| 1 |
torben |
113 |
/* |
| 2 |
|
|
* OpenVPN -- An application to securely tunnel IP networks |
| 3 |
|
|
* over a single TCP/UDP port, with support for SSL/TLS-based |
| 4 |
|
|
* session authentication and key exchange, |
| 5 |
|
|
* packet encryption, packet authentication, and |
| 6 |
|
|
* packet compression. |
| 7 |
|
|
* |
| 8 |
|
|
* Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> |
| 9 |
|
|
* |
| 10 |
|
|
* This program is free software; you can redistribute it and/or modify |
| 11 |
|
|
* it under the terms of the GNU General Public License version 2 |
| 12 |
|
|
* as published by the Free Software Foundation. |
| 13 |
|
|
* |
| 14 |
|
|
* This program is distributed in the hope that it will be useful, |
| 15 |
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 16 |
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 17 |
|
|
* GNU General Public License for more details. |
| 18 |
|
|
* |
| 19 |
|
|
* You should have received a copy of the GNU General Public License |
| 20 |
|
|
* along with this program (see the file COPYING included with this |
| 21 |
|
|
* distribution); if not, write to the Free Software Foundation, Inc., |
| 22 |
|
|
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 23 |
|
|
*/ |
| 24 |
|
|
|
| 25 |
|
|
/* |
| 26 |
|
|
* Plug-in types. These types correspond to the set of script callbacks |
| 27 |
|
|
* supported by OpenVPN. |
| 28 |
|
|
*/ |
| 29 |
|
|
#define OPENVPN_PLUGIN_UP 0 |
| 30 |
|
|
#define OPENVPN_PLUGIN_DOWN 1 |
| 31 |
|
|
#define OPENVPN_PLUGIN_ROUTE_UP 2 |
| 32 |
|
|
#define OPENVPN_PLUGIN_IPCHANGE 3 |
| 33 |
|
|
#define OPENVPN_PLUGIN_TLS_VERIFY 4 |
| 34 |
|
|
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5 |
| 35 |
|
|
#define OPENVPN_PLUGIN_CLIENT_CONNECT 6 |
| 36 |
|
|
#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 |
| 37 |
|
|
#define OPENVPN_PLUGIN_LEARN_ADDRESS 8 |
| 38 |
|
|
#define OPENVPN_PLUGIN_N 9 |
| 39 |
|
|
|
| 40 |
|
|
/* |
| 41 |
|
|
* Build a mask out of a set of plug-in types. |
| 42 |
|
|
*/ |
| 43 |
|
|
#define OPENVPN_PLUGIN_MASK(x) (1<<(x)) |
| 44 |
|
|
|
| 45 |
|
|
/* |
| 46 |
|
|
* A pointer to a plugin-defined object which contains |
| 47 |
|
|
* the object state. |
| 48 |
|
|
*/ |
| 49 |
|
|
typedef void *openvpn_plugin_handle_t; |
| 50 |
|
|
|
| 51 |
|
|
/* |
| 52 |
|
|
* Return value for openvpn_plugin_func_v1 function |
| 53 |
|
|
*/ |
| 54 |
|
|
#define OPENVPN_PLUGIN_FUNC_SUCCESS 0 |
| 55 |
|
|
#define OPENVPN_PLUGIN_FUNC_ERROR 1 |
| 56 |
|
|
|
| 57 |
|
|
/* |
| 58 |
|
|
* For Windows (needs to be modified for MSVC) |
| 59 |
|
|
*/ |
| 60 |
|
|
#if defined(__MINGW32_VERSION) && !defined(OPENVPN_PLUGIN_H) |
| 61 |
|
|
# define OPENVPN_EXPORT __declspec(dllexport) |
| 62 |
|
|
#else |
| 63 |
|
|
# define OPENVPN_EXPORT |
| 64 |
|
|
#endif |
| 65 |
|
|
|
| 66 |
|
|
/* |
| 67 |
|
|
* If OPENVPN_PLUGIN_H is defined, we know that we are being |
| 68 |
|
|
* included in an OpenVPN compile, rather than a plugin compile. |
| 69 |
|
|
*/ |
| 70 |
|
|
#ifdef OPENVPN_PLUGIN_H |
| 71 |
|
|
|
| 72 |
|
|
/* |
| 73 |
|
|
