rpms/eurephia/F-12 eurephia-1.0.0_buildfix.patch, NONE, 1.1 eurephia-1.0.0_misc_fixes.patch, NONE, 1.1 eurephia.spec, NONE, 1.1 import.log, NONE, 1.1 openvpn-plugin.h, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
dsommers
dsommers at fedoraproject.org
Fri Jul 16 17:51:51 UTC 2010
Author: dsommers
Update of /cvs/pkgs/rpms/eurephia/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv29119/F-12
Modified Files:
.cvsignore sources
Added Files:
eurephia-1.0.0_buildfix.patch eurephia-1.0.0_misc_fixes.patch
eurephia.spec import.log openvpn-plugin.h
Log Message:
Imported eurephia-1.0.0-8.f12.src.rpm
eurephia-1.0.0_buildfix.patch:
CMakeLists.txt | 40 +++++++++++++++++++++++++++++++---------
1 file changed, 31 insertions(+), 9 deletions(-)
--- NEW FILE eurephia-1.0.0_buildfix.patch ---
commit 6f8aaceabb37e350765bb1f2f895242cbf3e7521
Author: David Sommerseth <dazo at users.sourceforge.net>
Date: Thu Jul 8 11:30:33 2010 +0200
Added extra checks for POSIX semaphore functions
On Fedora 13 and Rawhide, the sem_wait(), sem_timedwait() and sem_post() functions
is no longer available in librt, only in libpthread. Added extra CMake checks to
check if the functions are in libpthread if not found in librt.
diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt
index d644961..0b9381d 100644
--- a/plugin/CMakeLists.txt
+++ b/plugin/CMakeLists.txt
@@ -20,10 +20,37 @@
PROJECT(eurephia-auth C)
cmake_minimum_required(VERSION 2.6)
-# Check for librt functions which we use
-CHECK_LIBRARY_EXISTS(rt sem_wait "" HAVE_RT_SEM_WAIT)
-CHECK_LIBRARY_EXISTS(rt sem_timedwait "" HAVE_RT_SEM_TIMEDWAIT)
-CHECK_LIBRARY_EXISTS(rt sem_post "" HAVE_RT_SEM_POST)
+# Check for POSIX semaphore functions which we use
+CHECK_LIBRARY_EXISTS(rt sem_wait "" HAVE_SEM_WAIT)
+CHECK_LIBRARY_EXISTS(rt sem_timedwait "" HAVE_SEM_TIMEDWAIT)
+CHECK_LIBRARY_EXISTS(rt sem_post "" HAVE_SEM_POST)
+
+# Extra checks if sem_* functions is not found in librt, do not accept failures
+IF(NOT HAVE_SEM_WAIT)
+ message(STATUS "* sem_wait was not found in librt, trying libpthread")
+ CHECK_LIBRARY_EXISTS(pthread sem_wait "" HAVE_SEM_WAIT2)
+ IF(NOT HAVE_SEM_WAIT2)
+ message(FATAL_ERROR "Missing proper pthread semaphore support")
+ ENDIF(NOT HAVE_SEM_WAIT2)
+ENDIF(NOT HAVE_SEM_WAIT)
+
+IF(NOT HAVE_SEM_TIMEDWAIT)
+ message(STATUS "* sem_timedwait was not found in librt, trying libpthread")
+ CHECK_LIBRARY_EXISTS(pthread sem_timedwait "" HAVE_SEM_TIMEDWAIT2)
+ IF(NOT HAVE_SEM_TIMEDWAIT2)
+ message(FATAL_ERROR "Missing proper pthread semaphore support")
+ ENDIF(NOT HAVE_SEM_TIMEDWAIT2)
+ENDIF(NOT HAVE_SEM_TIMEDWAIT)
+
+IF(NOT HAVE_SEM_POST)
+ message(STATUS "* sem_post was not found in librt, trying libpthread")
+ CHECK_LIBRARY_EXISTS(pthread sem_post "" HAVE_SEM_POST2)
+ IF(NOT HAVE_SEM_POST2)
+ message(FATAL_ERROR "Missing proper pthread semaphore support")
+ ENDIF(NOT HAVE_SEM_POST2)
+ENDIF(NOT HAVE_SEM_POST)
+
