2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 * This file implements a simple OpenVPN plugin module which
27 * will examine the username/password provided by a client,
28 * and make an accept/deny determination. Will run
31 * See the README file for build instructions.
38 #include "openvpn-plugin.h"
41 * Our context, where we keep our state.
43 struct plugin_context
{
49 * Given an environmental variable name, search
50 * the envp array for its value, returning it
51 * if found or NULL otherwise.
54 get_env (const char *name
, const char *envp
[])
59 const int namelen
= strlen (name
);
60 for (i
= 0; envp
[i
]; ++i
)
62 if (!strncmp (envp
[i
], name
, namelen
))
64 const char *cp
= envp
[i
] + namelen
;
73 OPENVPN_EXPORT openvpn_plugin_handle_t
74 openvpn_plugin_open_v1 (unsigned int *type_mask
, const char *argv
[], const char *envp
[])
76 struct plugin_context
*context
;
79 * Allocate our context
81 context
= (struct plugin_context
*) calloc (1, sizeof (struct plugin_context
));
84 * Set the username/password we will require.
86 context
->username
= "foo";
87 context
->password
= "bar";
90 * We are only interested in intercepting the
91 * --auth-user-pass-verify callback.
93 *type_mask
= OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
);
95 return (openvpn_plugin_handle_t
) context
;
99 openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle
, const int type
, const char *argv
[], const char *envp
[])
101 struct plugin_context
*context
= (struct plugin_context
*) handle
;
103 /* get username/password from envp string array */
104 const char *username
= get_env ("username", envp
);
105 const char *password
= get_env ("password", envp
);
107 /* check entered username/password against what we require */
108 if (username
&& !strcmp (username
, context
->username
)
109 && password
&& !strcmp (password
, context
->password
))
110 return OPENVPN_PLUGIN_FUNC_SUCCESS
;
112 return OPENVPN_PLUGIN_FUNC_ERROR
;
116 openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle
)
118 struct plugin_context
*context
= (struct plugin_context
*) handle
;