Menu
▾
▴
[Openvpn-devel] [PATCH v23] Reformat the whole project with clang-format
|
From: Gert D. <ge...@gr...> - 2025-08-04 15:19:09
|
From: Frank Lichtenheld <fr...@li...> Done with pre-commit run -a, so the version defined in pre-commit config is used. This also changes the Github workflow so that there is no commit that fails GHA. Change-Id: I2566ad493629e1f5fdfa6f6483b8973463404e3e Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/791 This mail reflects revision 23 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index bd5895b..ba7f64b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,35 +5,26 @@ pull_request: jobs: - checkuncrustify: - name: "Check code style with Uncrustify" - # Ubuntu 22.04 has uncrustify 0.72_f - runs-on: ubuntu-22.04 + clang-format: + name: Check code style with clang-format + runs-on: ubuntu-24.04 steps: - name: Install dependencies - run: sudo apt update && sudo apt install -y uncrustify + run: | + sudo apt update && sudo apt install -y python3-pip + pip3 install pre-commit - name: Checkout OpenVPN uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - path: openvpn - - name: Show uncrustify version - run: uncrustify --version - - name: Run uncrustify - run: ./dev-tools/reformat-all.sh - working-directory: openvpn + - name: Run clang-format + run: pre-commit run -a --show-diff-on-failure || true - name: Check for changes - run: git diff --output=uncrustify-changes.patch - working-directory: openvpn - - name: Show changes on standard output - run: git diff - working-directory: openvpn + run: git diff --output=format-changes.patch - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: uncrustify-changes.patch - path: 'openvpn/uncrustify-changes.patch' + name: format-changes.patch + path: format-changes.patch - name: Set job status - run: test ! -s uncrustify-changes.patch - working-directory: openvpn + run: test ! -s format-changes.patch android: strategy: diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h index 106a274..a692137 100644 --- a/include/openvpn-msg.h +++ b/include/openvpn-msg.h @@ -26,7 +26,8 @@ #include <windef.h> #include <ws2tcpip.h> -typedef enum { +typedef enum +{ msg_acknowledgement, msg_add_address, msg_del_address, @@ -50,28 +51,33 @@ msg_create_adapter } message_type_t; -typedef struct { +typedef struct +{ message_type_t type; size_t size; int message_id; } message_header_t; -typedef union { +typedef union +{ struct in_addr ipv4; struct in6_addr ipv6; } inet_address_t; -typedef struct { +typedef struct +{ int index; char name[256]; } interface_t; -typedef enum { - wfp_block_local = 1<<0, - wfp_block_dns = 1<<1 +typedef enum +{ + wfp_block_local = 1 << 0, + wfp_block_dns = 1 << 1 } wfp_block_flags_t; -typedef struct { +typedef struct +{ message_header_t header; short family; inet_address_t address; @@ -79,7 +85,8 @@ interface_t iface; } address_message_t; -typedef struct { +typedef struct +{ message_header_t header; short family; inet_address_t prefix; @@ -89,7 +96,8 @@ int metric; } route_message_t; -typedef struct { +typedef struct +{ message_header_t header; interface_t iface; char domains[512]; @@ -99,14 +107,16 @@ } dns_cfg_message_t; -typedef enum { +typedef enum +{ nrpt_dnssec } nrpt_flags_t; -#define NRPT_ADDR_NUM 8 /* Max. number of addresses */ +#define NRPT_ADDR_NUM 8 /* Max. number of addresses */ #define NRPT_ADDR_SIZE 48 /* Max. address strlen + some */ typedef char nrpt_address_t[NRPT_ADDR_SIZE]; -typedef struct { +typedef struct +{ message_header_t header; interface_t iface; nrpt_address_t addresses[NRPT_ADDR_NUM]; @@ -115,14 +125,16 @@ nrpt_flags_t flags; } nrpt_dns_cfg_message_t; -typedef struct { +typedef struct +{ message_header_t header; interface_t iface; int addr_len; inet_address_t addr[4]; /* support up to 4 dns addresses */ } wins_cfg_message_t; -typedef struct { +typedef struct +{ message_header_t header; interface_t iface; int disable_nbt; @@ -134,41 +146,48 @@ /* TODO: NTP */ -typedef struct { +typedef struct +{ message_header_t header; short family; interface_t iface; } flush_neighbors_message_t; -typedef struct { +typedef struct +{ message_header_t header; int error_number; } ack_message_t; -typedef struct { +typedef struct +{ message_header_t header; wfp_block_flags_t flags; interface_t iface; } wfp_block_message_t; -typedef struct { +typedef struct +{ message_header_t header; interface_t iface; } enable_dhcp_message_t; -typedef struct { +typedef struct +{ message_header_t header; interface_t iface; short family; int mtu; } set_mtu_message_t; -typedef enum { +typedef enum +{ ADAPTER_TYPE_DCO, ADAPTER_TYPE_TAP, } adapter_type_t; -typedef struct { +typedef struct +{ message_header_t header; adapter_type_t adapter_type; } create_adapter_message_t; diff --git a/sample/sample-plugins/client-connect/sample-client-connect.c b/sample/sample-plugins/client-connect/sample-client-connect.c index 3dda782..7e3b5a9 100644 --- a/sample/sample-plugins/client-connect/sample-client-connect.c +++ b/sample/sample-plugins/client-connect/sample-client-connect.c @@ -58,8 +58,9 @@ * Our context, where we keep our state. */ -struct plugin_context { - int verb; /* logging verbosity */ +struct plugin_context +{ + int verb; /* logging verbosity */ }; /* this is used for the CLIENT_CONNECT_V2 async/deferred handler @@ -68,8 +69,9 @@ * this, and the "CLIENT_CONNECT_DEFER_V2" handler looks at it to see * if it's time yet to succeed/fail */ -struct plugin_per_client_context { - time_t sleep_until; /* wakeup time (time() + sleep) */ +struct plugin_per_client_context +{ + time_t sleep_until; /* wakeup time (time() + sleep) */ bool want_fail; bool want_disable; const char *client_config; @@ -117,8 +119,7 @@ /* use v3 functions so we can use openvpn's logging and base64 etc. */ OPENVPN_EXPORT int -openvpn_plugin_open_v3(const int v3structver, - struct openvpn_plugin_args_open_in const *args, +openvpn_plugin_open_v3(const int v3structver, struct