+# Check for POSIX MQ functions which we use
CHECK_LIBRARY_EXISTS(rt mq_open "" HAVE_RT_MQ_OPEN)
CHECK_LIBRARY_EXISTS(rt mq_close "" HAVE_RT_MQ_CLOSE)
CHECK_LIBRARY_EXISTS(rt mq_unlink "" HAVE_RT_MQ_UNLINK)
@@ -31,11 +58,6 @@ CHECK_LIBRARY_EXISTS(rt mq_send "" HAVE_RT_MQ_SEND)
CHECK_LIBRARY_EXISTS(rt mq_receive "" HAVE_RT_MQ_RECEIVE)
CHECK_LIBRARY_EXISTS(rt mq_getattr "" HAVE_RT_MQ_GETATTR)
-# Fail if we're missing some features - semaphore functions
-IF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_TIMEDWAIT OR NOT HAVE_RT_SEM_POST)
- message(FATAL_ERROR "Missing proper pthread semaphore support")
-ENDIF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_TIMEDWAIT OR NOT HAVE_RT_SEM_POST)
-
# Fail if we're missing some features - Posix Message Queue functions
IF(NOT HAVE_RT_MQ_OPEN OR NOT HAVE_RT_MQ_CLOSE OR NOT HAVE_RT_MQ_UNLINK OR NOT HAVE_RT_MQ_SEND OR NOT HAVE_RT_MQ_RECEIVE OR NOT HAVE_RT_MQ_GETATTR)
message(FATAL_ERROR "Missing proper pthread message queue support")
eurephia-1.0.0_misc_fixes.patch:
eurephiadm/client_session.c | 2 +-
eurephiadm/eurephiadm.c | 2 +-
eurephiadm/get_console_input.c | 8 ++++++--
utils/eurephia_init.c | 4 ++--
4 files changed, 10 insertions(+), 6 deletions(-)
--- NEW FILE eurephia-1.0.0_misc_fixes.patch ---
commit 050585311ac7e6f17a0d4e33650ea3a5a4ee182b
Author: David Sommerseth <dazo at users.sourceforge.net>
Date: Thu Jul 8 14:13:41 2010 +0200
Fixed a buffer overflow issue in eurephia_init
diff --git a/utils/eurephia_init.c b/utils/eurephia_init.c
index ed03690..fd28f68 100644
--- a/utils/eurephia_init.c
+++ b/utils/eurephia_init.c
@@ -503,8 +503,8 @@ int setup_attempt_limits(eurephiaCTX *ctx) {
* @return Returns 1 on success, otherwise 0.
*/
int setup_session_params(eurephiaCTX *ctx) {
- char buffer[20], value[20];
- memset(&buffer, 0, 20);
+ char buffer[22], value[22];
+ memset(&buffer, 0, 22);
printf("------------------------------------------------------------------------------\n");
printf(" eurephia :: SESSION PARAMETERS\n");
commit 38df03d8ec77cb26ac22d73787fe9fee88dd6280
Author: David Sommerseth <dazo at users.sourceforge.net>
Date: Thu Jul 8 14:11:31 2010 +0200
Fixed compiler warning: loop could be used uninitialised
diff --git a/eurephiadm/client_session.c b/eurephiadm/client_session.c
index 7abad95..31e761b 100644
--- a/eurephiadm/client_session.c
+++ b/eurephiadm/client_session.c
@@ -156,7 +156,7 @@ void remove_session_file(eurephiaCTX *ctx) {
*/
eurephiaSESSION *create_session(eurephiaCTX *ctx, const char *sesskey) {
eurephiaSESSION *new_sess = NULL;
- int loop, uniqchk;
+ int loop = 0, uniqchk = 0;
char *randdata = NULL;
unsigned char sha_res[SHA512_HASH_SIZE+2];
SHA512Context sha;
commit 961b3a85ca6d2ca65360034f5c2b34d276507d6a
Author: David Sommerseth <dazo at users.sourceforge.net>
Date: Thu Jul 8 13:50:55 2010 +0200
Do check the result of fgets()
If fgets() returns NULL, clear the buffer allocated for the console data.
