plugin: Extend the plug-in v3 API to identify the SSL implementation used

author David Sommerseth <davids@redhat.com>

Wed, 3 Jul 2013 19:17:10 +0000 (21:17 +0200)

committer Gert Doering <gert@greenie.muc.de>

Wed, 3 Jul 2013 19:20:59 +0000 (21:20 +0200)
author David Sommerseth <davids@redhat.com>
Wed, 3 Jul 2013 19:17:10 +0000 (21:17 +0200)
committer Gert Doering <gert@greenie.muc.de>
Wed, 3 Jul 2013 19:20:59 +0000 (21:20 +0200)
diff --git a/include/openvpn-plugin.h b/include/openvpn-plugin.h

index 0879f49046cde576b89db1141e790b1d26ef098c..03da92abbba940341daf9c4b055521c15d741030 100644 (file)
--- a/include/openvpn-plugin.h
+++ b/include/openvpn-plugin.h
@@ -201,10 +201,15 @@ struct openvpn_plugin_string_list
   *
   * Version   Comment
   *    1      Initial plugin v3 structures providing the same API as
- *           the v2 plugin interface + X509 certificate information.
+ *           the v2 plugin interface, X509 certificate information +
+ *           a logging API for plug-ins.
+ *
+ *    2      Added ssl_api member in struct openvpn_plugin_args_open_in
+ *           which identifies the SSL implementation OpenVPN is compiled
+ *           against.
   *
   */
-#define OPENVPN_PLUGINv3_STRUCTVER 1
+#define OPENVPN_PLUGINv3_STRUCTVER 2
  
  /**
   * Definitions needed for the plug-in callback functions.
@@ -259,6 +264,18 @@ struct openvpn_plugin_callbacks
    plugin_vlog_t   plugin_vlog;
  };
  
+/**
+ * Used by the openvpn_plugin_open_v3() function to indicate to the
+ * plug-in what kind of SSL implementation OpenVPN uses.  This is
+ * to avoid SEGV issues when OpenVPN is complied against PolarSSL
+ * and the plug-in against OpenSSL.
+ */
+typedef enum {
+  SSLAPI_NONE,
+  SSLAPI_OPENSSL,
+  SSLAPI_POLARSSL
+} ovpnSSLAPI;
+
  /**
   * Arguments used to transport variables to the plug-in.
   * The struct openvpn_plugin_args_open_in is only used
@@ -286,6 +303,7 @@ struct openvpn_plugin_args_open_in
    const char ** const argv;
    const char ** const envp;
    struct openvpn_plugin_callbacks *callbacks;
+  const ovpnSSLAPI ssl_api;
  };
  
  
@@ -557,7 +575,8 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v2)
   * ARGUMENTS
   *
   * version : fixed value, defines the API version of the OpenVPN plug-in API.  The plug-in
- *          should validate that this value is matching the OPENVPN_PLUGIN_VERSION value.
+ *          should validate that this value is matching the OPENVPN_PLUGINv3_STRUCTVER
+ *          value.
   *
   * arguments : Structure with all arguments available to the plug-in.
   *
diff --git a/sample/sample-plugins/log/build b/sample/sample-plugins/log/build

index bbb05f7c786cf8877b02e86c410ebc1960f66fef..c07ec4080fda6d7949c7883ce94e7dc60f6b581e 100755 (executable)
--- a/sample/sample-plugins/log/build
+++ b/sample/sample-plugins/log/build
@@ -6,7 +6,7 @@
  #
  
  # This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../..}"
+CPPFLAGS="${CPPFLAGS:--I../../../include}"
  
  CC="${CC:-gcc}"
  CFLAGS="${CFLAGS:--O2 -Wall -g}"
diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c

index 742c756838eeaa4e2cb0c8f208191b3e1ec83773..4d3af91ad9367dae28513d7410075d1f3a9c77cb 100644 (file)
--- a/sample/sample-plugins/log/log_v3.c
+++ b/sample/sample-plugins/log/log_v3.c
@@ -85,6 +85,11 @@ openvpn_plugin_open_v3 (const int v3structver,
      return OPENVPN_PLUGIN_FUNC_ERROR;
    }
  
+  if( args->ssl_api != SSLAPI_OPENSSL ) {
+    printf("This plug-in can only be used against OpenVPN with OpenSSL\n");
+    return OPENVPN_PLUGIN_FUNC_ERROR;
+  }
+
    /*  Which callbacks to intercept.  */
    ret->type_mask =
      OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c

index c96c121f21aaa5aa5562421a326c8b17c88ec6f2..0948f238514a5e2bf208c15a8c9f5348b09611b9 100644 (file)
--- a/src/openvpn/plugin.c
+++ b/src/openvpn/plugin.c
@@ -40,8 +40,8 @@
  #include "error.h"
  #include "misc.h"
  #include "plugin.h"
+#include "ssl_backend.h"
  #include "win32.h"
-
  #include "memdbg.h"
  
  #define PLUGIN_SYMBOL_REQUIRED (1<<0)
@@ -374,7 +374,8 @@ plugin_open_item (struct plugin *p,
          struct openvpn_plugin_args_open_in args = { p->plugin_type_mask,
                                                      (const char ** const) o->argv,
                                                      (const char ** const) envp,
-                                                    &callbacks };
+                                                    &callbacks,
+                                                    SSLAPI };
          struct openvpn_plugin_args_open_return retargs;
  
          CLEAR(retargs);
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h

index 72235ae5b70baefbb98c1b018719efe48227109f..b1dce2214e68368b9b9488650e5fbdbf92cb3cce 100644 (file)
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -36,10 +36,17 @@
  #ifdef ENABLE_CRYPTO_OPENSSL
  #include "ssl_openssl.h"
  #include "ssl_verify_openssl.h"
+#define SSLAPI SSLAPI_OPENSSL
  #endif
  #ifdef ENABLE_CRYPTO_POLARSSL
  #include "ssl_polarssl.h"
  #include "ssl_verify_polarssl.h"
+#define SSLAPI SSLAPI_POLARSSL
+#endif
+
+/* Ensure that SSLAPI got a sane value if SSL is disabled or unknown */
+#ifndef SSLAPI
+#define SSLAPI SSLAPI_NONE
  #endif
  
  /**
author	David Sommerseth <davids@redhat.com>
	Wed, 3 Jul 2013 19:17:10 +0000 (21:17 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 3 Jul 2013 19:20:59 +0000 (21:20 +0200)
include/openvpn-plugin.h		patch \| blob \| blame \| history
sample/sample-plugins/log/build		patch \| blob \| blame \| history
sample/sample-plugins/log/log_v3.c		patch \| blob \| blame \| history
src/openvpn/plugin.c		patch \| blob \| blame \| history
src/openvpn/ssl_backend.h		patch \| blob \| blame \| history