eurephia-auth.c

Go to the documentation of this file.
00001 /* eurephia-auth.c  --  Main OpenVPN plug-in functions.
00002  *                      The API level between OpenVPN and eurephia-auth
00003  *
00004  *  GPLv2 only - Copyright (C) 2008 - 2010
00005  *               David Sommerseth <dazo@users.sourceforge.net>
00006  *
00007  *  This program is free software; you can redistribute it and/or
00008  *  modify it under the terms of the GNU General Public License
00009  *  as published by the Free Software Foundation; version 2
00010  *  of the License.
00011  *
00012  *  This program is distributed in the hope that it will be useful,
00013  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  *  GNU General Public License for more details.
00016  *
00017  *  You should have received a copy of the GNU General Public License
00018  *  along with this program; if not, write to the Free Software
00019  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
00020  *
00021  */
00022 
00032 #include <stdio.h>
00033 #include <string.h>
00034 #include <unistd.h>
00035 
00036 #include "openvpn-plugin.h"
00037 #define EUREPHIA_FWINTF
00038 #include <eurephiafw_struct.h>
00039 #include <eurephia_context.h>
00040 #include <eurephiadb.h>
00041 #include <eurephia.h>
00042 #include <eurephia_nullsafe.h>
00043 #include <environment.h>
00044 
00045 #ifdef ENABLE_DEBUG  /* To avoid compiler warnings when ENABLE_DEBUG is not defined */
00046 
00054 static const char *plugin_type_name(const int type)
00055 {
00056   switch (type)
00057     {
00058     case OPENVPN_PLUGIN_UP:
00059       return "PLUGIN_UP";
00060     case OPENVPN_PLUGIN_DOWN:
00061       return "PLUGIN_DOWN";
00062     case OPENVPN_PLUGIN_ROUTE_UP:
00063       return "PLUGIN_ROUTE_UP";
00064     case OPENVPN_PLUGIN_IPCHANGE:
00065       return "PLUGIN_IPCHANGE";
00066     case OPENVPN_PLUGIN_TLS_VERIFY:
00067       return "PLUGIN_TLS_VERIFY";
00068     case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
00069       return "PLUGIN_AUTH_USER_PASS_VERIFY";
00070     case OPENVPN_PLUGIN_CLIENT_CONNECT:
00071       return "PLUGIN_CLIENT_CONNECT";
00072     case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
00073       return "PLUGIN_CLIENT_DISCONNECT";
00074     case OPENVPN_PLUGIN_LEARN_ADDRESS:
00075       return "PLUGIN_LEARN_ADDRESS";
00076     default:
00077       return "(UNKNOWN PLUGIN CODE)";
00078     }
00079 }
00080 
00081 
00091 static void dump_env(FILE *f, const char *prefix, const char *envp[]) {
00092         int i;
00093         for (i = 0; envp[i]; i++) {
00094 #ifdef SHOW_SECRETS
00095                 fprintf(f, "%s%s\n", prefix, envp[i]);
00096 #else
00097                 fprintf(f, "%s%s\n", prefix ,
00098                         (strncmp(envp[i], "password=", 9) == 0) ? "password=xxxxxxx" : envp[i]);
00099 #endif // SHOW_SECRETS
00100         }
00101 }
00102 #endif // ENABLE_DEBUG
00103 
00104 
00112 static void daemonize(const char *envp[])
00113 {
00114         char *daemon_string = GETENV_DAEMON(envp);
00115         if( daemon_string && daemon_string[0] == '1' ) {
00116                 char *log_redirect = GETENV_DAEMONLOGREDIR(envp);
00117                 int fd = -1;
00118                 if( log_redirect && log_redirect[0] == '1' ) {
00119                         fd = dup (2);
00120                 }
00121                 if( daemon(0, 0) < 0 ) {
00122                         fprintf(stderr, "eurephia-auth: daemonization failed\n");
00123                 } else if( fd >= 3 ) {
00124                         dup2(fd, 2);
00125                         close(fd);
00126                 }
00127                 free_nullsafe(NULL, log_redirect);
00128         }
00129         free_nullsafe(NULL, daemon_string);
00130 }
00131 
00132 
00143 OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type_mask,
00144                                                               const char *argv[], const char *envp[])
00145 {
00146         eurephiaCTX *context = NULL;
00147 
00148 #ifdef MEMWATCH
00149         mwStatistics(3);
00150 #warning MEMWATCH enabled
00151 #endif
00152 
00153         // Define what will trigger eurephia
00154         *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
00155                 | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY)
00156                 | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
00157                 | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
00158                 | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS);
00159 
00160         // Setup a eurephia context
00161         context = eurephiaInit(argv);
00162         // Daemonize if requested
00163         daemonize(envp);
00164 
00165         return (openvpn_plugin_handle_t) context;
00166 }
00167 
00168 
00180 OPENVPN_EXPORT int openvpn_plugin_func_v1(openvpn_plugin_handle_t handle,
00181                                           const int type,
00182                                           const char *argv[], const char *envp[])
00183 {
00184         eurephiaCTX *ctx = (eurephiaCTX *) handle;
00185         int result = 0;
00186 
00187 
00188         if( (ctx == NULL) || (ctx->dbc == NULL) || (ctx->dbc->dbhandle == NULL) ) {
00189                 return OPENVPN_PLUGIN_FUNC_ERROR;
00190         }
00191 
00192         DEBUG(ctx, 10, "openvpn_plugin_func_v1(ctx, %s, ...)", plugin_type_name(type));
00193 
00194 #ifdef ENABLE_DEBUG
00195         if( (ctx->log->loglevel >= 30) && (ctx->log->logfile != NULL) ) {
00196                 dump_env(ctx->log->logfile, "ENV: ", envp);
00197                 dump_env(ctx->log->logfile, "ARG: ", argv);
00198         }
00199 #endif
00200 
00201         switch( type ) {
00202         case OPENVPN_PLUGIN_TLS_VERIFY:  // Validate certificates
00203                 result = eurephia_tlsverify(ctx, envp, argv[1]);
00204                 break;
00205 
00206         case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: // Validate user name and password
00207                 result = eurephia_userauth(ctx, envp);
00208                 break;
00209 
00210         case OPENVPN_PLUGIN_CLIENT_CONNECT:  // Register login
00211                 result = eurephia_connect(ctx, envp);
00212                 break;
00213 
00214         case OPENVPN_PLUGIN_CLIENT_DISCONNECT: // Register logout
00215                 result = eurephia_disconnect(ctx, envp);
00216                 break;
00217 
00218         case OPENVPN_PLUGIN_LEARN_ADDRESS:  // Log IP address, MAC address and update firewall
00219                 result = eurephia_learn_address(ctx, argv[1], argv[2], envp);
00220                 break;
00221 
00222         default: // This should normally not be reached at all
00223                 eurephia_log(ctx, LOG_FATAL, 0, "Unknown OPENVPN_PLUGIN type: %i", type);
00224                 break;
00225         }
00226         return (result == 1 ? OPENVPN_PLUGIN_FUNC_SUCCESS : OPENVPN_PLUGIN_FUNC_ERROR);
00227 }
00228 
00229 
00236 OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
00237 {
00238         eurephiaCTX *ctx = (eurephiaCTX *) handle;
00239 
00240         eurephiaShutdown(ctx);
00241 }
00242
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated by  doxygen 1.7.1