diff --git a/eurephiadm/get_console_input.c b/eurephiadm/get_console_input.c
index e291d79..ab407f7 100644
--- a/eurephiadm/get_console_input.c
+++ b/eurephiadm/get_console_input.c
@@ -46,6 +46,7 @@
*/
int get_console_input(char *buf, size_t len, const char *prompt, int hidden) {
struct termios term_orig, term_noecho;
+ char *res = NULL;
char *ptr;
// Print prompt
@@ -65,7 +66,7 @@ int get_console_input(char *buf, size_t len, const char *prompt, int hidden) {
}
// Read user input from stdin
- fgets(buf, len, stdin);
+ res = fgets(buf, len, stdin);
if( hidden == 1 ) {
// Restore terminal to saved state
@@ -73,13 +74,16 @@ int get_console_input(char *buf, size_t len, const char *prompt, int hidden) {
}
// Remove trailing spaces
- if( buf != NULL ) {
+ if( res != NULL && buf != NULL ) {
ptr = buf + strlen(buf) - 1;
while( (ptr > buf) && ((*ptr == 0x20) || (*ptr == '\n') || (*ptr == '\r')) ) {
*ptr = 0;
ptr--;
}
ptr++;
+ } else {
+ // If nothing is read, make sure result buffer is cleared
+ memset(buf, 0, len);
}
if( hidden ) {
fprintf(stdout, "\n");
commit 7ae14aca46d6299d2ed49640e5eb942a207b3a68
Author: David Sommerseth <dazo at users.sourceforge.net>
Date: Thu Jul 8 13:49:08 2010 +0200
Fixed an overflow issue with memset() in eurephiadm
diff --git a/eurephiadm/eurephiadm.c b/eurephiadm/eurephiadm.c
index 564a4a7..340ac08 100644
--- a/eurephiadm/eurephiadm.c
+++ b/eurephiadm/eurephiadm.c
@@ -285,7 +285,7 @@ static eurephiaSESSION *do_login(eurephiaCTX *ctx, eurephiaVALUES *cfg, const ch
memset(&username, 0, 33);
memset(&password, 0, 33);
if( (tmp = eGet_value(cfg, "username")) == NULL ) {
- memset(username, 0, 34);
+ memset(username, 0, 33);
get_console_input(username, 32, "User:", 0);
} else {
strncpy(username, tmp, 32);
--- NEW FILE eurephia.spec ---
Name: eurephia
Version: 1.0.0
Release: 8%{?betatag:.%{betatag}}%{?dist}
Summary: An advanced and flexible OpenVPN user authentication plug-in
Group: Applications/Internet
License: GPLv2
URL: http://www.eurephia.net/
Source0: http://downloads.sourceforge.net/project/eurephia/eurephia/v1.0/%{name}-%{version}%{?betatag:_%{betatag}}.tar.bz2
Source1: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn/openvpn-plugin.h
Patch0: eurephia-1.0.0_buildfix.patch
# git show 9f6d447f38c6cb1d0ea690..050585311ac7e6f17a > eurephia-1.0.0_misc_fixes.patch
Patch1: eurephia-1.0.0_misc_fixes.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}{?betatag:_%{betatag}}-root-%(%{__id_u} -n)
BuildRequires: libxml2-devel libxslt-devel openssl-devel
BuildRequires: cmake >= 2.6.1
BuildRequires: sqlite-devel >= 3.0.0
Requires: openvpn
Requires: eurephia-sqlite3 = %{version}-%{release}
%description
This plug-in enhances OpenVPN by adding user name and password
authentication in addition. An eurephia user account is a combination of
minimum one OpenVPN SSL certificate and a user name with a password
assigned. It is also possible to setup several eurephia user names to use
a shared OpenVPN certificate.
