openvpn/openvpn-auth_mysql/openvpn-plugin.h

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program (see the file COPYING included with this
 *  distribution); if not, write to the Free Software Foundation, Inc.,
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

/*
 * Plug-in types.  These types correspond to the set of script callbacks
 * supported by OpenVPN.
 */
#define OPENVPN_PLUGIN_UP                    0
#define OPENVPN_PLUGIN_DOWN                  1
#define OPENVPN_PLUGIN_ROUTE_UP              2
#define OPENVPN_PLUGIN_IPCHANGE              3
#define OPENVPN_PLUGIN_TLS_VERIFY            4
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5
#define OPENVPN_PLUGIN_CLIENT_CONNECT        6
#define OPENVPN_PLUGIN_CLIENT_DISCONNECT     7
#define OPENVPN_PLUGIN_LEARN_ADDRESS         8
#define OPENVPN_PLUGIN_N                     9

/*
 * Build a mask out of a set of plug-in types.
 */
#define OPENVPN_PLUGIN_MASK(x) (1<<(x))

/*
 * A pointer to a plugin-defined object which contains
 * the object state.
 */
typedef void *openvpn_plugin_handle_t;

/*
 * Return value for openvpn_plugin_func_v1 function
 */
#define OPENVPN_PLUGIN_FUNC_SUCCESS  0
#define OPENVPN_PLUGIN_FUNC_ERROR    1

/*
 * For Windows (needs to be modified for MSVC)
 */
#if defined(__MINGW32_VERSION) && !defined(OPENVPN_PLUGIN_H)
# define OPENVPN_EXPORT __declspec(dllexport)
#else
# define OPENVPN_EXPORT
#endif

/*
 * If OPENVPN_PLUGIN_H is defined, we know that we are being
 * included in an OpenVPN compile, rather than a plugin compile.
 */
#ifdef OPENVPN_PLUGIN_H

/*
 * We are compiling OpenVPN.
 */
#define OPENVPN_PLUGIN_DEF        typedef
#define OPENVPN_PLUGIN_FUNC(name) (*name)

#else

/*
 * We are compiling plugin.
 */
#define OPENVPN_PLUGIN_DEF        OPENVPN_EXPORT
#define OPENVPN_PLUGIN_FUNC(name) name

#endif

/*
 * Multiple plugin modules can be cascaded, and modules can be
 * used in tandem with scripts.  The order of operation is that
 * the module func() functions are called in the order that
 * the modules were specified in the config file.  If a script
 * was specified as well, it will be called last.  If the
 * return code of the module/script controls an authentication
 * function (such as tls-verify or auth-user-pass-verify), then
 * every module and script must return success (0) in order for
 * the connection to be authenticated.
 *
 * Notes:
 *
 * Plugins which use a privilege-separation model (by forking in
 * their initialization function before the main OpenVPN process
 * downgrades root privileges and/or executes a chroot) must
 * daemonize after a fork if the "daemon" environmental variable is
 * set.  In addition, if the "daemon_log_redirect" variable is set,
 * the plugin should preserve stdout/stderr across the daemon()
 * syscall.  See the daemonize() function in plugin/auth-pam/auth-pam.c
 * for an example.
 */

/*
 * Prototypes for functions which OpenVPN plug-ins must define.
 */

/*
 * FUNCTION: openvpn_plugin_open_v1
 *
 * REQUIRED: YES
 * 
 * Called on initial plug-in load.  OpenVPN will preserve plug-in state
 * across SIGUSR1 restarts but not across SIGHUP restarts.  A SIGHUP reset
 * will cause the plugin to be closed and reopened.
 *
 * ARGUMENTS
 *
 * *type_mask : Set by OpenVPN to the logical OR of all script
 *              types which this version of OpenVPN supports.  The plug-in
 *              should set this value to the logical OR of all script types
 *              which the plug-in wants to intercept.  For example, if the
 *              script wants to intercept the client-connect and
 *              client-disconnect script types:
 *
 *              *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
 *                         | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
 *
 * argv : a NULL-terminated array of options provided to the OpenVPN
 *        "plug-in" directive.  argv[0] is the dynamic library pathname.
 *
 * envp : a NULL-terminated array of OpenVPN-set environmental
 *        variables in "name=value" format.  Note that for security reasons,
 *        these variables are not actually written to the "official"
 *        environmental variable store of the process.
 *
 * RETURN VALUE
 *
 * An openvpn_plugin_handle_t value on success, NULL on failure
 */
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v1)
     (unsigned int *type_mask, const char *argv[], const char *envp[]);