openvpn_plugin_args_open_in const *args, struct openvpn_plugin_args_open_return *ret) { /* const char **argv = args->argv; */ /* command line arguments (unused) */ @@ -127,7 +128,9 @@ /* Check API compatibility -- struct version 5 or higher needed */ if (v3structver < 5) { - fprintf(stderr, "sample-client-connect: this plugin is incompatible with the running version of OpenVPN\n"); + fprintf( + stderr, + "sample-client-connect: this plugin is incompatible with the running version of OpenVPN\n"); return OPENVPN_PLUGIN_FUNC_ERROR; } @@ -143,18 +146,17 @@ /* * Intercept just about everything... */ - ret->type_mask = - OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); + ret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); /* Save global pointers to functions exported from openvpn */ plugin_log = args->callbacks->plugin_log; @@ -166,7 +168,7 @@ */ context->verb = atoi_null0(get_env("verb", envp)); - ret->handle = (openvpn_plugin_handle_t *) context; + ret->handle = (openvpn_plugin_handle_t *)context; plugin_log(PLOG_NOTE, MODULE, "initialization succeeded"); return OPENVPN_PLUGIN_FUNC_SUCCESS; @@ -242,8 +244,10 @@ const char *ccd_file = get_env("client_connect_deferred_file", envp); if (!ccd_file) { - plugin_log(PLOG_NOTE, MODULE, "env has UV_WANT_CC_ASYNC=%d, but " - "'client_connect_deferred_file' not set -> fail", seconds); + plugin_log(PLOG_NOTE, MODULE, + "env has UV_WANT_CC_ASYNC=%d, but " + "'client_connect_deferred_file' not set -> fail", + seconds); return OPENVPN_PLUGIN_FUNC_ERROR; } @@ -257,13 +261,13 @@ int fd = open(ccd_file, O_WRONLY); if (fd < 0) { - plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "open('%s') failed", ccd_file); + plugin_log(PLOG_ERR | PLOG_ERRNO, MODULE, "open('%s') failed", ccd_file); return OPENVPN_PLUGIN_FUNC_ERROR; } if (write(fd, "2", 1) != 1) { - plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "write to '%s' failed", ccd_file ); + plugin_log(PLOG_ERR | PLOG_ERRNO, MODULE, "write to '%s' failed", ccd_file); close(fd); return OPENVPN_PLUGIN_FUNC_ERROR; } @@ -277,11 +281,11 @@ /* fork, sleep, succeed/fail according to env vars */ pid_t p1 = fork(); - if (p1 < 0) /* Fork failed */ + if (p1 < 0) /* Fork failed */ { return OPENVPN_PLUGIN_FUNC_ERROR; } - if (p1 > 0) /* parent process */ + if (p1 > 0) /* parent process */ { waitpid(p1, NULL, 0); return OPENVPN_PLUGIN_FUNC_DEFERRED; @@ -291,10 +295,10 @@ pid_t p2 = fork(); if (p2 < 0) { - plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "BACKGROUND: fork(2) failed"); + plugin_log(PLOG_ERR | PLOG_ERRNO, MODULE, "BACKGROUND: fork(2) failed"); exit(1); } - if (p2 > 0) /* new parent: exit right away */ + if (p2 > 0) /* new parent: exit right away */ { exit(0); } @@ -324,16 +328,16 @@ fd = open(ccd_file, O_WRONLY); if (fd < 0) { - plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "open('%s') failed", ccd_file); + plugin_log(PLOG_ERR | PLOG_ERRNO, MODULE, "open('%s') failed", ccd_file); exit(1); } plugin_log(PLOG_NOTE, MODULE, "cc_handle_deferred_v1: done, signalling %s", - (ret == OPENVPN_PLUGIN_FUNC_SUCCESS) ? "success" : "fail" ); + (ret == OPENVPN_PLUGIN_FUNC_SUCCESS) ? "success" : "fail"); if (write(fd, (ret == OPENVPN_PLUGIN_FUNC_SUCCESS) ? "1" : "0", 1) != 1) { - plugin_log(PLOG_ERR|PLOG_ERRNO, MODULE, "write to '%s' failed", ccd_file ); + plugin_log(PLOG_ERR | PLOG_ERRNO, MODULE, "write to '%s' failed", ccd_file); } close(fd); @@ -341,14 +345,12 @@ } int -openvpn_plugin_client_connect(struct plugin_context *context, - const char **argv, - const char **envp) +openvpn_plugin_client_connect(struct plugin_context *context, const char **argv, const char **envp) { /* log environment variables handed to us by OpenVPN, but * only if "setenv verb" is 3 or higher (arbitrary number) */ - if (context->verb>=3) + if (context->verb >= 3) { for (int i = 0; argv[i]; i++) { @@ -389,8 +391,7 @@ int openvpn_plugin_client_connect_v2(struct plugin_context *context, - struct plugin_per_client_context *pcc, - const char **envp, + struct plugin_per_client_context *pcc, const char **envp, struct openvpn_plugin_string_list **return_list) { /* by setting "UV_WANT_CC2_ASYNC" we go to async/deferred mode */ @@ -420,7 +421,8 @@ pcc->want_fail = (want_fail != NULL); pcc->want_disable = (want_disable != NULL); pcc->client_config = client_config; - plugin_log(PLOG_NOTE, MODULE, "env has UV_WANT_CC2_ASYNC=%s -> set up deferred handler", want_async); + plugin_log(PLOG_NOTE, MODULE, "env has UV_WANT_CC2_ASYNC=%s -> set up deferred handler", + want_async); return OPENVPN_PLUGIN_FUNC_DEFERRED; } @@ -431,8 +433,7 @@ return OPENVPN_PLUGIN_FUNC_ERROR; } - struct openvpn_plugin_string_list *rl = - calloc(1, sizeof(struct openvpn_plugin_string_list)); + struct openvpn_plugin_string_list *rl = calloc(1, sizeof(struct openvpn_plugin_string_list)); if (!rl) { plugin_log(PLOG_ERR, MODULE, "malloc(return_list) failed"); @@ -466,12 +467,10 @@ int openvpn_plugin_client_connect_defer_v2(struct plugin_context *context, struct plugin_per_client_context *pcc, - struct openvpn_plugin_string_list - **return_list) + struct openvpn_plugin_string_list **return_list) { time_t time_left = pcc->sleep_until - time(NULL); - plugin_log(PLOG_NOTE, MODULE, "defer_v2: seconds left=%d", - (int) time_left); + plugin_log(PLOG_NOTE, MODULE, "defer_v2: seconds left=%d", (int)time_left); /* not yet due? */ if (time_left > 0) @@ -482,15 +481,14 @@ /* client wants fail? */ if (pcc->want_fail) { - plugin_log(PLOG_NOTE, MODULE, "env has UV_WANT_CC2_FAIL -> fail" ); + plugin_log(PLOG_NOTE, MODULE, "env has UV_WANT_CC2_FAIL -> fail"); return OPENVPN_PLUGIN_FUNC_ERROR; } /* fill in RL according to with-disable / without-disable */ /* TODO: unify this with non-deferred case */ - struct openvpn_plugin_string_list *rl = - calloc(1, sizeof(struct openvpn_plugin_string_list)); + struct openvpn_plugin_string_list *rl = calloc(1, sizeof(struct openvpn_plugin_string_list)); if (!rl) { plugin_log(PLOG_ERR, MODULE, "malloc(return_list) failed"); @@ -522,15 +520,12 @@ } OPENVPN_EXPORT int -openvpn_plugin_func_v2(openvpn_plugin_handle_t handle, - const int type, - const char *argv[], - const char *envp[], - void *per_client_context, +openvpn_plugin_func_v2(openvpn_plugin_handle_t handle, const int type, const char *argv[], + const char *envp[], void *per_client_context, struct openvpn_plugin_string_list **return_list) { - struct plugin_context *context = (struct plugin_context *) handle; - struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context; + struct plugin_context *context = (struct plugin_context *)handle; + struct plugin_per_client_context *pcc = (struct plugin_per_client_context *)per_client_context; /* for most functions, we just "don't do anything" but log the * event received (so one can follow it in the log and understand @@ -564,13 +559,11 @@ case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: plugin_log(PLOG_NOTE, MODULE, "OPENVPN_PLUGIN_CLIENT_CONNECT_V2"); - return openvpn_plugin_client_connect_v2(context, pcc, envp, - return_list); + return openvpn_plugin_client_connect_v2(context, pcc, envp, return_list); case OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2: plugin_log(PLOG_NOTE, MODULE, "OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2"); - return openvpn_plugin_client_connect_defer_v2(context, pcc, - return_list); + return openvpn_plugin_client_connect_defer_v2(context, pcc, return_list); case OPENVPN_PLUGIN_CLIENT_DISCONNECT: plugin_log(PLOG_NOTE, MODULE, "OPENVPN_PLUGIN_CLIENT_DISCONNECT"); @@ -607,7 +600,7 @@ OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; printf("FUNC: openvpn_plugin_close_v1\n"); free(context); } diff --git a/sample/sample-plugins/defer/multi-auth.c b/sample/sample-plugins/defer/multi-auth.c index 9a2cb13..3c9c9c6 100644 --- a/sample/sample-plugins/defer/multi-auth.c +++ b/sample/sample-plugins/defer/multi-auth.c @@ -62,7 +62,8 @@ * Our context, where we keep our state. */ -struct plugin_context { +struct plugin_context +{ int test_deferred_auth; char *authid; char *test_valid_user; @@ -103,11 +104,12 @@ * structver '5' here to indicate a desire for modern openvpn, rather * than a need for any particular feature found in structver beyond '1'. */ -#define OPENVPN_PLUGIN_VERSION_MIN 3 +#define OPENVPN_PLUGIN_VERSION_MIN 3 #define OPENVPN_PLUGIN_STRUCTVER_MIN 5 -struct plugin_per_client_context { +struct plugin_per_client_context +{ int n_calls; bool generated_pf_file; }; @@ -175,13 +177,13 @@ /* use v3 functions so we can use openvpn's logging and base64 etc. */ OPENVPN_EXPORT int -openvpn_plugin_open_v3(const int v3structver, - struct openvpn_plugin_args_open_in const *args, +openvpn_plugin_open_v3(const int v3structver, struct openvpn_plugin_args_open_in const *args, struct openvpn_plugin_args_open_return *ret) { if (v3structver < OPENVPN_PLUGIN_STRUCTVER_MIN) { - fprintf(stderr, "%s: this plugin is incompatible with the running version of OpenVPN\n", MODULE); + fprintf(stderr, "%s: this plugin is incompatible with the running version of OpenVPN\n", + MODULE); return OPENVPN_PLUGIN_FUNC_ERROR; } @@ -194,7 +196,7 @@ * Allocate our context */ struct plugin_context *context = NULL; - context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); + context = (struct plugin_context *)calloc(1, sizeof(struct plugin_context)); if (!context) { goto error; @@ -238,7 +240,7 @@ * Which callbacks to intercept. */ ret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); - ret->handle = (openvpn_plugin_handle_t *) context; + ret->handle = (openvpn_plugin_handle_t *)context; plog(context, PLOG_NOTE, "initialization succeeded"); return OPENVPN_PLUGIN_FUNC_SUCCESS; @@ -253,29 +255,22 @@ } static bool -do_auth_user_pass(struct plugin_context *context, - const char *username, const char *password) +do_auth_user_pass(struct plugin_context *context, const char *username, const char *password) { - plog(context, PLOG_NOTE, - "expect_user=%s, received_user=%s, expect_passw=%s, received_passw=%s", - np(context->test_valid_user), - np(username), - np(context->test_valid_pass), - np(password)); + plog(context, PLOG_NOTE, "expect_user=%s, received_user=%s, expect_passw=%s, received_passw=%s", + np(context->test_valid_user), np(username), np(context->test_valid_pass), np(password)); if (context->test_valid_user && context->test_valid_pass) { if ((strcmp(context->test_valid_user, username) != 0) || (strcmp(context->test_valid_pass, password) != 0)) { - plog(context, PLOG_ERR, - "User/Password auth result: FAIL"); + plog(context, PLOG_ERR, "User/Password auth result: FAIL"); return false; } else { - plog(context, PLOG_NOTE, - "User/Password auth result: PASS"); + plog(context, PLOG_NOTE, "User/Password auth result: PASS"); return true; } } @@ -284,8 +279,7 @@ static int -auth_user_pass_verify(struct plugin_context *context, - struct plugin_per_client_context *pcc, +auth_user_pass_verify(struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) { /* get username/password from envp string array */ @@ -295,8 +289,8 @@ if (!context->test_deferred_auth) { plog(context, PLOG_NOTE, "Direct authentication"); - return do_auth_user_pass(context, username, password) ? - OPENVPN_PLUGIN_FUNC_SUCCESS : OPENVPN_PLUGIN_FUNC_ERROR; + return do_auth_user_pass(context, username, password) ? OPENVPN_PLUGIN_FUNC_SUCCESS + : OPENVPN_PLUGIN_FUNC_ERROR; } /* get auth_control_file filename from envp string array*/ @@ -317,11 +311,11 @@ /* fork, sleep, succeed (no "real" auth done = always succeed) */ pid_t p1 = fork(); - if (p1 < 0) /* Fork failed */ + if (p1 < 0) /* Fork failed */ { return OPENVPN_PLUGIN_FUNC_ERROR; } - if (p1 > 0) /* parent process */ + if (p1 > 0) /* parent process */ { waitpid(p1, NULL, 0); return OPENVPN_PLUGIN_FUNC_DEFERRED; @@ -331,11 +325,11 @@ pid_t p2 = fork(); if (p2 < 0) { - plog(context, PLOG_ERR|PLOG_ERRNO, "BACKGROUND: fork(2) failed"); + plog(context, PLOG_ERR | PLOG_ERRNO, "BACKGROUND: fork(2) failed"); exit(1); } - if (p2 != 0) /* new parent: exit right away */ + if (p2 != 0) /* new parent: exit right away */ { exit(0); } @@ -347,7 +341,7 @@ */ /* do mighty complicated work that will really take time here... */ - useconds_t wait_time = (useconds_t)context->test_deferred_auth*1000; + useconds_t wait_time = (useconds_t)context->test_deferred_auth * 1000; plog(context, PLOG_NOTE, "in async/deferred handler, usleep(%u)", wait_time); usleep(wait_time); @@ -355,8 +349,7 @@ int fd = open(auth_control_file, O_WRONLY); if (fd < 0) { - plog(context, PLOG_ERR|PLOG_ERRNO, - "open('%s') failed", auth_control_file); + plog(context, PLOG_ERR | PLOG_ERRNO, "open('%s') failed", auth_control_file); exit(1); } @@ -368,7 +361,7 @@ if (write(fd, result, 1) != 1) { - plog(context, PLOG_ERR|PLOG_ERRNO, "write to '%s' failed", auth_control_file ); + plog(context, PLOG_ERR | PLOG_ERRNO, "write to '%s' failed", auth_control_file); } close(fd); @@ -377,19 +370,20 @@ OPENVPN_EXPORT int -openvpn_plugin_func_v3(const int v3structver, - struct openvpn_plugin_args_func_in const *args, +openvpn_plugin_func_v3(const int v3structver, struct openvpn_plugin_args_func_in const *args, struct openvpn_plugin_args_func_return *ret) { if (v3structver < OPENVPN_PLUGIN_STRUCTVER_MIN) { - fprintf(stderr, "%s: this plugin is incompatible with the running version of OpenVPN\n", MODULE); + fprintf(stderr, "%s: this plugin is incompatible with the running version of OpenVPN\n", + MODULE); return OPENVPN_PLUGIN_FUNC_ERROR; } const char **argv = args->argv; const char **envp = args->envp; - struct plugin_context *context = (struct plugin_context *) args->handle; - struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) args->per_client_context; + struct plugin_context *context = (struct plugin_context *)args->handle; + struct plugin_per_client_context *pcc = + (struct plugin_per_client_context *)args->per_client_context; switch (args->type) { case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: @@ -405,7 +399,7 @@ OPENVPN_EXPORT void * openvpn_plugin_client_constructor_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; plog(context, PLOG_NOTE, "FUNC: openvpn_plugin_client_constructor_v1"); return calloc(1, sizeof(struct plugin_per_client_context)); } @@ -413,7 +407,7 @@ OPENVPN_EXPORT void openvpn_plugin_client_destructor_v1(openvpn_plugin_handle_t handle, void *per_client_context) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; plog(context, PLOG_NOTE, "FUNC: openvpn_plugin_client_destructor_v1"); free(per_client_context); } @@ -421,7 +415,7 @@ OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; plog(context, PLOG_NOTE, "FUNC: openvpn_plugin_close_v1"); free(context); } diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c index b73144f..e7556a1 100644 --- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c +++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c @@ -37,22 +37,25 @@ #define MAXPATH 1024 #endif -#define ovpn_err(fmt, ...) \ - plugin->log(PLOG_ERR, "SSO", fmt, ## __VA_ARGS__) -#define ovpn_dbg(fmt, ...) \ - plugin->log(PLOG_DEBUG, "SSO", fmt, ## __VA_ARGS__) -#define ovpn_note(fmt, ...) \ - plugin->log(PLOG_NOTE, "SSO", fmt, ## __VA_ARGS__) +#define ovpn_err(fmt, ...) plugin->log(PLOG_ERR, "SSO", fmt, ##__VA_ARGS__) +#define ovpn_dbg(fmt, ...) plugin->log(PLOG_DEBUG, "SSO", fmt, ##__VA_ARGS__) +#define ovpn_note(fmt, ...) plugin->log(PLOG_NOTE, "SSO", fmt, ##__VA_ARGS__) -enum endpoint { CLIENT = 1, SERVER = 2 }; +enum endpoint +{ + CLIENT = 1, + SERVER = 2 +}; -struct plugin { +struct plugin +{ plugin_log_t log; enum endpoint type; int mask; }; -struct session { +struct session +{ char user[48]; char key[48]; }; @@ -85,8 +88,7 @@ } OPENVPN_EXPORT int -openvpn_plugin_open_v3(const int version, - struct openvpn_plugin_args_open_in const *args, +openvpn_plugin_open_v3(const int version, struct openvpn_plugin_args_open_in const *args, struct openvpn_plugin_args_open_return *rv) { struct plugin *plugin = calloc(1, sizeof(*plugin)); @@ -98,9 +100,9 @@ } plugin->type = get_env("remote_1", args->envp) ? CLIENT : SERVER; - plugin->log = args->callbacks->plugin_log; + plugin->log = args->callbacks->plugin_log; - plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); + plugin->mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); plugin->mask |= OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY); ovpn_note("vpn endpoint type=%s", plugin->type == CLIENT ? "client" : "server"); @@ -163,8 +165,8 @@ static int tls_verify(struct openvpn_plugin_args_func_in const *args) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; /* we store cert subject for the server end point only */ if (plugin->type != SERVER) @@ -199,8 +201,8 @@ static void server_store(struct openvpn_plugin_args_func_in const *args) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; char file[MAXPATH]; snprintf(file, sizeof(file) - 1, "/tmp/openvpn_sso_%s", sess->key); @@ -211,8 +213,8 @@ static void client_store(struct openvpn_plugin_args_func_in const *args) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; char *file = "/tmp/openvpn_sso_user"; ovpn_note("app session file: %s", file); @@ -223,8 +225,8 @@ tls_final(struct openvpn_plugin_args_func_in const *args, struct openvpn_plugin_args_func_return *rv) { - struct plugin *plugin = (struct plugin *)args->handle; - struct session *sess = (struct session *)args->per_client_context; + struct plugin *plugin = (struct plugin *)args->handle; + struct session *sess = (struct session *)args->per_client_context; const char *key; if (!