In addition, eurephia will blacklist IP addresses, certificates and user names
on too many failed attempts and it supports dynamic update of iptables rules
which restricts network access per connection.
%package sqlite3
Group: Applications/Internet
Summary: The eurephia SQLite3 database driver
%description sqlite3
This package contains the SQLite3 database driver for eurephia
%package iptables
Group: Applications/Internet
Summary: The eurephia iptables interface module
Requires: eurephia = %{version}-%{release}
%description iptables
To enable the firewall integration in eurephia, this module must be
available for eurephia. Use the eurephia-init package to setup
configuration.
%package admin
Group: Applications/Internet
Summary: The eurephia command line administration utility
Requires: eurephia-sqlite3 = %{version}-%{release}
%description admin
This package contains the command line utility to administer and configure
eurephia
%package init
Group: Applications/Internet
Summary: Utility for initializing a new eurephia database
Requires: eurephia-sqlite3 = %{version}-%{release}
%description init
This package provides a program which will initialize the eurephia
database for you. It will guide you through several questions and
save the configuration in the database. When you have configured
and initialized eurephia, this package should be removed from the
system.
%package utils
Group: Applications/Internet
Summary: Misc. eurephia utilities
%description utils
This package contains useful utilities when debugging eurephia.
At the moment you will only find eurephia_saltdecode in this
package, which will provide some information about the password
hash salt.
%prep
%setup -q -n %{name}-%{version}%{?betatag:_%{betatag}}
%patch0 -p1
%patch1 -p1
# This is needed to ship extra until openvpn-plugin.h becomes part of the OpenVPN RPM
cp -v %{SOURCE1} .
%build
# The configure script is not an autotools script, but a cmake wrapper script.
CFLAGS="%{optflags}" ./configure --prefix %{_prefix} --bin-dir %{_bindir} --xslt-path %{_datadir}/eurephia/xslt --plug-in-dir %{_libdir}/eurephia --plug-in --openvpn-src . --fw-iptables --db-sqlite3 --sqlite3-path %{_localstatedir}/lib/eurephia --eurephiadm
make VERBOSE=1
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
# These files are not installed by default, but we want to package them for Fedora/RHEL
install -p -m 755 utils/eurephia_init %{buildroot}/%{_bindir}
install -p -m 755 utils/eurephia_saltdecode %{buildroot}/%{_bindir}
install -p -m 644 utils/eurephia_init.7 %{buildroot}/%{_mandir}/man7/
install -p -m 644 utils/eurephia_saltdecode.7 %{buildroot}/%{_mandir}/man7/
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%doc LICENSE.txt CREDITS.txt
%{_libdir}/eurephia/eurephia-auth.so
%{_mandir}/man7/eurephia-auth.7.gz
%{_mandir}/man7/eurephia-variables.7.gz
%files sqlite3
%defattr(-,root,root,-)
%doc LICENSE.txt CREDITS.txt
%dir %{_libdir}/eurephia/
%{_libdir}/eurephia/edb-sqlite.so
%{_localstatedir}/lib/eurephia/
%{_mandir}/man7/edb-sqlite.7.gz
%files iptables
%defattr(-,root,root,-)
%doc LICENSE.txt CREDITS.txt
%{_libdir}/eurephia/efw-iptables.so
%files init
%defattr(-,root,root,-)
%doc LICENSE.txt CREDITS.txt
%{_bindir}/eurephia_init
%{_mandir}/man7/eurephia_init.7.gz
%files admin
%defattr(-,root,root,-)
%doc LICENSE.txt CREDITS.txt
%{_bindir}/eurephiadm
%dir %{_datadir}/eurephia/
%dir %{_datadir}/eurephia/xslt
%{_datadir}/eurephia/xslt/eurephiadm
%{_mandir}/man7/eurephiadm.7.gz
%{_mandir}/man7/eurephiadm-*.7.gz
%files utils
%defattr(-,root,root,-)
%doc LICENSE.txt CREDITS.txt
%{_bindir}/eurephia_saltdecode
%{_mandir}/man7/eurephia_saltdecode.7.gz
%changelog
* Thu Jul 15 2010 David Sommerseth <davids at redhat.com> - 1.0.0-8
- Fixed silly mistakes
- Forgot to move over /usr/lib/eurephia from eurephia to eurephia-sqlite3
- Double '=' in eurephia-init
* Thu Jul 15 2010 David Sommerseth <davids at redhat.com> - 1.0.0-7
- More review fixes
- Relocated ownership of directories