/*
 * FUNCTION: openvpn_plugin_func_v1
 *
 * Called to perform the work of a given script type.
 *
 * REQUIRED: YES
 * 
 * ARGUMENTS
 *
 * handle : the openvpn_plugin_handle_t value which was returned by
 *          openvpn_plugin_open_v1.
 *
 * type : one of the PLUGIN_x types
 *
 * argv : a NULL-terminated array of "command line" options which
 *        would normally be passed to the script.  argv[0] is the dynamic
 *        library pathname.
 *
 * envp : a NULL-terminated array of OpenVPN-set environmental
 *        variables in "name=value" format.  Note that for security reasons,
 *        these variables are not actually written to the "official"
 *        environmental variable store of the process.
 *
 * RETURN VALUE
 *
 * OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
 */
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v1)
     (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]);

/*
 * FUNCTION: openvpn_plugin_close_v1
 *
 * REQUIRED: YES
 * 
 * ARGUMENTS
 *
 * handle : the openvpn_plugin_handle_t value which was returned by
 *          openvpn_plugin_open_v1.
 *
 * Called immediately prior to plug-in unload.
 */
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_close_v1)
     (openvpn_plugin_handle_t handle);

/*
 * FUNCTION: openvpn_plugin_abort_v1
 *
 * REQUIRED: NO
 * 
 * ARGUMENTS
 *
 * handle : the openvpn_plugin_handle_t value which was returned by
 *          openvpn_plugin_open_v1.
 *
 * Called when OpenVPN is in the process of aborting due to a fatal error.
 * Will only be called on an open context returned by a prior successful
 * openvpn_plugin_open_v1 callback.
 */
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_abort_v1)
     (openvpn_plugin_handle_t handle);
1	/*
2	* OpenVPN -- An application to securely tunnel IP networks
3	* over a single TCP/UDP port, with support for SSL/TLS-based
4	* session authentication and key exchange,
5	* packet encryption, packet authentication, and
6	* packet compression.
7	*
8	* Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
9	*
10	* This program is free software; you can redistribute it and/or modify
11	* it under the terms of the GNU General Public License version 2
12	* as published by the Free Software Foundation.
13	*
14	* This program is distributed in the hope that it will be useful,
15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program (see the file COPYING included with this
21	* distribution); if not, write to the Free Software Foundation, Inc.,
22	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23	*/
24
25	/*
26	* Plug-in types. These types correspond to the set of script callbacks
27	* supported by OpenVPN.
28	*/
29	#define OPENVPN_PLUGIN_UP 0
30	#define OPENVPN_PLUGIN_DOWN 1
31	#define OPENVPN_PLUGIN_ROUTE_UP 2
32	#define OPENVPN_PLUGIN_IPCHANGE 3
33	#define OPENVPN_PLUGIN_TLS_VERIFY 4
34	#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5
35	#define OPENVPN_PLUGIN_CLIENT_CONNECT 6
36	#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7
37	#define OPENVPN_PLUGIN_LEARN_ADDRESS 8
38	#define OPENVPN_PLUGIN_N 9
39
40	/*
41	* Build a mask out of a set of plug-in types.
42	*/
43	#define OPENVPN_PLUGIN_MASK(x) (1<<(x))
44
45	/*
46	* A pointer to a plugin-defined object which contains
47	* the object state.
48	*/
49	typedef void *openvpn_plugin_handle_t;
50
51	/*
52	* Return value for openvpn_plugin_func_v1 function
53	*/
54	#define OPENVPN_PLUGIN_FUNC_SUCCESS 0
55	#define OPENVPN_PLUGIN_FUNC_ERROR 1
56
57	/*
58	* For Windows (needs to be modified for MSVC)
59	*/
60	#if defined(__MINGW32_VERSION) && !defined(OPENVPN_PLUGIN_H)
61	# define OPENVPN_EXPORT __declspec(dllexport)
62	#else
63	# define OPENVPN_EXPORT
64	#endif
65
66	/*
67	* If OPENVPN_PLUGIN_H is defined, we know that we are being
68	* included in an OpenVPN compile, rather than a plugin compile.
69	*/
70	#ifdef OPENVPN_PLUGIN_H
71
72	/*
73	* We are compiling OpenVPN.
74	*/
75	#define OPENVPN_PLUGIN_DEF typedef
76	#define OPENVPN_PLUGIN_FUNC(name) (*name)
77
78	#else
79
80	/*
81	* We are compiling plugin.
82	*/
83	#define OPENVPN_PLUGIN_DEF OPENVPN_EXPORT
84	#define OPENVPN_PLUGIN_FUNC(name) name
85
86	#endif
87
88	/*
89	* Multiple plugin modules can be cascaded, and modules can be
90	* used in tandem with scripts. The order of operation is that
91	* the module func() functions are called in the order that
