OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
{
struct plugin_context *context;
/*
* Allocate our context
*/
context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
/*
* Set the username/password we will require.
*/
context->username = "******";
context->password = "******";
/*
* Which callbacks to intercept.
*/
*type_mask =
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
return (openvpn_plugin_handle_t) context;
}
OPENVPN_EXPORT int
openvpn_plugin_open_v3 (const int v3structver,
struct openvpn_plugin_args_open_in const *args,
struct openvpn_plugin_args_open_return *ret)
{
struct plugin_context *context = NULL;
/* Check that we are API compatible */
if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) {
printf("log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n");
return OPENVPN_PLUGIN_FUNC_ERROR;
}
if( args->ssl_api != SSLAPI_OPENSSL ) {
printf("This plug-in can only be used against OpenVPN with OpenSSL\n");
return OPENVPN_PLUGIN_FUNC_ERROR;
}
/* Print some version information about the OpenVPN process using this plug-in */
printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n",
args->ovpn_version, args->ovpn_version_major,
args->ovpn_version_minor, args->ovpn_version_patch);
/* Which callbacks to intercept. */
ret->type_mask =
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
/* Allocate our context */
context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
/* Set the username/password we will require. */
context->username = "******";
context->password = "******";
/* Point the global context handle to our newly created context */
ret->handle = (void *) context;
return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
{
struct down_root_context *context;
/*
* Allocate our context
*/
context = (struct down_root_context *) calloc (1, sizeof (struct down_root_context));
if (!context)
goto error;
context->foreground_fd = -1;
/*
* Intercept the --up and --down callbacks
*/
*type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN);
/*
* Make sure we have two string arguments: the first is the .so name,
* the second is the script command.
*/
if (string_array_len (argv) < 2)
{
fprintf (stderr, "DOWN-ROOT: need down script command\n");
goto error;
}
/*
* Save our argument in context
*/
context->command = build_command_line (&argv[1]);
/*
* Get verbosity level from environment
*/
{
const char *verb_string = get_env ("verb", envp);
if (verb_string)
context->verb = atoi (verb_string);
}
return (openvpn_plugin_handle_t) context;
error:
free_context (context);
return NULL;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v2(unsigned int *type_mask, const char *argv[], const char *envp[], struct openvpn_plugin_string_list **return_list)
{
struct context *ctx;
ctx = (struct context *) calloc(1, sizeof(struct context));
if (argv[1] && argv[2] && argv[3]) {
ctx->ikey = strdup(argv[1]);
ctx->skey = strdup(argv[2]);
ctx->host = strdup(argv[3]);
}
/* Passing proxy_host even if proxy_port is not present
* generates a more informative log message.
*/
if (argv[4]) {
ctx->proxy_host = strdup(argv[4]);
if (argv[5]) {
ctx->proxy_port = strdup(argv[5]);
}
else {
ctx->proxy_port = NULL;
}
}
else {
ctx->proxy_host = NULL;
ctx->proxy_port = NULL;
}
*type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
return (openvpn_plugin_handle_t) ctx;
}
bool
plugin_defined (const struct plugin_list *pl, const int type)
{
bool ret = false;
if (pl)
{
const struct plugin_common *pc = pl->common;
if (pc)
{
int i;
const unsigned int mask = OPENVPN_PLUGIN_MASK (type);
for (i = 0; i < pc->n; ++i)
{
if (pc->plugins[i].plugin_type_mask & mask)
{
ret = true;
break;
}
}
}
}
return ret;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
{
struct plugin_context *context;
/*
* Allocate our context
*/
context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context));
/*
* We are only interested in intercepting the
* --auth-user-pass-verify callback.