- Don't hard-code version number in intra-package deps
- Use proper fully qualified version number (including revision)
* Thu Jul 15 2010 David Sommerseth <davids at redhat.com> - 1.0.0-6
- Fixed file duplication between eurephia and eurephia-admin
* Thu Jul 15 2010 David Sommerseth <davids at redhat.com> - 1.0.0-5
- More review comments from mattias.ellert at fysast.uu.se
- Own /usr/lib{,64}/eurephia, /usr/share/eurephia/ and /usr/share/eurephia/xslt
- Intra-packages use fully qualified versions
* Thu Jul 15 2010 David Sommerseth <davids at redhat.com> - 1.0.0-4
- Review comments from mattias.ellert at fysast.uu.se
- Better way to copy source1
- Removed -b0 from setup macro
* Thu Jul 8 2010 David Sommerseth <davids at redhat.com> - 1.0.0-3
- Added patch to fix building in Koji/Fedora
- Added missing Group tags
- Added stricter cmake version requirement
* Thu Jul 8 2010 David Sommerseth <davids at redhat.com> - 1.0.0-2
- Added missing build dependency for openssl-devel
* Wed Jun 30 2010 David Sommerseth <dazo at users.sourceforge.net> - 1.0.0-1
- Updated and prepared for the eurephia-1.0.0 release
* Wed Nov 18 2009 David Sommerseth <dazo at users.sourceforge.net> - 0.9.6-1.beta
- Updated for eurephia-0.9.6_beta and using openvpn-2.1_rc21 source tree
* Tue Oct 6 2009 David Sommerseth <dazo at users.sourceforge.net> - 0.9.5-1.beta
- Initial eurephia spec file
--- NEW FILE import.log ---
eurephia-1_0_0-8_fc12:F-12:eurephia-1.0.0-8.fc12.src.rpm:1279302661
--- NEW FILE openvpn-plugin.h ---
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales at openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#define OPENVPN_PLUGIN_VERSION 2
/*
* Plug-in types. These types correspond to the set of script callbacks
* supported by OpenVPN.
*
* This is the general call sequence to expect when running in server mode:
*
* Initial Server Startup:
*
* FUNC: openvpn_plugin_open_v1
* FUNC: openvpn_plugin_client_constructor_v1 (this is the top-level "generic"
* client template)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_UP
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ROUTE_UP
*
* New Client Connection:
*
* FUNC: openvpn_plugin_client_constructor_v1
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_IPCHANGE
*
* [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
* we don't proceed until authentication is verified via auth_control_file]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_CONNECT_V2
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS
*
* [Client session ensues]
*
* For each "TLS soft reset", according to reneg-sec option (or similar):
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
*
* [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
* we expect that authentication is verified via auth_control_file within
* the number of seconds defined by the "hand-window" option. Data channel traffic
* will continue to flow uninterrupted during this period.]
*
* [Client session continues]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_DISCONNECT
* FUNC: openvpn_plugin_client_constructor_v1
*
* [ some time may pass ]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS (this coincides with a
* lazy free of initial
* learned addr object)
* Server Shutdown:
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_DOWN
* FUNC: openvpn_plugin_client_destructor_v1 (top-level "generic" client)
* FUNC: openvpn_plugin_close_v1
*/
#define OPENVPN_PLUGIN_UP 0
#define OPENVPN_PLUGIN_DOWN 1
#define OPENVPN_PLUGIN_ROUTE_UP 2
#define OPENVPN_PLUGIN_IPCHANGE 3
#define OPENVPN_PLUGIN_TLS_VERIFY 4
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5
#define OPENVPN_PLUGIN_CLIENT_CONNECT 6
#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7
#define OPENVPN_PLUGIN_LEARN_ADDRESS 8
#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9
#define OPENVPN_PLUGIN_TLS_FINAL 10
#define OPENVPN_PLUGIN_ENABLE_PF 11
#define OPENVPN_PLUGIN_N 12
/*
* Build a mask out of a set of plug-in types.