92	* the modules were specified in the config file. If a script
93	* was specified as well, it will be called last. If the
94	* return code of the module/script controls an authentication
95	* function (such as tls-verify or auth-user-pass-verify), then
96	* every module and script must return success (0) in order for
97	* the connection to be authenticated.
98	*
99	* Notes:
100	*
101	* Plugins which use a privilege-separation model (by forking in
102	* their initialization function before the main OpenVPN process
103	* downgrades root privileges and/or executes a chroot) must
104	* daemonize after a fork if the "daemon" environmental variable is
105	* set. In addition, if the "daemon_log_redirect" variable is set,
106	* the plugin should preserve stdout/stderr across the daemon()
107	* syscall. See the daemonize() function in plugin/auth-pam/auth-pam.c
108	* for an example.
109	*/
110
111	/*
112	* Prototypes for functions which OpenVPN plug-ins must define.
113	*/
114
115	/*
116	* FUNCTION: openvpn_plugin_open_v1
117	*
118	* REQUIRED: YES
119	*
120	* Called on initial plug-in load. OpenVPN will preserve plug-in state
121	* across SIGUSR1 restarts but not across SIGHUP restarts. A SIGHUP reset
122	* will cause the plugin to be closed and reopened.
123	*
124	* ARGUMENTS
125	*
126	* *type_mask : Set by OpenVPN to the logical OR of all script
127	* types which this version of OpenVPN supports. The plug-in
128	* should set this value to the logical OR of all script types
129	* which the plug-in wants to intercept. For example, if the
130	* script wants to intercept the client-connect and
131	* client-disconnect script types:
132	*
133	* *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
134	* \| OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
135	*
136	* argv : a NULL-terminated array of options provided to the OpenVPN
137	* "plug-in" directive. argv[0] is the dynamic library pathname.
138	*
139	* envp : a NULL-terminated array of OpenVPN-set environmental
140	* variables in "name=value" format. Note that for security reasons,
141	* these variables are not actually written to the "official"
142	* environmental variable store of the process.
143	*
144	* RETURN VALUE
145	*
146	* An openvpn_plugin_handle_t value on success, NULL on failure
147	*/
148	OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v1)
149	(unsigned int type_mask, const char argv[], const char *envp[]);
150
151	/*
152	* FUNCTION: openvpn_plugin_func_v1
153	*
154	* Called to perform the work of a given script type.
155	*
156	* REQUIRED: YES
157	*
158	* ARGUMENTS
159	*
160	* handle : the openvpn_plugin_handle_t value which was returned by
161	* openvpn_plugin_open_v1.
162	*
163	* type : one of the PLUGIN_x types
164	*
165	* argv : a NULL-terminated array of "command line" options which
166	* would normally be passed to the script. argv[0] is the dynamic
167	* library pathname.
168	*
169	* envp : a NULL-terminated array of OpenVPN-set environmental
170	* variables in "name=value" format. Note that for security reasons,
171	* these variables are not actually written to the "official"
172	* environmental variable store of the process.
173	*
174	* RETURN VALUE
175	*
176	* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
177	*/
178	OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v1)
179	(openvpn_plugin_handle_t handle, const int type, const char argv[], const char envp[]);
180
181	/*
182	* FUNCTION: openvpn_plugin_close_v1
183	*
184	* REQUIRED: YES
185	*
186	* ARGUMENTS
187	*
188	* handle : the openvpn_plugin_handle_t value which was returned by
189	* openvpn_plugin_open_v1.
190	*
191	* Called immediately prior to plug-in unload.
192	*/
193	OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_close_v1)
194	(openvpn_plugin_handle_t handle);
195
196	/*
197	* FUNCTION: openvpn_plugin_abort_v1
198	*
199	* REQUIRED: NO
200	*
201	* ARGUMENTS
202	*
203	* handle : the openvpn_plugin_handle_t value which was returned by
204	* openvpn_plugin_open_v1.
205	*
206	* Called when OpenVPN is in the process of aborting due to a fatal error.
207	* Will only be called on an open context returned by a prior successful
208	* openvpn_plugin_open_v1 callback.
209	*/
210	OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_abort_v1)
211	(openvpn_plugin_handle_t handle);