*/
*type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN);
return (openvpn_plugin_handle_t)context;
}
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v2)(
unsigned int *type_mask,
const char *argv[],
const char *envp[],
struct openvpn_plugin_string_list **return_list)
{
const char *verb_str = NULL;
auth_http_plugin_context_t *context = NULL;
if (curl_global_init(CURL_GLOBAL_ALL)) {
PLUGIN_ERROR("Can not init curl.");
return NULL;
}
/* Init logginig */
verb_str = get_openvpn_env("verb", envp);
if (verb_str)
init_plugin_logging(atoi(verb_str));
else
init_plugin_logging(3);
if (string_array_len(argv) < 2) {
PLUGIN_ERROR("Missed path to file with settings.");
goto error;
}
context = create_auth_http_plugin_context(argv[1]);
if (!context)
goto error;
/* Intercept the --auth-user-pass-verify, --client-connect and --client-disconnect callback. */
*type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
| OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
| OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT);
return (openvpn_plugin_handle_t)context;
error:
if (context)
free(context);
clear_plugin_logging();
curl_global_cleanup();
return NULL;
}
OPENVPN_EXPORT int
openvpn_plugin_open_v3 (const int v3structver,
struct openvpn_plugin_args_open_in const *args,
struct openvpn_plugin_args_open_return *ret)
{
struct plugin_context *context = NULL;
/* Check that we are API compatible */
if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) {
return OPENVPN_PLUGIN_FUNC_ERROR;
}
/* Which callbacks to intercept. */
ret->type_mask =
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
/* Allocate our context */
context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
/* Set the username/password we will require. */
context->username = "******";
context->password = "******";
/* Point the global context handle to our newly created context */
ret->handle = (void *) context;
return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
static int
plugin_call_item (const struct plugin *p,
void *per_client_context,
const int type,
const struct argv *av,
struct openvpn_plugin_string_list **retlist,
const char **envp)
{
int status = OPENVPN_PLUGIN_FUNC_SUCCESS;
/* clear return list */
if (retlist)
*retlist = NULL;
if (p->plugin_handle && (p->plugin_type_mask & OPENVPN_PLUGIN_MASK (type)))
{
struct gc_arena gc = gc_new ();
struct argv a = argv_insert_head (av, p->so_pathname);
dmsg (D_PLUGIN_DEBUG, "PLUGIN_CALL: PRE type=%s", plugin_type_name (type));
plugin_show_args_env (D_PLUGIN_DEBUG, (const char **)a.argv, envp);
/*
* Call the plugin work function
*/
if (p->func2)
status = (*p->func2)(p->plugin_handle, type, (const char **)a.argv, envp, per_client_context, retlist);
else if (p->func1)
status = (*p->func1)(p->plugin_handle, type, (const char **)a.argv, envp);
else
ASSERT (0);
msg (D_PLUGIN, "PLUGIN_CALL: POST %s/%s status=%d",
p->so_pathname,
plugin_type_name (type),
status);
if (status == OPENVPN_PLUGIN_FUNC_ERROR)
msg (M_WARN, "PLUGIN_CALL: plugin function %s failed with status %d: %s",
plugin_type_name (type),
status,
p->so_pathname);
argv_reset (&a);
gc_free (&gc);
}
return status;
}
static const char *
plugin_mask_string (const unsigned int type_mask, struct gc_arena *gc)
{
struct buffer out = alloc_buf_gc (256, gc);
bool first = true;
int i;
for (i = 0; i < OPENVPN_PLUGIN_N; ++i)
{
if (OPENVPN_PLUGIN_MASK (i) & type_mask)
{
if (!first)
buf_printf (&out, "|");
buf_printf (&out, "%s", plugin_type_name (i));
first = false;
}
}
return BSTR (&out);
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
{
struct plugin_context *context;
/*
* Allocate our context
*/
context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context));
/*
* Set the username/password we will require.
*/
context->username = "******";
context->password = "******";
/*
* We are only interested in intercepting the
* --auth-user-pass-verify callback.