*/
#define OPENVPN_PLUGIN_MASK(x) (1<<(x))
/*
* A pointer to a plugin-defined object which contains
* the object state.
*/
typedef void *openvpn_plugin_handle_t;
/*
* Return value for openvpn_plugin_func_v1 function
*/
#define OPENVPN_PLUGIN_FUNC_SUCCESS 0
#define OPENVPN_PLUGIN_FUNC_ERROR 1
#define OPENVPN_PLUGIN_FUNC_DEFERRED 2
/*
* For Windows (needs to be modified for MSVC)
*/
#if defined(__MINGW32_VERSION) && !defined(OPENVPN_PLUGIN_H)
# define OPENVPN_EXPORT __declspec(dllexport)
#else
# define OPENVPN_EXPORT
#endif
/*
* If OPENVPN_PLUGIN_H is defined, we know that we are being
* included in an OpenVPN compile, rather than a plugin compile.
*/
#ifdef OPENVPN_PLUGIN_H
/*
* We are compiling OpenVPN.
*/
#define OPENVPN_PLUGIN_DEF typedef
#define OPENVPN_PLUGIN_FUNC(name) (*name)
#else
/*
* We are compiling plugin.
*/
#define OPENVPN_PLUGIN_DEF OPENVPN_EXPORT
#define OPENVPN_PLUGIN_FUNC(name) name
#endif
/*
* Used by openvpn_plugin_func to return structured
* data. The plugin should allocate all structure
* instances, name strings, and value strings with
* malloc, since OpenVPN will assume that it
* can free the list by calling free() over the same.
*/
struct openvpn_plugin_string_list
{
struct openvpn_plugin_string_list *next;
char *name;
char *value;
};
/*
* Multiple plugin modules can be cascaded, and modules can be
* used in tandem with scripts. The order of operation is that
* the module func() functions are called in the order that
* the modules were specified in the config file. If a script
* was specified as well, it will be called last. If the
* return code of the module/script controls an authentication
* function (such as tls-verify or auth-user-pass-verify), then
* every module and script must return success (0) in order for
* the connection to be authenticated.
*
* Notes:
*
* Plugins which use a privilege-separation model (by forking in
* their initialization function before the main OpenVPN process
* downgrades root privileges and/or executes a chroot) must
* daemonize after a fork if the "daemon" environmental variable is
* set. In addition, if the "daemon_log_redirect" variable is set,
* the plugin should preserve stdout/stderr across the daemon()
* syscall. See the daemonize() function in plugin/auth-pam/auth-pam.c
* for an example.
*/
/*
* Prototypes for functions which OpenVPN plug-ins must define.
*/
/*
* FUNCTION: openvpn_plugin_open_v2
*
* REQUIRED: YES
*
* Called on initial plug-in load. OpenVPN will preserve plug-in state
* across SIGUSR1 restarts but not across SIGHUP restarts. A SIGHUP reset
* will cause the plugin to be closed and reopened.
*
* ARGUMENTS
*
* *type_mask : Set by OpenVPN to the logical OR of all script
* types which this version of OpenVPN supports. The plug-in
* should set this value to the logical OR of all script types
* which the plug-in wants to intercept. For example, if the
* script wants to intercept the client-connect and
* client-disconnect script types:
*
* *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
* | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
*
* argv : a NULL-terminated array of options provided to the OpenVPN
* "plug-in" directive. argv[0] is the dynamic library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* An openvpn_plugin_handle_t value on success, NULL on failure
*/
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v2)
(unsigned int *type_mask,
const char *argv[],
const char *envp[],
struct openvpn_plugin_string_list **return_list);
/*
* FUNCTION: openvpn_plugin_func_v2
*
* Called to perform the work of a given script type.