* We are compiling OpenVPN. |
| 74 |
|
|
*/ |
| 75 |
|
|
#define OPENVPN_PLUGIN_DEF typedef |
| 76 |
|
|
#define OPENVPN_PLUGIN_FUNC(name) (*name) |
| 77 |
|
|
|
| 78 |
|
|
#else |
| 79 |
|
|
|
| 80 |
|
|
/* |
| 81 |
|
|
* We are compiling plugin. |
| 82 |
|
|
*/ |
| 83 |
|
|
#define OPENVPN_PLUGIN_DEF OPENVPN_EXPORT |
| 84 |
|
|
#define OPENVPN_PLUGIN_FUNC(name) name |
| 85 |
|
|
|
| 86 |
|
|
#endif |
| 87 |
|
|
|
| 88 |
|
|
/* |
| 89 |
|
|
* Multiple plugin modules can be cascaded, and modules can be |
| 90 |
|
|
* used in tandem with scripts. The order of operation is that |
| 91 |
|
|
* the module func() functions are called in the order that |
| 92 |
|
|
* the modules were specified in the config file. If a script |
| 93 |
|
|
* was specified as well, it will be called last. If the |
| 94 |
|
|
* return code of the module/script controls an authentication |
| 95 |
|
|
* function (such as tls-verify or auth-user-pass-verify), then |
| 96 |
|
|
* every module and script must return success (0) in order for |
| 97 |
|
|
* the connection to be authenticated. |
| 98 |
|
|
* |
| 99 |
|
|
* Notes: |
| 100 |
|
|
* |
| 101 |
|
|
* Plugins which use a privilege-separation model (by forking in |
| 102 |
|
|
* their initialization function before the main OpenVPN process |
| 103 |
|
|
* downgrades root privileges and/or executes a chroot) must |
| 104 |
|
|
* daemonize after a fork if the "daemon" environmental variable is |
| 105 |
|
|
* set. In addition, if the "daemon_log_redirect" variable is set, |
| 106 |
|
|
* the plugin should preserve stdout/stderr across the daemon() |
| 107 |
|
|
* syscall. See the daemonize() function in plugin/auth-pam/auth-pam.c |
| 108 |
|
|
* for an example. |
| 109 |
|
|
*/ |
| 110 |
|
|
|
| 111 |
|
|
/* |
| 112 |
|
|
* Prototypes for functions which OpenVPN plug-ins must define. |
| 113 |
|
|
*/ |
| 114 |
|
|
|
| 115 |
|
|
/* |
| 116 |
|
|
* FUNCTION: openvpn_plugin_open_v1 |
| 117 |
|
|
* |
| 118 |
|
|
* REQUIRED: YES |
| 119 |
|
|
* |
| 120 |
|
|
* Called on initial plug-in load. OpenVPN will preserve plug-in state |
| 121 |
|
|
* across SIGUSR1 restarts but not across SIGHUP restarts. A SIGHUP reset |
| 122 |
|
|
* will cause the plugin to be closed and reopened. |
| 123 |
|
|
* |
| 124 |
|
|
* ARGUMENTS |
| 125 |
|
|
* |
| 126 |
|
|
* *type_mask : Set by OpenVPN to the logical OR of all script |
| 127 |
|
|
* types which this version of OpenVPN supports. The plug-in |
| 128 |
|
|
* should set this value to the logical OR of all script types |
| 129 |
|
|
* which the plug-in wants to intercept. For example, if the |
| 130 |
|
|
* script wants to intercept the client-connect and |
| 131 |
|
|
* client-disconnect script types: |
| 132 |
|
|
* |
| 133 |
|
|
* *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) |
| 134 |
|
|
* | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
| 135 |
|
|
* |
| 136 |
|
|
* argv : a NULL-terminated array of options provided to the OpenVPN |
| 137 |
|
|
* "plug-in" directive. argv[0] is the dynamic library pathname. |
| 138 |
|
|
* |
| 139 |
|
|
