin.h.
◆ ovpnSSLAPI
| enum ovpnSSLAPI |
Used by the openvpn_plugin_open_v3() function to indicate to the plug-in what kind of SSL implementation OpenVPN uses.
This is to avoid SEGV issues when OpenVPN is complied against mbed TLS and the plug-in against OpenSSL.
| Enumerator | |
|---|---|
| SSLAPI_NONE | |
| SSLAPI_OPENSSL | |
| SSLAPI_MBEDTLS | |
Definition at line 332 of file openvpn-plugin.h.
Function Documentation
◆ openvpn_plugin_abort_v1()
| OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC() openvpn_plugin_abort_v1 | ( | openvpn_plugin_handle_t | handle | ) |
Definition at line 631 of file auth-pam.c.
References COMMAND_EXIT, and send_control().
◆ openvpn_plugin_client_constructor_v1()
| OPENVPN_PLUGIN_DEF void* OPENVPN_PLUGIN_FUNC() openvpn_plugin_client_constructor_v1 | ( | openvpn_plugin_handle_t | handle | ) |
Definition at line 596 of file sample-client-connect.c.
◆ openvpn_plugin_client_destructor_v1()
| OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC() openvpn_plugin_client_destructor_v1 | ( | openvpn_plugin_handle_t | handle, |
| void * | per_client_context | ||
| ) |
Definition at line 603 of file sample-client-connect.c.
References session::key, ovpn_note, plog(), and PLOG_NOTE.
◆ openvpn_plugin_close_v1()
| OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC() openvpn_plugin_close_v1 | ( | openvpn_plugin_handle_t | handle | ) |
This cleans up the last part of the plug-in, allows it to shut down cleanly and release the plug-in global context buffer.
- Parameters
-
handle Pointer to the plug-in global context buffer, which need to be released by this function
Definition at line 610 of file sample-client-connect.c.
References COMMAND_EXIT, DEBUG, free_context(), MODULE, plog(), PLOG_ERR, PLOG_ERRNO, PLOG_NOTE, plugin_log, and send_control().
◆ openvpn_plugin_func_v1()
| OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC() openvpn_plugin_func_v1 | ( | openvpn_plugin_handle_t | handle, |
| const int | type, | ||
| const char * | argv[], | ||
| const char * | envp[] | ||
| ) |
This function is called by OpenVPN each time the OpenVPN reaches a point where plug-in calls should happen.
It only happens for those plug-in hooks enabled in openvpn_plugin_open_v3().
For the arguments, see the include/openvpn-plugin.h file for details on the function parameters
- Parameters
-
args Pointer to a struct with details about the plug-in call from the main OpenVPN process. returndata Pointer to a struct where the plug-in can provide information back to OpenVPN to be processed
- Returns
- Must return OPENVPN_PLUGIN_FUNC_SUCCESS or OPENVPN_PLUGIN_FUNC_DEFERRED on success. Otherwise it should return OPENVPN_FUNC_ERROR, which will stop and reject the client session from progressing.
Definition at line 176 of file log.c.
References close_fds_except(), COMMAND_RUN_SCRIPT, COMMAND_VERIFY, daemonize(), DEBUG, down_root_server(), get_env(), MODULE, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, OPENVPN_PLUGIN_DOWN, OPENVPN_PLUGIN_FUNC_DEFERRED, OPENVPN_PLUGIN_FUNC_ERROR, OPENVPN_PLUGIN_FUNC_SUCCESS, OPENVPN_PLUGIN_TLS_VERIFY, OPENVPN_PLUGIN_UP, ovpn_base64_decode, ovpn_base64_encode, ovpn_log, plugin_context::password, PLOG_ERR, PLOG_ERRNO, PLOG_NOTE, plugin_log, PLUGIN_NAME, recv_control(), RESPONSE_DEFER, RESPONSE_INIT_SUCCEEDED, RESPONSE_SCRIPT_SUCCEEDED, RESPONSE_VERIFY_SUCCEEDED, send_control(), send_string(), set_signals(), show(), status, and plugin_context::username.
◆ openvpn_plugin_func_v2()
| OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC() openvpn_plugin_func_v2 | ( | openvpn_plugin_handle_t | handle, |
| const int | type, | ||
| const char * | argv[], | ||
| const char * | envp[], | ||
| void * | per_client_context, | ||
| struct openvpn_plugin_string_list ** | return_list | ||
| ) |
Definition at line 527 of file sample-client-connect.c.
References MODULE, OPENVPN_PLUGIN_CLIENT_CONNECT, openvpn_plugin_client_connect(), OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2, openvpn_plugin_client_connect_defer_v2(), OPENVPN_PLUGIN_CLIENT_CONNECT_V2, openvpn_plugin_client_connect_v2(), OPENVPN_PLUGIN_CLIENT_DISCONNECT, OPENVPN_PLUGIN_DOWN, OPENVPN_PLUGIN_FUNC_SUCCESS, OPENVPN_PLUGIN_IPCHANGE, OPENVPN_PLUGIN_LEARN_ADDRESS, OPENVPN_PLUGIN_ROUTE_UP, OPENVPN_PLUGIN_TLS_FINAL, OPENVPN_PLUGIN_TLS_VERIFY, OPENVPN_PLUGIN_UP, PLOG_NOTE, and plugin_log.
◆ openvpn_plugin_func_v3()
| OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC() openvpn_plugin_func_v3 | ( | const int | version, |
| struct openvpn_plugin_args_func_in const * | arguments, | ||
| struct openvpn_plugin_args_func_return * | retptr | ||
| ) |
Definition at line 367 of file multi-auth.c.
