OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) { struct plugin_context *context; /* * Allocate our context */ context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); /* * Set the username/password we will require. */ context->username = "******"; context->password = "******"; /* * Which callbacks to intercept. */ *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); return (openvpn_plugin_handle_t) context; }
OPENVPN_EXPORT int openvpn_plugin_open_v3 (const int v3structver, struct openvpn_plugin_args_open_in const *args, struct openvpn_plugin_args_open_return *ret) { struct plugin_context *context = NULL; /* Check that we are API compatible */ if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) { printf("log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); return OPENVPN_PLUGIN_FUNC_ERROR; } if( args->ssl_api != SSLAPI_OPENSSL ) { printf("This plug-in can only be used against OpenVPN with OpenSSL\n"); return OPENVPN_PLUGIN_FUNC_ERROR; } /* Print some version information about the OpenVPN process using this plug-in */ printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", args->ovpn_version, args->ovpn_version_major, args->ovpn_version_minor, args->ovpn_version_patch); /* Which callbacks to intercept. */ ret->type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); /* Allocate our context */ context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); /* Set the username/password we will require. */ context->username = "******"; context->password = "******"; /* Point the global context handle to our newly created context */ ret->handle = (void *) context; return OPENVPN_PLUGIN_FUNC_SUCCESS; }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) { struct down_root_context *context; /* * Allocate our context */ context = (struct down_root_context *) calloc (1, sizeof (struct down_root_context)); if (!context) goto error; context->foreground_fd = -1; /* * Intercept the --up and --down callbacks */ *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN); /* * Make sure we have two string arguments: the first is the .so name, * the second is the script command. */ if (string_array_len (argv) < 2) { fprintf (stderr, "DOWN-ROOT: need down script command\n"); goto error; } /* * Save our argument in context */ context->command = build_command_line (&argv[1]); /* * Get verbosity level from environment */ { const char *verb_string = get_env ("verb", envp); if (verb_string) context->verb = atoi (verb_string); } return (openvpn_plugin_handle_t) context; error: free_context (context); return NULL; }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v2(unsigned int *type_mask, const char *argv[], const char *envp[], struct openvpn_plugin_string_list **return_list) { struct context *ctx; ctx = (struct context *) calloc(1, sizeof(struct context)); if (argv[1] && argv[2] && argv[3]) { ctx->ikey = strdup(argv[1]); ctx->skey = strdup(argv[2]); ctx->host = strdup(argv[3]); } /* Passing proxy_host even if proxy_port is not present * generates a more informative log message. */ if (argv[4]) { ctx->proxy_host = strdup(argv[4]); if (argv[5]) { ctx->proxy_port = strdup(argv[5]); } else { ctx->proxy_port = NULL; } } else { ctx->proxy_host = NULL; ctx->proxy_port = NULL; } *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); return (openvpn_plugin_handle_t) ctx; }
bool plugin_defined (const struct plugin_list *pl, const int type) { bool ret = false; if (pl) { const struct plugin_common *pc = pl->common; if (pc) { int i; const unsigned int mask = OPENVPN_PLUGIN_MASK (type); for (i = 0; i < pc->n; ++i) { if (pc->plugins[i].plugin_type_mask & mask) { ret = true; break; } } } } return ret; }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) { struct plugin_context *context; /* * Allocate our context */ context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); /* * We are only interested in intercepting the * --auth-user-pass-verify callback. */ *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN); return (openvpn_plugin_handle_t)context; }