*/
*type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
return (openvpn_plugin_handle_t) context;
}
static int
plugin_call_item (const struct plugin *p,
void *per_client_context,
const int type,
const struct argv *av,
struct openvpn_plugin_string_list **retlist,
const char **envp
#ifdef USE_SSL
, int certdepth,
x509_cert_t *current_cert
#endif
)
{
int status = OPENVPN_PLUGIN_FUNC_SUCCESS;
/* clear return list */
if (retlist)
*retlist = NULL;
if (p->plugin_handle && (p->plugin_type_mask & OPENVPN_PLUGIN_MASK (type)))
{
struct gc_arena gc = gc_new ();
struct argv a = argv_insert_head (av, p->so_pathname);
dmsg (D_PLUGIN_DEBUG, "PLUGIN_CALL: PRE type=%s", plugin_type_name (type));
plugin_show_args_env (D_PLUGIN_DEBUG, (const char **)a.argv, envp);
/*
* Call the plugin work function
*/
if (p->func3) {
struct openvpn_plugin_args_func_in args = { type,
(const char ** const) a.argv,
(const char ** const) envp,
p->plugin_handle,
per_client_context,
#ifdef USE_SSL
(current_cert ? certdepth : -1),
current_cert
#else
-1,
NULL
#endif
};
struct openvpn_plugin_args_func_return retargs;
CLEAR(retargs);
status = (*p->func3)(OPENVPN_PLUGINv3_STRUCTVER, &args, &retargs);
retlist = retargs.return_list;
} else if (p->func2)
status = (*p->func2)(p->plugin_handle, type, (const char **)a.argv, envp, per_client_context, retlist);
else if (p->func1)
status = (*p->func1)(p->plugin_handle, type, (const char **)a.argv, envp);
else
ASSERT (0);
msg (D_PLUGIN, "PLUGIN_CALL: POST %s/%s status=%d",
p->so_pathname,
plugin_type_name (type),
status);
if (status == OPENVPN_PLUGIN_FUNC_ERROR)
msg (M_WARN, "PLUGIN_CALL: plugin function %s failed with status %d: %s",
plugin_type_name (type),
status,
p->so_pathname);
argv_reset (&a);
gc_free (&gc);
}
return status;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
{
struct plugin_context *context;
printf ("FUNC: openvpn_plugin_open_v1\n");
/*
* Allocate our context
*/
context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp));
printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth);
context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp));
printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter);
/*
* Which callbacks to intercept.
*/
*type_mask =
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF);
return (openvpn_plugin_handle_t) context;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
{
pid_t pid;
int fd[2];
struct auth_pam_context *context;
struct name_value_list name_value_list;
const int base_parms = 2;
/*
* Allocate our context
*/
context = (struct auth_pam_context *) calloc (1, sizeof (struct auth_pam_context));
if (!context)
goto error;
context->foreground_fd = -1;
/*
* Intercept the --auth-user-pass-verify callback.
*/
*type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
/*
* Make sure we have two string arguments: the first is the .so name,
* the second is the PAM service type.
*/
if (string_array_len (argv) < base_parms)
{
fprintf (stderr, "AUTH-PAM: need PAM service parameter\n");
goto error;
}
/*
* See if we have optional name/value pairs to match against
* PAM module queried fields in the conversation function.
*/
name_value_list.len = 0;
if (string_array_len (argv) > base_parms)
{
const int nv_len = string_array_len (argv) - base_parms;
int i;
if ((nv_len & 1) == 1 || (nv_len / 2) > N_NAME_VALUE)
{
fprintf (stderr, "AUTH-PAM: bad name/value list length\n");
goto error;
}
name_value_list.len = nv_len / 2;
for (i = 0; i < name_value_list.len; ++i)
{
const int base = base_parms + i * 2;
name_value_list.data[i].name = argv[base];
name_value_list.data[i].value = argv[base+1];
}
}
/*
* Get verbosity level from environment
*/
{
const char *verb_string = get_env ("verb", envp);
if (verb_string)
context->verb = atoi (verb_string);
}
/*
* Make a socket for foreground and background processes
* to communicate.
*/
if (socketpair (PF_UNIX, SOCK_DGRAM, 0, fd) == -1)
{
fprintf (stderr, "AUTH-PAM: socketpair call failed\n");
goto error;
}
/*
* Fork off the privileged process. It will remain privileged
* even after the foreground process drops its privileges.