References openvpn_plugin_args_func_in::argv, auth_user_pass_verify(), openvpn_plugin_args_func_in::current_cert, openvpn_plugin_args_func_in::current_cert_depth, openvpn_plugin_args_func_in::envp, get_env(), openvpn_plugin_args_func_in::handle, MODULE, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, OPENVPN_PLUGIN_FUNC_ERROR, OPENVPN_PLUGIN_FUNC_SUCCESS, OPENVPN_PLUGIN_STRUCTVER_MIN, OPENVPN_PLUGIN_TLS_FINAL, OPENVPN_PLUGIN_TLS_VERIFY, plugin_context::password, openvpn_plugin_args_func_in::per_client_context, plog(), PLOG_NOTE, show(), tls_final(), tls_verify(), openvpn_plugin_args_func_in::type, plugin_context::username, and x509_print_info().
◆ openvpn_plugin_min_version_required_v1()
| OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC() openvpn_plugin_min_version_required_v1 | ( | void | ) |
Definition at line 173 of file multi-auth.c.
References OPENVPN_PLUGIN_VERSION_MIN.
◆ openvpn_plugin_open_v1()
| OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC() openvpn_plugin_open_v1 | ( | unsigned int * | type_mask, |
| const char * | argv[], | ||
| const char * | envp[] | ||
| ) |
Definition at line 73 of file log.c.
References free_context(), get_env(), OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, OPENVPN_PLUGIN_CLIENT_DISCONNECT, OPENVPN_PLUGIN_DOWN, OPENVPN_PLUGIN_IPCHANGE, OPENVPN_PLUGIN_LEARN_ADDRESS, OPENVPN_PLUGIN_MASK, OPENVPN_PLUGIN_ROUTE_UP, OPENVPN_PLUGIN_TLS_FINAL, OPENVPN_PLUGIN_TLS_VERIFY, OPENVPN_PLUGIN_UP, and string_array_len().
◆ openvpn_plugin_open_v2()
| OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC() openvpn_plugin_open_v2 | ( | unsigned int * | type_mask, |
| const char * | argv[], | ||
| const char * | envp[], | ||
| struct openvpn_plugin_string_list ** | return_list | ||
| ) |
◆ openvpn_plugin_open_v3()
| OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC() openvpn_plugin_open_v3 | ( | const int | v3structver, |
| struct openvpn_plugin_args_open_in const * | args, | ||
| struct openvpn_plugin_args_open_return * | ret | ||
| ) |
This function is called when OpenVPN loads the plug-in.
The purpose is to initialize the plug-in and tell OpenVPN which plug-in hooks this plug-in wants to be involved in
For the arguments, see the include/openvpn-plugin.h file for details on the function parameters
- Parameters
-
v3structver An integer containing the API version of the plug-in structs OpenVPN uses args A pointer to the argument struct for information and features provided by OpenVPN to the plug-in ret A pointer to the struct OpenVPN uses to receive information back from the plug-in
- Returns
- Must return OPENVPN_PLUGIN_FUNC_SUCCESS when everything completed successfully. Otherwise it must be returned OPENVPN_PLUGIN_FUNC_ERROR, which will stop OpenVPN from running
Definition at line 122 of file sample-client-connect.c.
References _plugin_vlog_func, openvpn_plugin_args_open_in::argv, atoi_null0(), openvpn_plugin_args_open_in::callbacks, CLIENT, close_fds_except(), daemonize(), name_value_list::data, openvpn_plugin_args_open_in::envp, get_env(), openvpn_plugin_args_open_return::handle, name_value_list::len, plugin::log, plugin::mask, MODULE, N_NAME_VALUE, name_value::name, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, OPENVPN_PLUGIN_CLIENT_CONNECT, OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, OPENVPN_PLUGIN_CLIENT_DISCONNECT, OPENVPN_PLUGIN_DOWN, OPENVPN_PLUGIN_FUNC_ERROR, OPENVPN_PLUGIN_FUNC_SUCCESS, OPENVPN_PLUGIN_IPCHANGE, OPENVPN_PLUGIN_LEARN_ADDRESS, OPENVPN_PLUGIN_MASK, OPENVPN_PLUGIN_ROUTE_UP, OPENVPN_PLUGIN_STRUCTVER_MIN, OPENVPN_PLUGIN_TLS_FINAL, OPENVPN_PLUGIN_TLS_VERIFY, OPENVPN_PLUGIN_UP, OPENVPN_PLUGINv3_STRUCTVER, ovpn_base64_decode, ovpn_base64_encode, ovpn_log, ovpn_note, openvpn_plugin_args_open_in::ovpn_version, openvpn_plugin_args_open_in::ovpn_version_major, openvpn_plugin_args_open_in::ovpn_version_minor, openvpn_plugin_args_open_in::ovpn_version_patch, ovpn_vlog, pam_server(), plog(), PLOG_ERR, PLOG_ERRNO, PLOG_NOTE, plugin_base64_decode, openvpn_plugin_callbacks::plugin_base64_decode, openvpn_plugin_callbacks::plugin_base64_encode, plugin_log, openvpn_plugin_callbacks::plugin_log, PLUGIN_NAME, plugin_secure_memzero, openvpn_plugin_callbacks::plugin_secure_memzero, openvpn_plugin_callbacks::plugin_vlog, recv_control(), RESPONSE_INIT_SUCCEEDED, SERVER, set_signals(), openvpn_plugin_args_open_in::ssl_api, SSLAPI_OPENSSL, status, string_array_len(), plugin::type, openvpn_plugin_args_open_return::type_mask, and name_value::value.
◆ openvpn_plugin_select_initialization_point_v1()
| OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC() openvpn_plugin_select_initialization_point_v1 | ( | void | ) |