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v2)( unsigned int *type_mask, const char *argv[], const char *envp[], struct openvpn_plugin_string_list **return_list) { const char *verb_str = NULL; auth_http_plugin_context_t *context = NULL; if (curl_global_init(CURL_GLOBAL_ALL)) { PLUGIN_ERROR("Can not init curl."); return NULL; } /* Init logginig */ verb_str = get_openvpn_env("verb", envp); if (verb_str) init_plugin_logging(atoi(verb_str)); else init_plugin_logging(3); if (string_array_len(argv) < 2) { PLUGIN_ERROR("Missed path to file with settings."); goto error; } context = create_auth_http_plugin_context(argv[1]); if (!context) goto error; /* Intercept the --auth-user-pass-verify, --client-connect and --client-disconnect callback. */ *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT); return (openvpn_plugin_handle_t)context; error: if (context) free(context); clear_plugin_logging(); curl_global_cleanup(); return NULL; }
OPENVPN_EXPORT int openvpn_plugin_open_v3 (const int v3structver, struct openvpn_plugin_args_open_in const *args, struct openvpn_plugin_args_open_return *ret) { struct plugin_context *context = NULL; /* Check that we are API compatible */ if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) { return OPENVPN_PLUGIN_FUNC_ERROR; } /* Which callbacks to intercept. */ ret->type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); /* Allocate our context */ context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); /* Set the username/password we will require. */ context->username = "******"; context->password = "******"; /* Point the global context handle to our newly created context */ ret->handle = (void *) context; return OPENVPN_PLUGIN_FUNC_SUCCESS; }
static int plugin_call_item (const struct plugin *p, void *per_client_context, const int type, const struct argv *av, struct openvpn_plugin_string_list **retlist, const char **envp) { int status = OPENVPN_PLUGIN_FUNC_SUCCESS; /* clear return list */ if (retlist) *retlist = NULL; if (p->plugin_handle && (p->plugin_type_mask & OPENVPN_PLUGIN_MASK (type))) { struct gc_arena gc = gc_new (); struct argv a = argv_insert_head (av, p->so_pathname); dmsg (D_PLUGIN_DEBUG, "PLUGIN_CALL: PRE type=%s", plugin_type_name (type)); plugin_show_args_env (D_PLUGIN_DEBUG, (const char **)a.argv, envp); /* * Call the plugin work function */ if (p->func2) status = (*p->func2)(p->plugin_handle, type, (const char **)a.argv, envp, per_client_context, retlist); else if (p->func1) status = (*p->func1)(p->plugin_handle, type, (const char **)a.argv, envp); else ASSERT (0); msg (D_PLUGIN, "PLUGIN_CALL: POST %s/%s status=%d", p->so_pathname, plugin_type_name (type), status); if (status == OPENVPN_PLUGIN_FUNC_ERROR) msg (M_WARN, "PLUGIN_CALL: plugin function %s failed with status %d: %s", plugin_type_name (type), status, p->so_pathname); argv_reset (&a); gc_free (&gc); } return status; }
static const char * plugin_mask_string (const unsigned int type_mask, struct gc_arena *gc) { struct buffer out = alloc_buf_gc (256, gc); bool first = true; int i; for (i = 0; i < OPENVPN_PLUGIN_N; ++i) { if (OPENVPN_PLUGIN_MASK (i) & type_mask) { if (!first) buf_printf (&out, "|"); buf_printf (&out, "%s", plugin_type_name (i)); first = false; } } return BSTR (&out); }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) { struct plugin_context *context; /* * Allocate our context */ context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); /* * Set the username/password we will require. */ context->username = "******"; context->password = "******"; /* * We are only interested in intercepting the * --auth-user-pass-verify callback. */ *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); return (openvpn_plugin_handle_t) context; }
