OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-08 21:25:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
openvpn/doc
History
David Sommerseth 58ec3bb4aa plug-ins: Disallow multiple deferred authentication plug-ins 
The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted.  For now we bail
out when this discovered with an error in the log.

This is a backport of commit 282ddbac54f8d4923844f699 (master), taking
the different man-page format into account.  The code change is the same.

CVE: 2022-0547
Signed-off-by: David Sommerseth <davids@openvpn.net>

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220315155344.37787-3-openvpn@sf.lists.topphemmelig.net>
URL: https://www.mail-archive.com/search?l=mid&q=20220315155344.37787-3-openvpn@sf.lists.topphemmelig.net
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2022-03-15 18:28:49 +01:00
..
doxygen
Minor reliability layer documentation fixes
2018-07-18 19:41:15 +02:00
android.txt
Handle DNS6 option on Android
2016-11-22 17:31:30 +01:00
interactive-service-notes.rst
Add Interactive Service developer documentation
2018-06-09 20:36:59 +02:00
keying-material-exporter.txt
Added document for TLS Keying Material Exporters [RFC-5705]
2015-10-10 00:03:07 +02:00
Makefile.am
Add Interactive Service developer documentation
2018-06-09 20:36:59 +02:00
management-notes.txt
Clarify and expand management interface documentation
2018-08-09 14:36:29 +02:00
openvpn.8
plug-ins: Disallow multiple deferred authentication plug-ins
2022-03-15 18:28:49 +01:00
README.plugins
build: integrate plugins build into core build
2012-06-26 11:29:02 +02:00

README.plugins 

OpenVPN Plugins
---------------

Starting with OpenVPN 2.0-beta17, compiled plugin modules are
supported on any *nix OS which includes libdl or on Windows.
One or more modules may be loaded into OpenVPN using
the --plugin directive, and each plugin module is capable of
intercepting any of the script callbacks which OpenVPN supports:

(1) up
(2) down
(3) route-up
(4) ipchange
(5) tls-verify
(6) auth-user-pass-verify
(7) client-connect
(8) client-disconnect
(9) learn-address

See the openvpn-plugin.h file in the top-level directory of the
OpenVPN source distribution for more detailed information
on the plugin interface.

Included Plugins
----------------

auth-pam -- Authenticate using PAM and a split privilege
            execution model which functions even if
            root privileges or the execution environment
            have been altered with --user/--group/--chroot.
            Tested on Linux only.

down-root -- Enable the running of down scripts with root privileges
             even if --user/--group/--chroot have been used
             to drop root privileges or change the execution
             environment.  Not applicable on Windows.

examples -- A simple example that demonstrates a portable
            plugin, i.e. one which can be built for *nix
            or Windows from the same source.

Building Plugins
----------------

cd to the top-level directory of a plugin, and use the
"make" command to build it.  The examples plugin is
built using a build script, not a makefile.