(key = get_env("exported_keying_material", args->envp))) @@ -251,8 +253,7 @@ } OPENVPN_EXPORT int -openvpn_plugin_func_v3(const int version, - struct openvpn_plugin_args_func_in const *args, +openvpn_plugin_func_v3(const int version, struct openvpn_plugin_args_func_in const *args, struct openvpn_plugin_args_func_return *rv) { switch (args->type) @@ -270,7 +271,7 @@ openvpn_plugin_client_constructor_v1(openvpn_plugin_handle_t handle) { struct plugin *plugin = (struct plugin *)handle; - struct session *sess = calloc(1, sizeof(*sess)); + struct session *sess = calloc(1, sizeof(*sess)); ovpn_note("app session created"); @@ -281,7 +282,7 @@ openvpn_plugin_client_destructor_v1(openvpn_plugin_handle_t handle, void *ctx) { struct plugin *plugin = (struct plugin *)handle; - struct session *sess = (struct session *)ctx; + struct session *sess = (struct session *)ctx; ovpn_note("app session key: %s", sess->key); ovpn_note("app session destroyed"); diff --git a/sample/sample-plugins/log/log.c b/sample/sample-plugins/log/log.c index 63d714f..70fa60d 100644 --- a/sample/sample-plugins/log/log.c +++ b/sample/sample-plugins/log/log.c @@ -36,7 +36,8 @@ /* * Our context, where we keep our state. */ -struct plugin_context { +struct plugin_context +{ const char *username; const char *password; }; @@ -75,7 +76,7 @@ /* * Allocate our context */ - context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); + context = (struct plugin_context *)calloc(1, sizeof(struct plugin_context)); if (context == NULL) { printf("PLUGIN: allocating memory for context failed\n"); @@ -91,19 +92,17 @@ /* * Which callbacks to intercept. */ - *type_mask = - OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); + *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); - return (openvpn_plugin_handle_t) context; + return (openvpn_plugin_handle_t)context; } void @@ -171,9 +170,10 @@ } OPENVPN_EXPORT int -openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) +openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], + const char *envp[]) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; show(type, argv, envp); @@ -184,8 +184,8 @@ const char *username = get_env("username", envp); const char *password = get_env("password", envp); - if (username && !strcmp(username, context->username) - && password && !strcmp(password, context->password)) + if (username && !strcmp(username, context->username) && password + && !strcmp(password, context->password)) { return OPENVPN_PLUGIN_FUNC_SUCCESS; } @@ -203,6 +203,6 @@ OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; free(context); } diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c index 02cdda8..cef22cf 100644 --- a/sample/sample-plugins/log/log_v3.c +++ b/sample/sample-plugins/log/log_v3.c @@ -39,7 +39,8 @@ /* * Our context, where we keep our state. */ -struct plugin_context { +struct plugin_context +{ const char *username; const char *password; }; @@ -71,8 +72,7 @@ } OPENVPN_EXPORT int -openvpn_plugin_open_v3(const int v3structver, - struct openvpn_plugin_args_open_in const *args, +openvpn_plugin_open_v3(const int v3structver, struct openvpn_plugin_args_open_in const *args, struct openvpn_plugin_args_open_return *ret) { struct plugin_context *context = NULL; @@ -80,7 +80,8 @@ /* Check that we are API compatible */ if (v3structver != OPENVPN_PLUGINv3_STRUCTVER) { - printf("log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); + printf( + "log_v3: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); return OPENVPN_PLUGIN_FUNC_ERROR; } @@ -91,26 +92,24 @@ } /* Print some version information about the OpenVPN process using this plug-in */ - printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", - args->ovpn_version, args->ovpn_version_major, - args->ovpn_version_minor, args->ovpn_version_patch); + printf("log_v3: OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", args->ovpn_version, + args->ovpn_version_major, args->ovpn_version_minor, args->ovpn_version_patch); /* Which callbacks to intercept. */ - ret->type_mask = - OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); + ret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_UP) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_DOWN) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_ROUTE_UP) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_IPCHANGE) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_FINAL); /* Allocate our context */ - context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); + context = (struct plugin_context *)calloc(1, sizeof(struct plugin_context)); if (context == NULL) { printf("PLUGIN: allocating memory for context failed\n"); @@ -122,7 +121,7 @@ context->password = "bar"; /* Point the global context handle to our newly created context */ - ret->handle = (void *) context; + ret->handle = (void *)context; return OPENVPN_PLUGIN_FUNC_SUCCESS; } @@ -243,13 +242,11 @@ } - OPENVPN_EXPORT int -openvpn_plugin_func_v3(const int version, - struct openvpn_plugin_args_func_in const *args, +openvpn_plugin_func_v3(const int version, struct openvpn_plugin_args_func_in const *args, struct openvpn_plugin_args_func_return *retptr) { - struct plugin_context *context = (struct plugin_context *) args->handle; + struct plugin_context *context = (struct plugin_context *)args->handle; printf("\nopenvpn_plugin_func_v3() :::::>> "); show(args->type, args->argv, args->envp); @@ -270,8 +267,8 @@ const char *username = get_env("username", args->envp); const char *password = get_env("password", args->envp); - if (username && !strcmp(username, context->username) - && password && !strcmp(password, context->password)) + if (username && !strcmp(username, context->username) && password + && !strcmp(password, context->password)) { return OPENVPN_PLUGIN_FUNC_SUCCESS; } @@ -289,6 +286,6 @@ OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; free(context); } diff --git a/sample/sample-plugins/simple/base64.c b/sample/sample-plugins/simple/base64.c index b6c0c97..8a1dedd 100644 --- a/sample/sample-plugins/simple/base64.c +++ b/sample/sample-plugins/simple/base64.c @@ -98,21 +98,20 @@ * */ OPENVPN_EXPORT int -openvpn_plugin_open_v3(const int v3structver, - struct openvpn_plugin_args_open_in const *args, +openvpn_plugin_open_v3(const int v3structver, struct openvpn_plugin_args_open_in const *args, struct openvpn_plugin_args_open_return *ret) { /* Check that we are API compatible */ if (v3structver != OPENVPN_PLUGINv3_STRUCTVER) { - printf("base64.c: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); + printf( + "base64.c: ** ERROR ** Incompatible plug-in interface between this plug-in and OpenVPN\n"); return OPENVPN_PLUGIN_FUNC_ERROR; } /* Which callbacks to intercept. */ - ret->type_mask = - OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) - |OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2); + ret->type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) + | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT_V2); /* we don't need a plug-in context in this example, but OpenVPN expects "something" */ ret->handle = calloc(1, 1); @@ -125,8 +124,8 @@ /* Print some version information about the OpenVPN process using this plug-in */ ovpn_log(PLOG_NOTE, PLUGIN_NAME, "OpenVPN %s (Major: %i, Minor: %i, Patch: %s)\n", - args->ovpn_version, args->ovpn_version_major, - args->ovpn_version_minor, args->ovpn_version_patch); + args->ovpn_version, args->ovpn_version_major, args->ovpn_version_minor, + args->ovpn_version_patch); return OPENVPN_PLUGIN_FUNC_SUCCESS; } @@ -154,10 +153,10 @@ */ OPENVPN_EXPORT int -openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) +openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], + const char *envp[]) { - if (type != OPENVPN_PLUGIN_TLS_VERIFY - && type != OPENVPN_PLUGIN_CLIENT_CONNECT_V2) + if (type != OPENVPN_PLUGIN_TLS_VERIFY && type != OPENVPN_PLUGIN_CLIENT_CONNECT_V2) { ovpn_log(PLOG_ERR, PLUGIN_NAME, "Unsupported plug-in hook call attempted"); return OPENVPN_PLUGIN_FUNC_ERROR; @@ -174,14 +173,13 @@ /* test the BASE64 encode function */ char *buf = NULL; int r = ovpn_base64_encode(clcert_cn, (int)strlen(clcert_cn), &buf); - ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 encoded '%s' (return value %i): '%s'", - clcert_cn, r, buf); + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 encoded '%s' (return value %i): '%s'", clcert_cn, r, + buf); /* test the BASE64 decode function */ - char buf2[256] = {0}; + char buf2[256] = { 0 }; r = ovpn_base64_decode(buf, &buf2, 255); - ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 decoded '%s' (return value %i): '%s'", - buf, r, buf2); + ovpn_log(PLOG_NOTE, PLUGIN_NAME, "BASE64 decoded '%s' (return value %i): '%s'", buf, r, buf2); /* Verify the result, and free the buffer allocated by ovpn_base64_encode() */ r = strcmp(clcert_cn, buf2); @@ -201,6 +199,6 @@ OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; free(context); } diff --git a/sample/sample-plugins/simple/simple.c b/sample/sample-plugins/simple/simple.c index ed5bce5..8b2b793 100644 --- a/sample/sample-plugins/simple/simple.c +++ b/sample/sample-plugins/simple/simple.c @@ -38,7 +38,8 @@ /* * Our context, where we keep our state. */ -struct plugin_context { +struct plugin_context +{ const char *username; const char *password; }; @@ -77,7 +78,7 @@ /* * Allocate our context */ - context = (struct plugin_context *) calloc(1, sizeof(struct plugin_context)); + context = (struct plugin_context *)calloc(1, sizeof(struct plugin_context)); if (context == NULL) { printf("PLUGIN: allocating memory for context failed\n"); @@ -96,21 +97,22 @@ */ *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); - return (openvpn_plugin_handle_t) context; + return (openvpn_plugin_handle_t)context; } OPENVPN_EXPORT int -openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) +openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const char *argv[], + const char *envp[]) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; /* get username/password from envp string array */ const char *username = get_env("username", envp); const char *password = get_env("password", envp); /* check entered username/password against what we require */ - if (username && !strcmp(username, context->username) - && password && !strcmp(password, context->password)) + if (username && !strcmp(username, context->username) && password + && !strcmp(password, context->password)) { return OPENVPN_PLUGIN_FUNC_SUCCESS; } @@ -123,6 +125,6 @@ OPENVPN_EXPORT void openvpn_plugin_close_v1(openvpn_plugin_handle_t handle) { - struct plugin_context *context = (struct plugin_context *) handle; + struct plugin_context *context = (struct plugin_context *)handle; free(context); } diff --git a/src/compat/compat-basename.c b/src/compat/compat-basename.c index 18944f6..24f5af7 100644 --- a/src/compat/compat-basename.c +++ b/src/compat/compat-basename.c @@ -41,7 +41,7 @@ /* If NULL, check for \ instead ... might be Windows a path */ p = strrchr(filename, '\\'); } - return p ? p + 1 : (char *) filename; + return p ? p + 1 : (char *)filename; } #endif /* HAVE_BASENAME */ diff --git a/src/compat/compat-dirname.c b/src/compat/compat-dirname.c index 17de8ad..a432bae 100644 --- a/src/compat/compat-dirname.c +++ b/src/compat/compat-dirname.c @@ -89,7 +89,7 @@ /* The '/' is the last character, we have to look further. */ if (runp != path) { - last_slash = (char *) __memrchr(path, separator, runp - path); + last_slash = (char *)__memrchr(path, separator, runp - path); } } @@ -134,7 +134,7 @@ /* This assignment is ill-designed but the XPG specs require to * return a string containing "." in any case no directory part is * found and so a static and constant string is required. */ - path = (char *) dot; + path = (char *)dot; } return path; diff --git a/src/compat/compat-gettimeofday.c b/src/compat/compat-gettimeofday.c index de53cb5..29ded6c 100644 --- a/src/compat/compat-gettimeofday.c +++ b/src/compat/compat-gettimeofday.c @@ -48,7 +48,7 @@ { const time_t t = time(NULL); const DWORD gtc = GetTickCount(); - gtc_base = t - gtc/1000; + gtc_base = t - gtc / 1000; gtc_last = gtc; } @@ -112,7 +112,7 @@ return 0; } -#else /* ifdef _WIN32 */ +#else /* ifdef _WIN32 */ #include <time.h> diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c index 34266d4..903fc0a 100644 --- a/src/openvpn/argv.c +++ b/src/openvpn/argv.c @@ -284,8 +284,7 @@ * free()d to avoid memory leaks. */ static char * -argv_prep_format(const char *format, const char delim, size_t *count, - struct gc_arena *gc) +argv_prep_format(const char *format, const char delim, size_t *count, struct gc_arena *gc) { if (format == NULL) { @@ -311,7 +310,7 @@ * the string is empty; the resulting format string * will never start with a delimiter. */ - if (j > 0) /* Has anything been written to the output string? */ + if (j > 0) /* Has anything been written to the output string? */ { f[j++] = delim; } @@ -347,7 +346,7 @@ static bool argv_printf_arglist(struct argv *argres, const char *format, va_list arglist) { - const char delim = 0x1D; /* ASCII Group Separator (GS) */ + const char delim = 0x1D; /* ASCII Group Separator (GS) */ bool res = false; /* @@ -484,8 +483,8 @@ argv_reset(argres); char *parms[MAX_PARMS + 1] = { 0 }; - int nparms = parse_line(cmdstr, parms, MAX_PARMS, "SCRIPT-ARGV", 0, - D_ARGV_PARSE_CMD, &argres->gc); + int nparms = + parse_line(cmdstr, parms, MAX_PARMS, "SCRIPT-ARGV", 0, D_ARGV_PARSE_CMD, &argres->gc); if (nparms) { int i; diff --git a/src/openvpn/argv.h b/src/openvpn/argv.h index f694760..056fe31 100644 --- a/src/openvpn/argv.h +++ b/src/openvpn/argv.h @@ -31,7 +31,8 @@ #include "buffer.h" -struct argv { +struct argv +{ struct gc_arena gc; size_t capacity; size_t argc; @@ -55,21 +56,21 @@ bool argv_printf(struct argv *a, const char *format, ...) #ifdef __GNUC__ #if __USE_MINGW_ANSI_STDIO -__attribute__ ((format(gnu_printf, 2, 3))) + __attribute__((format(gnu_printf, 2, 3))) #else -__attribute__ ((format(__printf__, 2, 3))) + __attribute__((format(__printf__, 2, 3))) #endif #endif -; + ; bool argv_printf_cat(struct argv *a, const char *format, ...) #ifdef __GNUC__ #if __USE_MINGW_ANSI_STDIO -__attribute__ ((format(gnu_printf, 2, 3))) + __attribute__((format(gnu_printf, 2, 3))) #else -__attribute__ ((format(__printf__, 2, 3))) + __attribute__((format(__printf__, 2, 3))) #endif #endif -; + ; #endif /* ifndef ARGV_H */ diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index 3cf55e8..a694e81 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -18,7 +18,7 @@ const char *auth_token_pem_name = "OpenVPN auth-token server key"; -#define AUTH_TOKEN_SESSION_ID_LEN 12 +#define AUTH_TOKEN_SESSION_ID_LEN 12 #define AUTH_TOKEN_SESSION_ID_BASE64_LEN (AUTH_TOKEN_SESSION_ID_LEN * 8 / 6) #if AUTH_TOKEN_SESSION_ID_LEN % 3 @@ -53,7 +53,7 @@ } else if (auth_token_state_flags & AUTH_TOKEN_HMAC_OK) { - switch (auth_token_state_flags & (AUTH_TOKEN_VALID_EMPTYUSER|AUTH_TOKEN_EXPIRED)) + switch (auth_token_state_flags & (AUTH_TOKEN_VALID_EMPTYUSER | AUTH_TOKEN_EXPIRED)) { case 0: state = "Authenticated"; @@ -107,9 +107,9 @@ * in the encoding */ - char session_id[AUTH_TOKEN_SESSION_ID_LEN*2] = {0}; + char session_id[AUTH_TOKEN_SESSION_ID_LEN * 2] = { 0 }; memcpy(session_id, session_id_source + strlen(SESSION_ID_PREFIX), - AUTH_TOKEN_SESSION_ID_LEN*8/6); + AUTH_TOKEN_SESSION_ID_LEN * 8 / 6); setenv_str(session->opt->es, "session_id", session_id); } @@ -121,8 +121,7 @@ } void -auth_token_init_secret(struct key_ctx *key_ctx, const char *key_file, - bool key_inline) +auth_token_init_secret(struct key_ctx *key_ctx, const char *key_file, bool key_inline) { struct key_type kt = auth_token_kt(); @@ -131,14 +130,12 @@ bool key_loaded = false; if (key_file) { - key_loaded = read_pem_key_file(&server_secret_key, - auth_token_pem_name, - key_file, key_inline); + key_loaded = + read_pem_key_file(&server_secret_key, auth_token_pem_name, key_file, key_inline); } else { - key_loaded = generate_ephemeral_key(&server_secret_key, - auth_token_pem_name); + key_loaded = generate_ephemeral_key(&server_secret_key, auth_token_pem_name); } if (!key_loaded) @@ -169,7 +166,7 @@ int64_t initial_timestamp = timestamp; hmac_ctx_t *ctx = multi->opt.auth_token_key.hmac; - ASSERT(hmac_ctx_size(ctx) == 256/8); + ASSERT(hmac_ctx_size(ctx) == 256 / 8); uint8_t sessid[AUTH_TOKEN_SESSION_ID_LEN]; @@ -185,7 +182,7 @@ char *initial_token_copy = string_alloc(multi->auth_token_initial, &gc); char *old_sessid = initial_token_copy + strlen(SESSION_ID_PREFIX); - char *old_tstamp_initial = old_sessid + AUTH_TOKEN_SESSION_ID_LEN*8/6; + char *old_tstamp_initial = old_sessid + AUTH_TOKEN_SESSION_ID_LEN * 8 / 6; /* * We null terminate the old token just after the session ID to let @@ -197,12 +194,13 @@ memcpy(&initial_timestamp, &old_tstamp_decode, sizeof(initial_timestamp)); old_tstamp_initial[0] = '\0'; - ASSERT(openvpn_base64_decode(old_sessid, sessid, AUTH_TOKEN_SESSION_ID_LEN) == AUTH_TOKEN_SESSION_ID_LEN); + ASSERT(openvpn_base64_decode(old_sessid, sessid, AUTH_TOKEN_SESSION_ID_LEN) + == AUTH_TOKEN_SESSION_ID_LEN); } else if (!rand_bytes(sessid, AUTH_TOKEN_SESSION_ID_LEN)) { - msg( M_FATAL, "Failed to get enough randomness for " - "authentication token"); + msg(M_FATAL, "Failed to get enough randomness for " + "authentication token"); } /* Calculate the HMAC */ @@ -210,7 +208,7 @@ * with \0 in them is asking for troubles in so many ways anyway that we * ignore that corner case here */ - uint8_t hmac_output[256/8]; + uint8_t hmac_output[256 / 8]; hmac_ctx_reset(ctx); @@ -222,20 +220,20 @@ struct key_state *ks = &multi->session[TM_ACTIVE].key[KS_PRIMARY]; if (ks->auth_token_state_flags & AUTH_TOKEN_VALID_EMPTYUSER) { - hmac_ctx_update(ctx, (const uint8_t *) "", 0); + hmac_ctx_update(ctx, (const uint8_t *)"", 0); } else { - hmac_ctx_update(ctx, (uint8_t *) up->username, (int) strlen(up->username)); + hmac_ctx_update(ctx, (uint8_t *)up->username, (int)strlen(up->username)); } hmac_ctx_update(ctx, sessid, AUTH_TOKEN_SESSION_ID_LEN); - hmac_ctx_update(ctx, (uint8_t *) &initial_timestamp, sizeof(initial_timestamp)); - hmac_ctx_update(ctx, (uint8_t *) ×tamp, sizeof(timestamp)); + hmac_ctx_update(ctx, (uint8_t *)&initial_timestamp, sizeof(initial_timestamp)); + hmac_ctx_update(ctx, (uint8_t *)×tamp, sizeof(timestamp)); hmac_ctx_final(ctx, hmac_output); /* Construct the unencoded session token */ - struct buffer token = alloc_buf_gc( - 2*sizeof(uint64_t) + AUTH_TOKEN_SESSION_ID_LEN + 256/8, &gc); + struct buffer token = + alloc_buf_gc(2 * sizeof(uint64_t) + AUTH_TOKEN_SESSION_ID_LEN + 256 / 8, &gc); ASSERT(buf_write(&token, sessid, sizeof(sessid))); ASSERT(buf_write(&token, &initial_timestamp, sizeof(initial_timestamp))); @@ -245,8 +243,8 @@ char *b64output = NULL; openvpn_base64_encode(BPTR(&token), BLEN(&token), &b64output); - struct buffer session_token = alloc_buf_gc( - strlen(SESSION_ID_PREFIX) + strlen(b64output) + 1, &gc); + struct buffer session_token = + alloc_buf_gc(strlen(SESSION_ID_PREFIX) + strlen(b64output) + 1, &gc); ASSERT(buf_write(&session_token, SESSION_ID_PREFIX, strlen(SESSION_ID_PREFIX))); ASSERT(buf_write(&session_token, b64output, (int)strlen(b64output))); @@ -258,8 +256,7 @@ free(multi->auth_token); multi->auth_token = strdup((char *)BPTR(&session_token)); - dmsg(D_SHOW_KEYS, "Generated token for client: %s (%s)", - multi->auth_token, up->username); + dmsg(D_SHOW_KEYS, "Generated token for client: %s (%s)", multi->auth_token, up->username); if (!multi->auth_token_initial) { @@ -277,22 +274,21 @@ static bool check_hmac_token(hmac_ctx_t *ctx, const uint8_t *b64decoded, const char *username) { - ASSERT(hmac_ctx_size(ctx) == 256/8); + ASSERT(hmac_ctx_size(ctx) == 256 / 8); - uint8_t hmac_output[256/8]; + uint8_t hmac_output[256 / 8]; hmac_ctx_reset(ctx); - hmac_ctx_update(ctx, (uint8_t *) username, (int)strlen(username)); - hmac_ctx_update(ctx, b64decoded, TOKEN_DATA_LEN - 256/8); + hmac_ctx_update(ctx, (uint8_t *)username, (int)strlen(username)); + hmac_ctx_update(ctx, b64decoded, TOKEN_DATA_LEN - 256 / 8); hmac_ctx_final(ctx, hmac_output); - const uint8_t *hmac = b64decoded + TOKEN_DATA_LEN - 256/8; + const uint8_t *hmac = b64decoded + TOKEN_DATA_LEN - 256 / 8; return memcmp_constant_time(&hmac_output, hmac, 32) == 0; } unsigned int -verify_auth_token(struct user_pass *up, struct tls_multi *multi, - struct tls_session *session) +verify_auth_token(struct user_pass *up, struct tls_multi *multi, struct tls_session *session) { /* * Base64 is <= input and input is < USER_PASS_LEN, so using USER_PASS_LEN @@ -300,8 +296,8 @@ */ ASSERT(up && !up->protected); uint8_t b64decoded[USER_PASS_LEN]; - int decoded_len = openvpn_base64_decode(up->password + strlen(SESSION_ID_PREFIX), - b64decoded, USER_PASS_LEN); + int decoded_len = + openvpn_base64_decode(up->password + strlen(SESSION_ID_PREFIX), b64decoded, USER_PASS_LEN); /* * Ensure that the decoded data is the size of the @@ -309,8 +305,7 @@ */ if (decoded_len != TOKEN_DATA_LEN) { - msg(M_WARN, "ERROR: --auth-token wrong size (%d!=%d)", - decoded_len, (int) TOKEN_DATA_LEN); + msg(M_WARN, "ERROR: --auth-token wrong size (%d!=%d)", decoded_len, (int)TOKEN_DATA_LEN); return 0; } @@ -343,15 +338,14 @@ } else { - msg(M_WARN, "--auth-gen-token: HMAC on token from client failed (%s)", - up->username); + msg(M_WARN, "--auth-gen-token: HMAC on token from client failed (%s)", up->username); return 0; } /* Accept session tokens only if their timestamp is in the acceptable range * for renegotiations */ - bool in_renegotiation_time = now >= timestamp - && now < timestamp + 2 * session->opt->auth_token_renewal; + bool in_renegotiation_time = + now >= timestamp && now < timestamp + 2 * session->opt->auth_token_renewal; if (!in_renegotiation_time) { @@ -363,14 +357,14 @@ /* Sanity check the initial timestamp */ if (timestamp < timestamp_initial) { - msg(M_WARN, "Initial timestamp (%" PRIu64 ") in token from client earlier than " + msg(M_WARN, + "Initial timestamp (%" PRIu64 ") in token from client earlier than " "current timestamp %" PRIu64 ". Broken/unsynchronised clock?", timestamp_initial, timestamp); ret |= AUTH_TOKEN_EXPIRED; } - if (multi->opt.auth_token_lifetime - && now > timestamp_initial + multi->opt.auth_token_lifetime) + if (multi->opt.auth_token_lifetime && now > timestamp_initial + multi->opt.auth_token_lifetime) { ret |= AUTH_TOKEN_EXPIRED; } @@ -391,7 +385,7 @@ strlen(SESSION_ID_PREFIX) + AUTH_TOKEN_SESSION_ID_BASE64_LEN)) { msg(M_WARN, "--auth-gen-token: session id in token changed (Rejecting " - "token."); + "token."); ret = 0; } return ret; @@ -409,8 +403,7 @@ } if (multi->auth_token_initial) { - secure_memzero(multi->auth_token_initial, - strlen(multi->auth_token_initial)); + secure_memzero(multi->auth_token_initial, strlen(multi->auth_token_initial)); free(multi->auth_token_initial); } multi->auth_token = NULL; @@ -438,7 +431,7 @@ if (!multi->auth_token_initial) { msg(D_SHOW_KEYS, "initial auth-token not generated yet, skipping " - "auth-token renewal."); + "auth-token renewal."); return; } diff --git a/src/openvpn/auth_token.h b/src/openvpn/auth_token.h index 3d56ee6..1e4a413 100644 --- a/src/openvpn/auth_token.h +++ b/src/openvpn/auth_token.h @@ -58,27 +58,22 @@ * This function will free() an existing multi->auth_token and keep the * existing initial timestamp and session id contained in that token. */ -void -generate_auth_token(const struct user_pass *up, struct tls_multi *multi); +void generate_auth_token(const struct user_pass *up, struct tls_multi *multi); /** * Verifies the auth token to be in the format that generate_auth_token * create and checks if the token is valid. * */ -unsigned -verify_auth_token(struct user_pass *up, struct tls_multi *multi, - struct tls_session *session); - +unsigned verify_auth_token(struct user_pass *up, struct tls_multi *multi, + struct tls_session *session); /** * Loads an HMAC secret from a file or if no file is present generates a * epheremal secret for the run time of the server and stores it into ... [truncated message content] |
