1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24 /*
25 * plug-in support, using dynamically loaded libraries
26 */
27
28 #ifndef OPENVPN_PLUGIN_H
29 #define OPENVPN_PLUGIN_H
30
31 #ifdef ENABLE_CRYPTO_OPENSSL
32 #include "ssl_verify_openssl.h"
33 #endif
34 #ifdef ENABLE_CRYPTO_MBEDTLS
35 #include "ssl_verify_mbedtls.h"
36 #endif
37 #include "openvpn-plugin.h"
38
39 #ifdef ENABLE_PLUGIN
40
41 #include "misc.h"
42
43 #define MAX_PLUGINS 16
44
45 struct plugin_option {
46 const char *so_pathname;
47 const char **argv;
48 };
49
50 struct plugin_option_list {
51 int n;
52 struct plugin_option plugins[MAX_PLUGINS];
53 };
54
55 struct plugin {
56 bool initialized;
57 const char *so_pathname;
58 unsigned int plugin_type_mask;
59 int requested_initialization_point;
60
61 #ifndef _WIN32
62 void *handle;
63 #else
64 HMODULE module;
65 #endif
66
67 openvpn_plugin_open_v1 open1;
68 openvpn_plugin_open_v2 open2;
69 openvpn_plugin_open_v3 open3;
70 openvpn_plugin_func_v1 func1;
71 openvpn_plugin_func_v2 func2;
72 openvpn_plugin_func_v3 func3;
73 openvpn_plugin_close_v1 close;
74 openvpn_plugin_abort_v1 abort;
75 openvpn_plugin_client_constructor_v1 client_constructor;
76 openvpn_plugin_client_destructor_v1 client_destructor;
77 openvpn_plugin_min_version_required_v1 min_version_required;
78 openvpn_plugin_select_initialization_point_v1 initialization_point;
79
80 openvpn_plugin_handle_t plugin_handle;
81 };
82
83 struct plugin_per_client
84 {
85 void *per_client_context[MAX_PLUGINS];
86 };
87
88 struct plugin_common
89 {
90 int n;
91 struct plugin plugins[MAX_PLUGINS];
92 };
93
94 struct plugin_list
95 {
96 struct plugin_per_client per_client;
97 struct plugin_common *common;
98 bool common_owned;
99 };
100
101 struct plugin_return
102 {
103 int n;
104 struct openvpn_plugin_string_list *list[MAX_PLUGINS];
105 };
106
107 struct plugin_option_list *plugin_option_list_new(struct gc_arena *gc);
108
109 bool plugin_option_list_add(struct plugin_option_list *list, char **p,
110 struct gc_arena *gc);
111
112 #ifndef ENABLE_SMALL
113 void plugin_option_list_print(const struct plugin_option_list *list, int msglevel);
114
115 #endif
116
117 struct plugin_list *plugin_list_init(const struct plugin_option_list *list);
118
119 void plugin_list_open(struct plugin_list *pl,
120 const struct plugin_option_list *list,
121 struct plugin_return *pr,
122 const struct env_set *es,
123 const int init_point);
124
125 struct plugin_list *plugin_list_inherit(const struct plugin_list *src);
126
127 int plugin_call_ssl(const struct plugin_list *pl,
128 const int type,
129 const struct argv *av,
130 struct plugin_return *pr,
131 struct env_set *es,
132 int current_cert_depth,
133 openvpn_x509_cert_t *current_cert
134 );
135
136 void plugin_list_close(struct plugin_list *pl);
137
138 bool plugin_defined(const struct plugin_list *pl, const int type);
139
140 void plugin_return_get_column(const struct plugin_return *src,
141 struct plugin_return *dest,
142 const char *colname);
143
144 void plugin_return_free(struct plugin_return *pr);
145
146 #ifdef ENABLE_DEBUG
147 void plugin_return_print(const int msglevel, const char *prefix, const struct plugin_return *pr);
148
149 #endif
150
151 static inline int
plugin_n(const struct plugin_list * pl)152 plugin_n(const struct plugin_list *pl)
153 {
154 if (pl && pl->common)
155 {
156 return pl->common->n;
157 }
158 else
159 {
160 return 0;
161 }
162 }
163
164 static inline bool
plugin_return_defined(const struct plugin_return * pr)165 plugin_return_defined(const struct plugin_return *pr)
166 {
167 return pr->n >= 0;
168 }
169
170 static inline void
plugin_return_init(struct plugin_return * pr)171 plugin_return_init(struct plugin_return *pr)
172 {
173 pr->n = 0;
174 }
175
176 #else /* ifdef ENABLE_PLUGIN */
177 struct plugin_list { int dummy; };
178 struct plugin_return { int dummy; };
179
180 static inline bool
plugin_defined(const struct plugin_list * pl,const int type)181 plugin_defined(const struct plugin_list *pl, const int type)
182 {
183 return false;
184 }
185
186 static inline int
plugin_call_ssl(const struct plugin_list * pl,const int type,const struct argv * av,struct plugin_return * pr,struct env_set * es,int current_cert_depth,openvpn_x509_cert_t * current_cert)187 plugin_call_ssl(const struct plugin_list *pl,
188 const int type,
189 const struct argv *av,
190 struct plugin_return *pr,
191 struct env_set *es,
192 int current_cert_depth,
193 openvpn_x509_cert_t *current_cert
194 )
195 {
196 return 0;
197 }
198
199 #endif /* ENABLE_PLUGIN */
200
201 static inline int
plugin_call(const struct plugin_list * pl,const int type,const struct argv * av,struct plugin_return * pr,struct env_set * es)202 plugin_call(const struct plugin_list *pl,
203 const int type,
204 const struct argv *av,
205 struct plugin_return *pr,
206 struct env_set *es)
207 {
208 return plugin_call_ssl(pl, type, av, pr, es, -1, NULL);
209 }
210
211 void plugin_abort(void);
212
213 #endif /* OPENVPN_PLUGIN_H */
214