Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
O
OpenVPN TLS Crypt V2 Plugins
Manage
Activity
Members
Labels
Plan
Issues
0
Issue boards
Milestones
Wiki
Requirements
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Emily Ehlert
OpenVPN TLS Crypt V2 Plugins
Commits
d7528b32
Commit
d7528b32
authored
2 years ago
by
Emily Ehlert
Browse files
Options
Downloads
Patches
Plain Diff
Update rest of plugin header files
parent
ca2aef27
Branches
Branches containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
Benchmark/include/openvpn-plugin.h
+23
-96
23 additions, 96 deletions
Benchmark/include/openvpn-plugin.h
SmartcardKeyChallenge/Library/include/openvpn-plugin.h
+22
-95
22 additions, 95 deletions
SmartcardKeyChallenge/Library/include/openvpn-plugin.h
with
45 additions
and
191 deletions
Benchmark/include/openvpn-plugin.h
+
23
−
96
View file @
d7528b32
...
...
@@ -6,7 +6,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-202
2
OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2002-202
3
OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
...
...
@@ -52,8 +52,8 @@ extern "C" {
* This is will not be the complete version
*/
#define OPENVPN_VERSION_MAJOR 2
#define OPENVPN_VERSION_MINOR
5
#define OPENVPN_VERSION_PATCH ".
8
"
#define OPENVPN_VERSION_MINOR
6
#define OPENVPN_VERSION_PATCH ".
0
"
/*
* Plug-in types. These types correspond to the set of script callbacks
...
...
@@ -72,7 +72,6 @@ extern "C" {
* New Client Connection:
*
* FUNC: openvpn_plugin_client_constructor_v1
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
...
...
@@ -85,12 +84,14 @@ extern "C" {
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_CONNECT_V2
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS
*
* The OPENVPN_PLUGIN_CLIENT_CRRESPONSE function is called when the client sends
* the CR_RESPONSE message, this is *typically* after OPENVPN_PLUGIN_TLS_FINAL
* but may also occur much later.
*
* [Client session ensues]
*
* For each "TLS soft reset", according to reneg-sec option (or similar):
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
...
...
@@ -128,12 +129,13 @@ extern "C" {
#define OPENVPN_PLUGIN_LEARN_ADDRESS 8
#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9
#define OPENVPN_PLUGIN_TLS_FINAL 10
#define OPENVPN_PLUGIN_ENABLE_PF 11
/*
#define OPENVPN_PLUGIN_ENABLE_PF 11
*REMOVED FEATURE* */
#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER 13
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 14
#define OPENVPN_PLUGIN_CLIENT_KEY_WRAPPING 15
#define OPENVPN_PLUGIN_N 16
#define OPENVPN_PLUGIN_CLIENT_CRRESPONSE 15
#define OPENVPN_PLUGIN_CLIENT_KEY_WRAPPING 16
#define OPENVPN_PLUGIN_N 17
/*
* Build a mask out of a set of plug-in types.
...
...
@@ -569,6 +571,14 @@ OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_op
* auth_control_file/client_connect_deferred_file
* in the environmental variable list (envp).
*
* Additionally the auth_pending_file can be written, which causes the openvpn
* server to send a pending auth request to the client. See doc/management.txt
* for more details on this authentication mechanism. The format of the
* auth_pending_file is
* line 1: timeout in seconds
* line 2: Pending auth method the client needs to support (e.g. openurl)
* line 3: EXTRA (e.g. WEBAUTH::http://www.example.com)
*
* In addition the OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER and
* OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 are called when OpenVPN tries to
* get the deferred result. For a V2 call implementing this function is
...
...
@@ -581,49 +591,8 @@ OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_op
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See plugin/defer/simple.c for an example on using asynchronous
* authentication and client-specific packet filtering.
* See sample/sample-plugins/defer/multi-auth.c for an example on using
* asynchronous authentication.
*/
OPENVPN_PLUGIN_DEF
int
OPENVPN_PLUGIN_FUNC
(
openvpn_plugin_func_v2
)
(
openvpn_plugin_handle_t
handle
,
...
...
@@ -697,49 +666,8 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3)
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See sample/sample-plugins/defer/simple.c for an example on using
* asynchronous authentication
and client-specific packet filtering
.
* asynchronous authentication.
*/
OPENVPN_PLUGIN_DEF
int
OPENVPN_PLUGIN_FUNC
(
openvpn_plugin_func_v3
)
(
const
int
version
,
...
...
