- Removed the dependency on an SSL library for USE_SSL when creating non-SSL plugins
- Fixed example plugin code to include USE_SSL when needed
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
if (plugin_defined (plugins, OPENVPN_PLUGIN_ROUTE_UP))
{
- if (plugin_call (plugins, OPENVPN_PLUGIN_ROUTE_UP, NULL, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (plugins, OPENVPN_PLUGIN_ROUTE_UP, NULL, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_WARN, "WARNING: route-up plugin call failed");
}
ifconfig_local, ifconfig_remote,
context);
- if (plugin_call (plugins, plugin_type, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (plugins, plugin_type, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_FATAL, "ERROR: up/down plugin call failed");
argv_reset (&argv);
mroute_addr_print (addr, &gc));
if (mi)
argv_printf_cat (&argv, "%s", tls_common_name (mi->context.c2.tls_multi, false));
- if (plugin_call (plugins, OPENVPN_PLUGIN_LEARN_ADDRESS, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (plugins, OPENVPN_PLUGIN_LEARN_ADDRESS, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
msg (M_WARN, "WARNING: learn-address plugin call failed");
ret = false;
if (plugin_defined (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT))
{
- if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT, NULL, NULL, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_DISCONNECT, NULL, NULL, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_WARN, "WARNING: client-disconnect plugin call failed");
}
}
argv_printf (&argv, "%s", dc_file);
- if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT, &argv, NULL, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT, &argv, NULL, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
msg (M_WARN, "WARNING: client-connect plugin call failed");
cc_succeeded = false;
plugin_return_init (&pr);
- if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, NULL, &pr, mi->context.c2.es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (mi->context.plugins, OPENVPN_PLUGIN_CLIENT_CONNECT_V2, NULL, &pr, mi->context.c2.es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
msg (M_WARN, "WARNING: client-connect-v2 plugin call failed");
cc_succeeded = false;
#ifndef OPENVPN_PLUGIN_H_
#define OPENVPN_PLUGIN_H_
-#ifdef USE_OPENSSL
+#ifdef USE_SSL
+#if defined(USE_OPENSSL)
#include "ssl_verify_openssl.h"
-#endif
-#ifdef USE_POLARSSL
+#elif defined(USE_POLARSSL)
#include "ssl_verify_polarssl.h"
+#else
+#error "Either USE_OPENSSL or USE_POLARSSL should be defined"
#endif
+#endif /*USE_SSL*/
#define OPENVPN_PLUGIN_VERSION 3
* *per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*
- * current_cert_depth : Certificate depth of the certificate being passed over
+ * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with USE_SSL defined)
*
- * *current_cert : X509 Certificate object received from the client
+ * *current_cert : X509 Certificate object received from the client (only if compiled with USE_SSL defined)
*
*/
struct openvpn_plugin_args_func_in
const char ** const envp;
openvpn_plugin_handle_t handle;
void *per_client_context;
+#ifdef USE_SSL
int current_cert_depth;
x509_cert_t *current_cert;
+#else
+ int current_cert_depth; /* Unused, for compatibility purposes only */
+ void *current_cert; /* Unused, for compatibility purposes only */
+#endif
};
if( pf_file ) {
setenv_str (c->c2.es, "pf_file", pf_file);
- if (plugin_call (c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es, -1, NULL) == OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es) == OPENVPN_PLUGIN_FUNC_SUCCESS)
{
event_timeout_init (&c->c2.pf.reload, 1, now);
c->c2.pf.filename = string_alloc (pf_file, NULL);
const int type,
const struct argv *av,
struct openvpn_plugin_string_list **retlist,
- const char **envp,
- int certdepth,
- x509_cert_t *current_cert)
+ const char **envp
+#ifdef USE_SSL
+ , int certdepth,
+ x509_cert_t *current_cert
+#endif
+ )
{
int status = OPENVPN_PLUGIN_FUNC_SUCCESS;
(const char ** const) envp,
p->plugin_handle,
per_client_context,
- (current_cert ? certdepth : -1),
- current_cert };
+#ifdef USE_SSL
+ (current_cert ? certdepth : -1),
+ current_cert
+#else
+ -1,
+ NULL
+#endif
+ };
+
struct openvpn_plugin_args_func_return retargs;
CLEAR(retargs);
}
int
-plugin_call (const struct plugin_list *pl,
+plugin_call_ssl (const struct plugin_list *pl,
const int type,
const struct argv *av,
struct plugin_return *pr,
- struct env_set *es,
- int certdepth,
- x509_cert_t *current_cert)
+ struct env_set *es
+#ifdef USE_SSL
+ , int certdepth,
+ x509_cert_t *current_cert
+#endif
+ )
{
if (pr)
plugin_return_init (pr);
type,
av,
pr ? &pr->list[i] : NULL,
- envp,
- certdepth, current_cert);
+ envp
+#ifdef USE_SSL
+ ,certdepth,
+ current_cert
+#endif
+ );
switch (status)
{
case OPENVPN_PLUGIN_FUNC_SUCCESS:
struct plugin_list *plugin_list_inherit (const struct plugin_list *src);
-int plugin_call (const struct plugin_list *pl,
+
+static inline int
+plugin_call(const struct plugin_list *pl,
+ const int type,
+ const struct argv *av,
+ struct plugin_return *pr,
+ struct env_set *es)
+{
+ return plugin_call_ssl(pl, type, av, pr, es
+#ifdef USE_SSL
+ -1, NULL
+#endif
+ );
+}
+
+int plugin_call_ssl (const struct plugin_list *pl,
const int type,
const struct argv *av,
struct plugin_return *pr,
- struct env_set *es,
- int current_cert_depth,
- x509_cert_t *current_cert);
+ struct env_set *es
+#ifdef USE_SSL
+ , int current_cert_depth,
+ x509_cert_t *current_cert
+#endif
+ );
void plugin_list_close (struct plugin_list *pl);
bool plugin_defined (const struct plugin_list *pl, const int type);
const int type,
const struct argv *av,
struct plugin_return *pr,
- struct env_set *es,
- int current_cert_depth,
- x509_cert_t *current_cert)
+ struct env_set *es
+#ifdef USE_SSL
+ , int current_cert_depth,
+ x509_cert_t *current_cert
+#endif
+ )
{
return 0;
}
#include <string.h>
#include <stdlib.h>
+#define USE_SSL
+#define USE_OPENSSL
+
#include "openvpn-plugin.h"
/*
{
struct argv argv = argv_new ();
ipchange_fmt (false, &argv, info, &gc);
- if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_WARN, "WARNING: ipchange plugin call failed");
argv_reset (&argv);
}
*/
if (ks->authenticated && plugin_defined (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL))
{
- if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es, -1, NULL) != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
ks->authenticated = false;
}
argv_printf (&argv, "%d %s", cert_depth, subject);
- ret = plugin_call (plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert);
+ ret = plugin_call_ssl (plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert);
argv_reset (&argv);
#endif
/* call command */
- retval = plugin_call (session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, NULL, NULL, session->opt->es, -1, NULL);
+ retval = plugin_call (session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY, NULL, NULL, session->opt->es);
#ifdef PLUGIN_DEF_AUTH
/* purge auth control filename (and file itself) for non-deferred returns */
projects / thirdparty / openvpn.git / commitdiff