* envp : a NULL-terminated array of OpenVPN-set environmental |
| 140 |
|
|
* variables in "name=value" format. Note that for security reasons, |
| 141 |
|
|
* these variables are not actually written to the "official" |
| 142 |
|
|
* environmental variable store of the process. |
| 143 |
|
|
* |
| 144 |
|
|
* RETURN VALUE |
| 145 |
|
|
* |
| 146 |
|
|
* An openvpn_plugin_handle_t value on success, NULL on failure |
| 147 |
|
|
*/ |
| 148 |
|
|
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v1) |
| 149 |
|
|
(unsigned int *type_mask, const char *argv[], const char *envp[]); |
| 150 |
|
|
|
| 151 |
|
|
/* |
| 152 |
|
|
* FUNCTION: openvpn_plugin_func_v1 |
| 153 |
|
|
* |
| 154 |
|
|
* Called to perform the work of a given script type. |
| 155 |
|
|
* |
| 156 |
|
|
* REQUIRED: YES |
| 157 |
|
|
* |
| 158 |
|
|
* ARGUMENTS |
| 159 |
|
|
* |
| 160 |
|
|
* handle : the openvpn_plugin_handle_t value which was returned by |
| 161 |
|
|
* openvpn_plugin_open_v1. |
| 162 |
|
|
* |
| 163 |
|
|
* type : one of the PLUGIN_x types |
| 164 |
|
|
* |
| 165 |
|
|
* argv : a NULL-terminated array of "command line" options which |
| 166 |
|
|
* would normally be passed to the script. argv[0] is the dynamic |
| 167 |
|
|
* library pathname. |
| 168 |
|
|
* |
| 169 |
|
|
* envp : a NULL-terminated array of OpenVPN-set environmental |
| 170 |
|
|
* variables in "name=value" format. Note that for security reasons, |
| 171 |
|
|
* these variables are not actually written to the "official" |
| 172 |
|
|
* environmental variable store of the process. |
| 173 |
|
|
* |
| 174 |
|
|
* RETURN VALUE |
| 175 |
|
|
* |
| 176 |
|
|
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure |
| 177 |
|
|
*/ |
| 178 |
|
|
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v1) |
| 179 |
|
|
(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]); |
| 180 |
|
|
|
| 181 |
|
|
/* |
| 182 |
|
|
* FUNCTION: openvpn_plugin_close_v1 |
| 183 |
|
|
* |
| 184 |
|
|
* REQUIRED: YES |
| 185 |
|
|
* |
| 186 |
|
|
* ARGUMENTS |
| 187 |
|
|
* |
| 188 |
|
|
* handle : the openvpn_plugin_handle_t value which was returned by |
| 189 |
|
|
* openvpn_plugin_open_v1. |
| 190 |
|
|
* |
| 191 |
|
|
* Called immediately prior to plug-in unload. |
| 192 |
|
|
*/ |
| 193 |
|
|
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_close_v1) |
| 194 |
|
|
(openvpn_plugin_handle_t handle); |
| 195 |
|
|
|
| 196 |
|
|
/* |
| 197 |
|
|
* FUNCTION: openvpn_plugin_abort_v1 |
| 198 |
|
|
* |
| 199 |
|
|
* REQUIRED: NO |
| 200 |
|
|
* |
| 201 |
|
|
* ARGUMENTS |
| 202 |
|
|
* |
| 203 |
|
|
* handle : the openvpn_plugin_handle_t value which was returned by |
| 204 |
|
|
* openvpn_plugin_open_v1. |
| 205 |
|
|
* |
| 206 |
|
|
* Called when OpenVPN is in the process of aborting due to a fatal error. |
| 207 |
|
|
* Will only be called on an open context returned by a prior successful |
| 208 |
|
|
* openvpn_plugin_open_v1 callback. |
| 209 |
|
|
*/ |
| 210 |
|
|
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_abort_v1) |
| 211 |
|
|
(openvpn_plugin_handle_t handle); |
Parent Directory
| 
Revision Log