@@ -846,10 +774,9 @@ OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_destructor_v1)
#define OPENVPN_PLUGIN_INIT_POST_DAEMON 3
#define OPENVPN_PLUGIN_INIT_POST_UID_CHANGE 4
#define RESPONSE_CODE_LENGTH 2
OPENVPN_PLUGIN_DEF
int
OPENVPN_PLUGIN_FUNC
(
openvpn_plugin_select_initialization_point_v1
)
(
void
);
ppppppppppppppp
/*
* FUNCTION: openvpn_plugin_min_version_required_v1
*
...
...
This diff is collapsed.
Click to expand it.
SmartcardKeyChallenge/Library/include/openvpn-plugin.h
+
22
−
95
View file @
d7528b32
...
...
@@ -6,7 +6,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-202
2
OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2002-202
3
OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
...
...
@@ -52,8 +52,8 @@ extern "C" {
* This is will not be the complete version
*/
#define OPENVPN_VERSION_MAJOR 2
#define OPENVPN_VERSION_MINOR
5
#define OPENVPN_VERSION_PATCH ".
8
"
#define OPENVPN_VERSION_MINOR
6
#define OPENVPN_VERSION_PATCH ".
0
"
/*
* Plug-in types. These types correspond to the set of script callbacks
...
...
@@ -72,7 +72,6 @@ extern "C" {
* New Client Connection:
*
* FUNC: openvpn_plugin_client_constructor_v1
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
...
...
@@ -85,12 +84,14 @@ extern "C" {
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_CONNECT_V2
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS
*
* The OPENVPN_PLUGIN_CLIENT_CRRESPONSE function is called when the client sends
* the CR_RESPONSE message, this is *typically* after OPENVPN_PLUGIN_TLS_FINAL
* but may also occur much later.
*
* [Client session ensues]
*
* For each "TLS soft reset", according to reneg-sec option (or similar):
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
...
...
@@ -128,12 +129,13 @@ extern "C" {
#define OPENVPN_PLUGIN_LEARN_ADDRESS 8
#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9
#define OPENVPN_PLUGIN_TLS_FINAL 10
#define OPENVPN_PLUGIN_ENABLE_PF 11
/*
#define OPENVPN_PLUGIN_ENABLE_PF 11
*REMOVED FEATURE* */
#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER 13
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 14
#define OPENVPN_PLUGIN_CLIENT_KEY_WRAPPING 15
#define OPENVPN_PLUGIN_N 16
#define OPENVPN_PLUGIN_CLIENT_CRRESPONSE 15
#define OPENVPN_PLUGIN_CLIENT_KEY_WRAPPING 16
#define OPENVPN_PLUGIN_N 17
/*
* Build a mask out of a set of plug-in types.
...
...
@@ -569,6 +571,14 @@ OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_op
* auth_control_file/client_connect_deferred_file
* in the environmental variable list (envp).
*
* Additionally the auth_pending_file can be written, which causes the openvpn
* server to send a pending auth request to the client. See doc/management.txt
* for more details on this authentication mechanism. The format of the
* auth_pending_file is
* line 1: timeout in seconds
* line 2: Pending auth method the client needs to support (e.g. openurl)
* line 3: EXTRA (e.g. WEBAUTH::http://www.example.com)
*
* In addition the OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER and
* OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 are called when OpenVPN tries to
* get the deferred result. For a V2 call implementing this function is
...
...
@@ -581,49 +591,8 @@ OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_op
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See plugin/defer/simple.c for an example on using asynchronous
* authentication and client-specific packet filtering.
* See sample/sample-plugins/defer/multi-auth.c for an example on using
* asynchronous authentication.
*/
OPENVPN_PLUGIN_DEF
int
OPENVPN_PLUGIN_FUNC
(
openvpn_plugin_func_v2
)
(
openvpn_plugin_handle_t
handle
,
...
...
@@ -697,49 +666,8 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3)
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See sample/sample-plugins/defer/simple.c for an example on using
* asynchronous authentication
and client-specific packet filtering
.
* asynchronous authentication.
*/
OPENVPN_PLUGIN_DEF
int
OPENVPN_PLUGIN_FUNC
(
openvpn_plugin_func_v3
)
(
const
int
version
,
...
...
@@ -846,7 +774,6 @@ OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_destructor_v1)
#define OPENVPN_PLUGIN_INIT_POST_DAEMON 3
#define OPENVPN_PLUGIN_INIT_POST_UID_CHANGE 4
#define RESPONSE_CODE_LENGTH 2
OPENVPN_PLUGIN_DEF
int
OPENVPN_PLUGIN_FUNC
(
openvpn_plugin_select_initialization_point_v1
)
(
void
);
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
