Browse code
Added OPENVPN_PLUGIN_TLS_FINAL plugin callback.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@862 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2005/12/28 15:58:19Showing 3 changed files
| ... | ... |
@@ -38,7 +38,8 @@ |
| 38 | 38 |
#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7 |
| 39 | 39 |
#define OPENVPN_PLUGIN_LEARN_ADDRESS 8 |
| 40 | 40 |
#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9 |
| 41 |
-#define OPENVPN_PLUGIN_N 10 |
|
| 41 |
+#define OPENVPN_PLUGIN_TLS_FINAL 10 |
|
| 42 |
+#define OPENVPN_PLUGIN_N 11 |
|
| 42 | 43 |
|
| 43 | 44 |
/* |
| 44 | 45 |
* Build a mask out of a set of plug-in types. |
| ... | ... |
@@ -3087,7 +3087,17 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi |
| 3087 | 3087 |
buf_clear (buf); |
| 3088 | 3088 |
|
| 3089 | 3089 |
/* |
| 3090 |
- * generate tunnel keys if client |
|
| 3090 |
+ * Call OPENVPN_PLUGIN_TLS_FINAL plugin if defined, for final |
|
| 3091 |
+ * veto opportunity over authentication decision. |
|
| 3092 |
+ */ |
|
| 3093 |
+ if (ks->authenticated && plugin_defined (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL)) |
|
| 3094 |
+ {
|
|
| 3095 |
+ if (plugin_call (session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es)) |
|
| 3096 |
+ ks->authenticated = false; |
|
| 3097 |
+ } |
|
| 3098 |
+ |
|
| 3099 |
+ /* |
|
| 3100 |
+ * Generate tunnel keys if client |
|
| 3091 | 3101 |
*/ |
| 3092 | 3102 |
if (!session->opt->server) |
| 3093 | 3103 |
{
|