OpenVPN
simple.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23/*
24 * This file implements a simple OpenVPN plugin module which
25 * will examine the username/password provided by a client,
26 * and make an accept/deny determination. Will run
27 * on Windows or *nix.
28 *
29 * See the README file for build instructions.
30 */
31
32#include <stdio.h>
33#include <string.h>
34#include <stdlib.h>
35
36#include "openvpn-plugin.h"
37
38/*
39 * Our context, where we keep our state.
40 */
41struct plugin_context
42{
43 const char *username;
44 const char *password;
45};
46
47/*
48 * Given an environmental variable name, search
49 * the envp array for its value, returning it
50 * if found or NULL otherwise.
51 */
52static const char *
53get_env(const char *name, const char *envp[])
54{
55 if (envp)
56 {
57 const size_t namelen = strlen(name);
58 for (int i = 0; envp[i]; ++i)
59 {
60 if (!strncmp(envp[i], name, namelen))
61 {
62 const char *cp = envp[i] + namelen;
63 if (*cp == '=')
64 {
65 return cp + 1;
66 }
67 }
68 }
69 }
70 return NULL;
71}
72
73OPENVPN_EXPORT openvpn_plugin_handle_t
74openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
75{
76 struct plugin_context *context;
77
78 /*
79 * Allocate our context
80 */
81 context = (struct plugin_context *)calloc(1, sizeof(struct plugin_context));
82 if (context == NULL)
83 {
84 printf("PLUGIN: allocating memory for context failed\n");
85 return NULL;
86 }
87
88 /*
89 * Set the username/password we will require.
90 */
91 context->username = "foo";
92 context->password = "bar";
93
94 /*
95 * We are only interested in intercepting the
96 * --auth-user-pass-verify callback.
97 */
98 *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
99
100 return (openvpn_plugin_handle_t)context;
101}
102
103OPENVPN_EXPORT int
104openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[],
105 const char *envp[])
106{
107 struct plugin_context *context = (struct plugin_context *)handle;
108
109 /* get username/password from envp string array */
110 const char *username = get_env("username", envp);
111 const char *password = get_env("password", envp);
112
113 /* check entered username/password against what we require */
114 if (username && !strcmp(username, context->username) && password
115 && !strcmp(password, context->password))
116 {
117 return OPENVPN_PLUGIN_FUNC_SUCCESS;
118 }
119 else
120 {
121 return OPENVPN_PLUGIN_FUNC_ERROR;
122 }
123}
124
125OPENVPN_EXPORT void
126openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
127{
128 struct plugin_context *context = (struct plugin_context *)handle;
129 free(context);
130}
OPENVPN_EXPORT int openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
Definition simple.c:104
OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle)
Definition simple.c:126
OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[])
Definition simple.c:74
static const char * get_env(const char *name, const char *envp[])
Definition simple.c:53
Definition argv.h:35
Contains all state information for one tunnel.
Definition openvpn.h:474
const char * password
Definition log.c:42
const char * username
Definition log.c:41