*
* REQUIRED: YES
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* type : one of the PLUGIN_x types
*
* argv : a NULL-terminated array of "command line" options which
* would normally be passed to the script. argv[0] is the dynamic
* library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
*
* In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by
* OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY. This enables asynchronous
* authentication where the plugin (or one of its agents) may indicate
* authentication success/failure some number of seconds after the return
* of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single
* char to the file named by auth_control_file in the environmental variable
* list (envp).
*
* first char of auth_control_file:
* '0' -- indicates auth failure
* '1' -- indicates auth success
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See plugin/defer/simple.c for an example on using asynchronous
* authentication and client-specific packet filtering.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v2)
(openvpn_plugin_handle_t handle,
const int type,
const char *argv[],
const char *envp[],
void *per_client_context,
struct openvpn_plugin_string_list **return_list);
/*
* FUNCTION: openvpn_plugin_close_v1
*
* REQUIRED: YES
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* Called immediately prior to plug-in unload.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_close_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_abort_v1
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* Called when OpenVPN is in the process of aborting due to a fatal error.
* Will only be called on an open context returned by a prior successful
* openvpn_plugin_open callback.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_abort_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_client_constructor_v1
*
* Called to allocate a per-client memory region, which
* is then passed to the openvpn_plugin_func_v2 function.
* This function is called every time the OpenVPN server
* constructs a client instance object, which normally
* occurs when a session-initiating packet is received
* by a new client, even before the client has authenticated.
*
* This function should allocate the private memory needed
* by the plugin to track individual OpenVPN clients, and
* return a void * to this memory region.
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* RETURN VALUE
*
* void * pointer to plugin's private per-client memory region, or NULL
* if no memory region is required.
*/
OPENVPN_PLUGIN_DEF void * OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_constructor_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_client_destructor_v1
*
* This function is called on client instance object destruction.
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_destructor_v1)
(openvpn_plugin_handle_t handle, void *per_client_context);
/*
* FUNCTION: openvpn_plugin_select_initialization_point_v1
*
* Several different points exist in OpenVPN's initialization sequence where
* the openvpn_plugin_open function can be called. While the default is
* OPENVPN_PLUGIN_INIT_PRE_DAEMON, this function can be used to select a
* different initialization point. For example, if your plugin needs to
* return configuration parameters to OpenVPN, use
* OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE.
*
* REQUIRED: NO
*
* RETURN VALUE:
*
* An OPENVPN_PLUGIN_INIT_x value.
*/
#define OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE 1
#define OPENVPN_PLUGIN_INIT_PRE_DAEMON 2 /* default */
#define OPENVPN_PLUGIN_INIT_POST_DAEMON 3
#define OPENVPN_PLUGIN_INIT_POST_UID_CHANGE 4
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_select_initialization_point_v1)
(void);
/*
* FUNCTION: openvpn_plugin_min_version_required_v1
*
* This function is called by OpenVPN to query the minimum
plugin interface version number required by the plugin.
*
* REQUIRED: NO
*
* RETURN VALUE
*
* The minimum OpenVPN plugin interface version number necessary to support
* this plugin.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_min_version_required_v1)
(void);
/*
* Deprecated functions which are still supported for backward compatibility.
*/
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v1)
(unsigned int *type_mask,
const char *argv[],
const char *envp[]);
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v1)
(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]);
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/eurephia/F-12/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- .cvsignore 16 Jul 2010 17:48:29 -0000 1.1
+++ .cvsignore 16 Jul 2010 17:51:51 -0000 1.2
@@ -0,0 +1 @@
+eurephia-1.0.0.tar.bz2
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/eurephia/F-12/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- sources 16 Jul 2010 17:48:29 -0000 1.1
+++ sources 16 Jul 2010 17:51:51 -0000 1.2
@@ -0,0 +1 @@
+395040dd170e156a8f0e6d3150e0ea1e eurephia-1.0.0.tar.bz2
More information about the scm-commits
mailing list