[Openvpn-devel,1/2] Bump version of openvpn plugin argument structs to 5

Message ID 1533696271-21799-1-git-send-email-selva.nair@gmail.com
State Accepted
Headers show
Series
  • [Openvpn-devel,1/2] Bump version of openvpn plugin argument structs to 5
Related show

Commit Message

Selva Nair Aug. 8, 2018, 2:44 a.m.
From: Selva Nair <selva.nair@gmail.com>

This was missed in commit 6690769f78bbfb889fef2a54088d979896c87d51
that exported base64_encode and base64_decode() functions.

Also check the version is >= 5 in auth-pam plugin to ensure
that the base64_decode function pointer can be referenced.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 include/openvpn-plugin.h.in     | 5 +++--
 src/plugins/auth-pam/auth-pam.c | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

Comments

Gert Doering Aug. 8, 2018, 7:27 a.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

"Because it makes sense" :-) - and of course I've tested that it
works - built a new plugin, ran with the previously-used openvpn
binary, and it nicely fails

AUTH-PAM: This plugin is incompatible with the running version of OpenVPN
Wed Aug  8 09:25:43 2018 us=345993 PLUGIN_INIT: plugin initialization function failed: /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
Wed Aug  8 09:25:43 2018 us=346142 Exiting due to fatal error


Your patch has been applied to the master and release/2.4 branch
(the plugin in 2.4 could do with v3structver = 4, but if we ever
backport the challenge patch it will bite us, so just declare "we 
want 5!" here).

commit da0a42ca98623487726162b8710690cd3d003a63 (master)
commit d8496285948b814d78ee4be6ded08ce02046f8ee (release/2.4)
Author: Selva Nair
Date:   Tue Aug 7 22:44:30 2018 -0400

     Bump version of openvpn plugin argument structs to 5

     Signed-off-by: Selva Nair <selva.nair@gmail.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <1533696271-21799-1-git-send-email-selva.nair@gmail.com>
     URL: https://www.mail-archive.com/search?l=mid&q=1533696271-21799-1-git-send-email-selva.nair@gmail.com
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Patch

diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in
index 5b64cbb..103844f 100644
--- a/include/openvpn-plugin.h.in
+++ b/include/openvpn-plugin.h.in
@@ -219,10 +219,11 @@  struct openvpn_plugin_string_list
  *           OpenVPN to plug-ins.
  *
  *    4      Exported secure_memzero() as plugin_secure_memzero()
- *           Exported openvpn_base64_encode() as plugin_base64_encode()
+ *
+ *    5      Exported openvpn_base64_encode() as plugin_base64_encode()
  *           Exported openvpn_base64_decode() as plugin_base64_decode()
  */
-#define OPENVPN_PLUGINv3_STRUCTVER 4
+#define OPENVPN_PLUGINv3_STRUCTVER 5
 
 /**
  * Definitions needed for the plug-in callback functions.
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index 3d564a9..1324307 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -356,8 +356,8 @@  openvpn_plugin_open_v3(const int v3structver,
     const char **argv = args->argv;
     const char **envp = args->envp;
 
-    /* Check API compatibility -- struct version 4 or higher needed */
-    if (v3structver < 4)
+    /* Check API compatibility -- struct version 5 or higher needed */
+    if (v3structver < 5)
     {
         fprintf(stderr, "AUTH-PAM: This plugin is incompatible with the running version of OpenVPN\n");
         return OPENVPN_PLUGIN_FUNC_ERROR;