Index: plugin/enablepf/winbuild =================================================================== --- plugin/enablepf/winbuild (revision 0) +++ plugin/enablepf/winbuild (revision 0) @@ -0,0 +1,19 @@ +# +# Build an OpenVPN plugin module on Windows/MinGW. +# The argument should be the base name of the C source file +# (without the .c). +# + +# This directory is where we will look for openvpn-plugin.h +INCLUDE="-I../.." + +CC_FLAGS="-O2 -Wall" + +gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c +gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o +rm junk.tmp +dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def +rm base.tmp +gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp +rm temp.exp + Index: plugin/enablepf/build =================================================================== --- plugin/enablepf/build (revision 0) +++ plugin/enablepf/build (revision 0) @@ -0,0 +1,14 @@ +#!/bin/sh + +# +# Build an OpenVPN plugin module on *nix. The argument should +# be the base name of the C source file (without the .c). +# + +# This directory is where we will look for openvpn-plugin.h +INCLUDE="-I../.." + +CC_FLAGS="-O2 -Wall -g" + +gcc $CC_FLAGS -fPIC -c $INCLUDE $1.c && \ +gcc $CC_FLAGS -fPIC -shared -Wl,-soname,$1.so -o $1.so $1.o -lc Index: plugin/enablepf/enablepf.def =================================================================== --- plugin/enablepf/enablepf.def (revision 0) +++ plugin/enablepf/enablepf.def (revision 0) @@ -0,0 +1,6 @@ +LIBRARY OpenVPN_PLUGIN_ENABLEPF +DESCRIPTION "Enable OpenVPN Firewall policys." +EXPORTS + openvpn_plugin_open_v1 @1 + openvpn_plugin_func_v1 @2 + openvpn_plugin_close_v1 @3 Index: plugin/enablepf/enablepf.c =================================================================== --- plugin/enablepf/enablepf.c (revision 0) +++ plugin/enablepf/enablepf.c (revision 0) @@ -0,0 +1,199 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Sample packet filter configuration: + * + * [CLIENTS DROP] + * +otherclient + * [SUBNETS DROP] + * +10.0.0.0/8 + * -10.10.0.8 + * [END] + */ + +/* + * Given an environmental variable name, search + * the envp array for its value, returning it + * if found or NULL otherwise. + */ +#include +#include +#include +#include + +#include "openvpn-plugin.h" + +/* + * Copies a file specified by fd to the path of pff. + */ +static void copyfile(int fd, const char* pff) +{ + int ofd = open(pff,O_TRUNC | O_CREAT | O_WRONLY); + if (ofd < 0) { + printf("Failed to PF outputfile %s, errno: %s\n",pff,strerror(errno)); + return; + } + + ssize_t n; + char buf[1024]; + while( (n= read(fd,buf,1024))) { + int nout= write(ofd, buf, n); + if (nout != n) + printf("Write short on writing pf file \n"); + } + close(fd); + close(ofd); + + +} + +static const char * +get_env (const char *name, const char *envp[]) +{ + if (envp) + { + int i; + const int namelen = strlen (name); + for (i = 0; envp[i]; ++i) + { + if (!strncmp (envp[i], name, namelen)) + { + const char *cp = envp[i] + namelen; + if (*cp == '=') + return cp + 1; + } + } + } + return NULL; +} + +#include +#include +#include + +#include "openvpn-plugin.h" + +/* bool definitions */ +#define bool int +#define true 1 +#define false 0 + + +static void copypffile(const char *envp[]) +{ + const char *pff = get_env ("pf_file", envp); + const char *dev = get_env ("dev", envp); + const char *tip = get_env ("trusted_ip",envp); + const char *cn = get_env ("common_name",envp); + const char *port = get_env("trusted_port",envp); + int i; + + // Construct file names and try to open them + // begin with dev + char files[5][256]; + snprintf (files[0], sizeof(files[0]),"%s.pf", cn); + snprintf (files[1], sizeof(files[1]),"%s_%s.pf", tip,port); + snprintf (files[2], sizeof(files[2]),"%s.pf", tip); + snprintf (files[3], sizeof(files[3]),"%s.pf", dev); + snprintf (files[4], sizeof(files[4]),"%s.pf", "default"); + + + + + int fd; + + for(i=0; i< sizeof(files)/sizeof(files[0]);i++) { + fd = open(files[i], O_RDONLY ); + if (fd < 0){ + // Failed to open + printf("Failed to open %s, %s\n",files[i],strerror(errno)); + }else { + printf("Using %s as PF file\n", files[i]); + copyfile(fd,pff); + return; + } + } + printf("ERROR Could not load PF Config, using no Config!"); + +} + + + + + +OPENVPN_EXPORT openvpn_plugin_handle_t +openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) +{ + printf ("FUNC: openvpn_plugin_open_v1\n"); + openvpn_plugin_handle_t* t= malloc(sizeof(openvpn_plugin_handle_t)); + + /* + * Which callbacks to intercept. + */ + *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF)| + OPENVPN_PLUGIN_MASK( OPENVPN_PLUGIN_CLIENT_CONNECT_V2); + return t; +} + +OPENVPN_EXPORT int +openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) + +{ + + switch (type) + { + case OPENVPN_PLUGIN_ENABLE_PF: + printf ("OPENVPN_PLUGIN_ENABLE_PF\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: + printf ("OPENVPN_PLUGIN_CONNECT\n"); + copypffile(envp); + return OPENVPN_PLUGIN_FUNC_SUCCESS; + + default: + printf ("OPENVPN_PLUGIN_?\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } +} + +OPENVPN_EXPORT void * +openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle) +{ + printf ("FUNC: openvpn_plugin_client_constructor_v1\n"); + return OPENVPN_PLUGIN_FUNC_SUCCESS; +} + +OPENVPN_EXPORT void +openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context) +{ + printf ("FUNC: openvpn_plugin_client_destructor_v1\n"); + +} + +OPENVPN_EXPORT void +openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) +{ + + printf ("FUNC: openvpn_plugin_close_v1\n"); + +}