static int plugin_call_item (const struct plugin *p, void *per_client_context, const int type, const struct argv *av, struct openvpn_plugin_string_list **retlist, const char **envp #ifdef USE_SSL , int certdepth, x509_cert_t *current_cert #endif ) { int status = OPENVPN_PLUGIN_FUNC_SUCCESS; /* clear return list */ if (retlist) *retlist = NULL; if (p->plugin_handle && (p->plugin_type_mask & OPENVPN_PLUGIN_MASK (type))) { struct gc_arena gc = gc_new (); struct argv a = argv_insert_head (av, p->so_pathname); dmsg (D_PLUGIN_DEBUG, "PLUGIN_CALL: PRE type=%s", plugin_type_name (type)); plugin_show_args_env (D_PLUGIN_DEBUG, (const char **)a.argv, envp); /* * Call the plugin work function */ if (p->func3) { struct openvpn_plugin_args_func_in args = { type, (const char ** const) a.argv, (const char ** const) envp, p->plugin_handle, per_client_context, #ifdef USE_SSL (current_cert ? certdepth : -1), current_cert #else -1, NULL #endif }; struct openvpn_plugin_args_func_return retargs; CLEAR(retargs); status = (*p->func3)(OPENVPN_PLUGINv3_STRUCTVER, &args, &retargs); retlist = retargs.return_list; } else if (p->func2) status = (*p->func2)(p->plugin_handle, type, (const char **)a.argv, envp, per_client_context, retlist); else if (p->func1) status = (*p->func1)(p->plugin_handle, type, (const char **)a.argv, envp); else ASSERT (0); msg (D_PLUGIN, "PLUGIN_CALL: POST %s/%s status=%d", p->so_pathname, plugin_type_name (type), status); if (status == OPENVPN_PLUGIN_FUNC_ERROR) msg (M_WARN, "PLUGIN_CALL: plugin function %s failed with status %d: %s", plugin_type_name (type), status, p->so_pathname); argv_reset (&a); gc_free (&gc); } return status; }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) { struct plugin_context *context; printf ("FUNC: openvpn_plugin_open_v1\n"); /* * Allocate our context */ context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp)); printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth); context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp)); printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter); /* * Which callbacks to intercept. */ *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF); return (openvpn_plugin_handle_t) context; }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) { pid_t pid; int fd[2]; struct auth_pam_context *context; struct name_value_list name_value_list; const int base_parms = 2; /* * Allocate our context */ context = (struct auth_pam_context *) calloc (1, sizeof (struct auth_pam_context)); if (!context) goto error; context->foreground_fd = -1; /* * Intercept the --auth-user-pass-verify callback. */ *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); /* * Make sure we have two string arguments: the first is the .so name, * the second is the PAM service type. */ if (string_array_len (argv) < base_parms) { fprintf (stderr, "AUTH-PAM: need PAM service parameter\n"); goto error; } /* * See if we have optional name/value pairs to match against * PAM module queried fields in the conversation function. */ name_value_list.len = 0; if (string_array_len (argv) > base_parms) { const int nv_len = string_array_len (argv) - base_parms; int i; if ((nv_len & 1) == 1 || (nv_len / 2) > N_NAME_VALUE) { fprintf (stderr, "AUTH-PAM: bad name/value list length\n"); goto error; } name_value_list.len = nv_len / 2; for (i = 0; i < name_value_list.len; ++i) { const int base = base_parms + i * 2; name_value_list.data[i].name = argv[base]; name_value_list.data[i].value = argv[base+1]; } } /* * Get verbosity level from environment */ { const char *verb_string = get_env ("verb", envp); if (verb_string) context->verb = atoi (verb_string); } /* * Make a socket for foreground and background processes * to communicate. */ if (socketpair (PF_UNIX, SOCK_DGRAM, 0, fd) == -1) { fprintf (stderr, "AUTH-PAM: socketpair call failed\n"); goto error; } /* * Fork off the privileged process. It will remain privileged * even after the foreground process drops its privileges. */ pid = fork (); if (pid) { int status; /* * Foreground