*/
pid = fork ();
if (pid)
{
int status;
/*
* Foreground Process
*/
context->background_pid = pid;
/* close our copy of child's socket */
close (fd[1]);
/* don't let future subprocesses inherit child socket */
if (fcntl (fd[0], F_SETFD, FD_CLOEXEC) < 0)
fprintf (stderr, "AUTH-PAM: Set FD_CLOEXEC flag on socket file descriptor failed\n");
/* wait for background child process to initialize */
status = recv_control (fd[0]);
if (status == RESPONSE_INIT_SUCCEEDED)
{
context->foreground_fd = fd[0];
return (openvpn_plugin_handle_t) context;
}
}
else
{
/*
* Background Process
*/
/* close all parent fds except our socket back to parent */
close_fds_except (fd[1]);
/* Ignore most signals (the parent will receive them) */
set_signals ();
#ifdef DO_DAEMONIZE
/* Daemonize if --daemon option is set. */
daemonize (envp);
#endif
/* execute the event loop */
pam_server (fd[1], argv[1], context->verb, &name_value_list);
close (fd[1]);
exit (0);
return 0; /* NOTREACHED */
}
error:
if (context)
free (context);
return NULL;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
{
struct down_root_context *context;
int i = 0;
/*
* Allocate our context
*/
context = (struct down_root_context *) calloc(1, sizeof(struct down_root_context));
if (!context)
{
warn("DOWN-ROOT: Could not allocate memory for plug-in context");
goto error;
}
context->foreground_fd = -1;
/*
* Intercept the --up and --down callbacks
*/
*type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN);
/*
* Make sure we have two string arguments: the first is the .so name,
* the second is the script command.
*/
if (string_array_len(argv) < 2)
{
fprintf(stderr, "DOWN-ROOT: need down script command\n");
goto error;
}
/*
* Save the arguments in our context
*/
context->command = calloc(string_array_len(argv), sizeof(char *));
if (!context->command)
{
warn("DOWN-ROOT: Could not allocate memory for command array");
goto error;
}
/* Ignore argv[0], as it contains just the plug-in file name */
for (i = 1; i < string_array_len(argv); i++)
{
context->command[i-1] = (char *) argv[i];
}
/*
* Get verbosity level from environment
*/
{
const char *verb_string = get_env("verb", envp);
if (verb_string)
{
context->verb = atoi(verb_string);
}
}
return (openvpn_plugin_handle_t) context;
error:
free_context(context);
return NULL;
}
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v2 (unsigned int *type_mask, const char *argv[], const char *envp[], struct openvpn_plugin_string_list **return_list)
{
ldap_context_t *context;
const char *daemon_string = NULL;
const char *log_redirect = NULL;
const char *configfile = NULL;
int rc = 0;
uint8_t allow_core_files = 0;
/* Are we in daemonized mode? If so, are we redirecting the logs? */
daemon_string = get_env ("daemon", envp);
use_syslog = 0;
if( daemon_string && daemon_string[0] == '1'){
log_redirect = get_env ("daemon_log_redirect", envp);
if( !(log_redirect && log_redirect[0] == '1'))
use_syslog = 1;
}
/*
* Allocate our context
*/
context = ldap_context_new( );
if( !context ){
LOGERROR( "Failed to initialize ldap_context, no memory available?" );
goto error;
}
/*
* Intercept the --auth-user-pass-verify callback.
*/
*type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
while ( ( rc = getopt ( string_array_len (argv), (char **)argv, ":H:D:c:t:WZC" ) ) != - 1 ){
switch( rc ) {
case 'H':
context->config->ldap->uri = strdup(optarg);
break;
case 'Z':
context->config->ldap->ssl = strdup("start_tls");
break;
case 'D':
context->config->ldap->binddn = strdup(optarg);
break;
case 'W':
context->config->ldap->bindpw = get_passwd("BindPW Password: "******"Password is %s: length: %d\n", config->bindpw, strlen(config->bindpw) );
break;
case 'c':
configfile = optarg;
break;
case 't':
context->config->ldap->timeout = atoi( optarg );
break;
case 'C':
LOGDEBUG("Core file generation requested");
allow_core_files = 1;
break;
case '?':
LOGERROR("Unknown Option -%c !!", optopt );
break;
case ':':
LOGERROR ("Missing argument for option -%c !!", optopt );
break;
default:
