#define RESPONSE_VERIFY_SUCCEEDED 12
#define RESPONSE_VERIFY_FAILED 13
+/* Pointers to functions exported from openvpn */
+static plugin_secure_memzero_t plugin_secure_memzero = NULL;
+
/*
* Plugin state, used by foreground
*/
return strncasecmp(match, query, strlen(match)) == 0;
}
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
+OPENVPN_EXPORT int
+openvpn_plugin_open_v3(const int v3structver,
+ struct openvpn_plugin_args_open_in const *args,
+ struct openvpn_plugin_args_open_return *ret)
{
pid_t pid;
int fd[2];
const int base_parms = 2;
+ const char **argv = args->argv;
+ const char **envp = args->envp;
+
+ /* Check API compatibility -- struct version 4 or higher needed */
+ if (v3structver < 4)
+ {
+ fprintf(stderr, "AUTH-PAM: This plugin is incompatible with the running version of OpenVPN\n");
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ }
+
/*
* Allocate our context
*/
/*
* Intercept the --auth-user-pass-verify callback.
*/
- *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
+ ret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
+
+ /* Save global pointers to functions exported from openvpn */
+ plugin_secure_memzero = args->callbacks->plugin_secure_memzero;
/*
* Make sure we have two string arguments: the first is the .so name,
if (status == RESPONSE_INIT_SUCCEEDED)
{
context->foreground_fd = fd[0];
- return (openvpn_plugin_handle_t) context;
+ ret->handle = (openvpn_plugin_handle_t *) context;
+ return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
}
else
{
free(context);
}
- return NULL;
+ return OPENVPN_PLUGIN_FUNC_ERROR;
}
OPENVPN_EXPORT int
goto done;
}
}
+ plugin_secure_memzero(up.password, sizeof(up.password));
break;
case COMMAND_EXIT:
}
done:
+ plugin_secure_memzero(up.password, sizeof(up.password));
#ifdef USE_PAM_DLOPEN
dlclose_pam();
#endif
projects / thirdparty / openvpn.git / commitdiff