Process */ context->background_pid = pid; /* close our copy of child's socket */ close (fd[1]); /* don't let future subprocesses inherit child socket */ if (fcntl (fd[0], F_SETFD, FD_CLOEXEC) < 0) fprintf (stderr, "AUTH-PAM: Set FD_CLOEXEC flag on socket file descriptor failed\n"); /* wait for background child process to initialize */ status = recv_control (fd[0]); if (status == RESPONSE_INIT_SUCCEEDED) { context->foreground_fd = fd[0]; return (openvpn_plugin_handle_t) context; } } else { /* * Background Process */ /* close all parent fds except our socket back to parent */ close_fds_except (fd[1]); /* Ignore most signals (the parent will receive them) */ set_signals (); #ifdef DO_DAEMONIZE /* Daemonize if --daemon option is set. */ daemonize (envp); #endif /* execute the event loop */ pam_server (fd[1], argv[1], context->verb, &name_value_list); close (fd[1]); exit (0); return 0; /* NOTREACHED */ } error: if (context) free (context); return NULL; }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) { struct down_root_context *context; int i = 0; /* * Allocate our context */ context = (struct down_root_context *) calloc(1, sizeof(struct down_root_context)); if (!context) { warn("DOWN-ROOT: Could not allocate memory for plug-in context"); goto error; } context->foreground_fd = -1; /* * Intercept the --up and --down callbacks */ *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN); /* * Make sure we have two string arguments: the first is the .so name, * the second is the script command. */ if (string_array_len(argv) < 2) { fprintf(stderr, "DOWN-ROOT: need down script command\n"); goto error; } /* * Save the arguments in our context */ context->command = calloc(string_array_len(argv), sizeof(char *)); if (!context->command) { warn("DOWN-ROOT: Could not allocate memory for command array"); goto error; } /* Ignore argv[0], as it contains just the plug-in file name */ for (i = 1; i < string_array_len(argv); i++) { context->command[i-1] = (char *) argv[i]; } /* * Get verbosity level from environment */ { const char *verb_string = get_env("verb", envp); if (verb_string) { context->verb = atoi(verb_string); } } return (openvpn_plugin_handle_t) context; error: free_context(context); return NULL; }
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v2 (unsigned int *type_mask, const char *argv[], const char *envp[], struct openvpn_plugin_string_list **return_list) { ldap_context_t *context; const char *daemon_string = NULL; const char *log_redirect = NULL; const char *configfile = NULL; int rc = 0; uint8_t allow_core_files = 0; /* Are we in daemonized mode? If so, are we redirecting the logs? */ daemon_string = get_env ("daemon", envp); use_syslog = 0; if( daemon_string && daemon_string[0] == '1'){ log_redirect = get_env ("daemon_log_redirect", envp); if( !(log_redirect && log_redirect[0] == '1')) use_syslog = 1; } /* * Allocate our context */ context = ldap_context_new( ); if( !context ){ LOGERROR( "Failed to initialize ldap_context, no memory available?" ); goto error; } /* * Intercept the --auth-user-pass-verify callback. */ *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); while ( ( rc = getopt ( string_array_len (argv), (char **)argv, ":H:D:c:t:WZC" ) ) != - 1 ){ switch( rc ) { case 'H': context->config->ldap->uri = strdup(optarg); break; case 'Z': context->config->ldap->ssl = strdup("start_tls"); break; case 'D': context->config->ldap->binddn = strdup(optarg); break; case 'W': context->config->ldap->bindpw = get_passwd("BindPW Password: "******"Password is %s: length: %d\n", config->bindpw, strlen(config->bindpw) ); break; case 'c': configfile = optarg; break; case 't': context->config->ldap->timeout = atoi( optarg ); break; case 'C': LOGDEBUG("Core file generation requested"); allow_core_files = 1; break; case '?': LOGERROR("Unknown Option -%c !!", optopt ); break; case ':': LOGERROR ("Missing argument for option -%c !!", optopt ); break; default: LOGERROR ("?? getopt returned character code 0%o ??", rc); abort(); } } #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE) if (allow_core_files){ LOGDEBUG ("Setting core file"); unlimit_core_size(); } #endif /** * Parse configuration file is -c filename is provided * If not provided, use a default config file OCONFIG * This file must exists even though it might be empty */ if( configfile == NULL) { configfile = OCONFIG; } if( config_parse_file( configfile, context->config ) ){ goto error; } /** * Set default config values */ config_set_default( context->config ); /* when ldap userconf is define, we need to hook onto those callbacks */ if( config_is_pf_enabled( context->config )){ *type_mask |= OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF); } #ifdef ENABLE_LDAPUSERCONF *type_mask |= OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT); #else if( config_is_redirect_gw_enabled( context->config ) ){ *type_mask |= OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2); } #endif /* * Get verbosity level from environment */ const char *verb_string = get_env ("verb", envp); if (verb_string) context->verb = atoi (verb_string); if( DODEBUG( context->verb ) ) config_dump( context->config ); /* set up mutex/cond */ pthread_mutex_init (&action_mutex, NULL); pthread_cond_init (&action_cond, NULL); /* start our authentication thread */ pthread_attr_setdetachstate(&action_thread_attr, PTHREAD_CREATE_JOINABLE); rc = pthread_create(&action_thread, &action_thread_attr, action_thread_main_loop, context); switch( rc ){ case EAGAIN: LOGERROR( "pthread_create returned EAGAIN: lacking resources" ); break; case EINVAL: LOGERROR( "pthread_create returned EINVAL: invalid attributes" ); break; case EPERM: LOGERROR( "pthread_create returned EPERM: no permission to create thread" ); break; case 0: break; default: LOGERROR( "pthread_create returned an unhandled value: %d", rc ); } if( rc == 0) return (openvpn_plugin_handle_t) context; /* Failed to initialize, free resources */ pthread_attr_destroy( &action_thread_attr ); pthread_mutex_destroy( &action_mutex ); pthread_cond_destroy( &action_cond ); error: if ( context ){ ldap_context_free (context); } return NULL; }
/** * Plugin open (init) */ OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) { OpenSSL_add_all_digests(); /* * We are only interested in intercepting the * --auth-user-pass-verify callback. */ *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); /* * Set up configuration variables * */ const char * cfg_otp_secrets = get_env("otp_secrets", argv); if (cfg_otp_secrets != NULL) { otp_secrets = strdup(cfg_otp_secrets); } LOG("OTP-AUTH: otp_secrets=%s\n", otp_secrets); const char * cfg_hotp_counter_file = get_env("hotp_counters", argv); if (cfg_otp_secrets != NULL) { hotp_counters = strdup(cfg_hotp_counter_file); } LOG("OTP-AUTH: hotp_counters=%s\n", hotp_counters); const char * cfg_otp_slop = get_env("otp_slop", argv); if (cfg_otp_slop != NULL) { otp_slop = atoi(cfg_otp_slop); } LOG("OTP-AUTH: otp_slop=%i\n", otp_slop); const char * cfg_totp_t0 = get_env("totp_t0", argv); if (cfg_totp_t0 != NULL) { totp_t0 = atoi(cfg_totp_t0); } LOG("OTP-AUTH: totp_t0=%i\n", totp_t0); const char * cfg_totp_step= get_env("totp_step", argv); if (cfg_totp_step != NULL) { totp_step = atoi(cfg_totp_step); } LOG("OTP-AUTH: totp_step=%i\n", totp_step); const char * cfg_totp_digits = get_env("totp_digits", argv); if (cfg_totp_digits != NULL) { totp_digits = atoi(cfg_totp_digits); } LOG("OTP-AUTH: totp_digits=%i\n", totp_digits); const char * cfg_motp_step = get_env("motp_step", argv); if (cfg_motp_step != NULL) { motp_step = atoi(cfg_motp_step); } LOG("OTP-AUTH: motp_step=%i\n", motp_step); const char * cfg_hotp_syncwindow = get_env("hotp_syncwindow", argv); if (cfg_hotp_syncwindow != NULL) { hotp_syncwindow = atoi(cfg_hotp_syncwindow); } LOG("OTP-AUTH: hotp_syncwindow=%i\n", hotp_syncwindow); return (openvpn_plugin_handle_t) otp_secrets; }