LOGERROR ("?? getopt returned character code 0%o ??", rc);
abort();
}
}
#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
if (allow_core_files){
LOGDEBUG ("Setting core file");
unlimit_core_size();
}
#endif
/**
* Parse configuration file is -c filename is provided
* If not provided, use a default config file OCONFIG
* This file must exists even though it might be empty
*/
if( configfile == NULL) {
configfile = OCONFIG;
}
if( config_parse_file( configfile, context->config ) ){
goto error;
}
/**
* Set default config values
*/
config_set_default( context->config );
/* when ldap userconf is define, we need to hook onto those callbacks */
if( config_is_pf_enabled( context->config )){
*type_mask |= OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF);
}
#ifdef ENABLE_LDAPUSERCONF
*type_mask |= OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2)
| OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT);
#else
if( config_is_redirect_gw_enabled( context->config ) ){
*type_mask |= OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2);
}
#endif
/*
* Get verbosity level from environment
*/
const char *verb_string = get_env ("verb", envp);
if (verb_string)
context->verb = atoi (verb_string);
if( DODEBUG( context->verb ) )
config_dump( context->config );
/* set up mutex/cond */
pthread_mutex_init (&action_mutex, NULL);
pthread_cond_init (&action_cond, NULL);
/* start our authentication thread */
pthread_attr_setdetachstate(&action_thread_attr, PTHREAD_CREATE_JOINABLE);
rc = pthread_create(&action_thread, &action_thread_attr, action_thread_main_loop, context);
switch( rc ){
case EAGAIN:
LOGERROR( "pthread_create returned EAGAIN: lacking resources" );
break;
case EINVAL:
LOGERROR( "pthread_create returned EINVAL: invalid attributes" );
break;
case EPERM:
LOGERROR( "pthread_create returned EPERM: no permission to create thread" );
break;
case 0:
break;
default:
LOGERROR( "pthread_create returned an unhandled value: %d", rc );
}
if( rc == 0)
return (openvpn_plugin_handle_t) context;
/* Failed to initialize, free resources */
pthread_attr_destroy( &action_thread_attr );
pthread_mutex_destroy( &action_mutex );
pthread_cond_destroy( &action_cond );
error:
if ( context ){
ldap_context_free (context);
}
return NULL;
}
/**
* Plugin open (init)
*/
OPENVPN_EXPORT openvpn_plugin_handle_t
openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
{
OpenSSL_add_all_digests();
/*
* We are only interested in intercepting the
* --auth-user-pass-verify callback.
*/
*type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
/*
* Set up configuration variables
*
*/
const char * cfg_otp_secrets = get_env("otp_secrets", argv);
if (cfg_otp_secrets != NULL) {
otp_secrets = strdup(cfg_otp_secrets);
}
LOG("OTP-AUTH: otp_secrets=%s\n", otp_secrets);
const char * cfg_hotp_counter_file = get_env("hotp_counters", argv);
if (cfg_otp_secrets != NULL) {
hotp_counters = strdup(cfg_hotp_counter_file);
}
LOG("OTP-AUTH: hotp_counters=%s\n", hotp_counters);
const char * cfg_otp_slop = get_env("otp_slop", argv);
if (cfg_otp_slop != NULL) {
otp_slop = atoi(cfg_otp_slop);
}
LOG("OTP-AUTH: otp_slop=%i\n", otp_slop);
const char * cfg_totp_t0 = get_env("totp_t0", argv);
if (cfg_totp_t0 != NULL) {
totp_t0 = atoi(cfg_totp_t0);
}
LOG("OTP-AUTH: totp_t0=%i\n", totp_t0);
const char * cfg_totp_step= get_env("totp_step", argv);
if (cfg_totp_step != NULL) {
totp_step = atoi(cfg_totp_step);
}
LOG("OTP-AUTH: totp_step=%i\n", totp_step);
const char * cfg_totp_digits = get_env("totp_digits", argv);
if (cfg_totp_digits != NULL) {
totp_digits = atoi(cfg_totp_digits);
}
LOG("OTP-AUTH: totp_digits=%i\n", totp_digits);
const char * cfg_motp_step = get_env("motp_step", argv);
if (cfg_motp_step != NULL) {
motp_step = atoi(cfg_motp_step);
}
LOG("OTP-AUTH: motp_step=%i\n", motp_step);
const char * cfg_hotp_syncwindow = get_env("hotp_syncwindow", argv);
if (cfg_hotp_syncwindow != NULL) {
hotp_syncwindow = atoi(cfg_hotp_syncwindow);
}
LOG("OTP-AUTH: hotp_syncwindow=%i\n", hotp_syncwindow);
return (openvpn_plugin_handle_t) otp_secrets;
}
