On Aug 23, 2006, at 10:58, Charles Duffy wrote:
Landon Fuller wrote:In terms of the existing plugin interface, however, this is notcurrently feasible. There is no obvious way for the plugin to return apath / setting to the openvpn instance from within openvpn_plugin_func_v1().I'm under the impression that the plugin interface allows one to hook into client-connect and return client-specific directives via writingthem to a file (the name of which is passed in the argv array), similarto the mechanism used by regular hook scripts. Indeed, in OpenVPN-2.0.7's multi.c:1273, it appears to be creating a temporary filename for precisely that use.
Whoops, I totally missed that: --client-connect scriptRun script on client connection. The script is passed the com- mon name and IP address of the just-authenticated client as en- vironmental variables (see environmental variable section be- low). The script is also passed the pathname of a not-yet-cre- ated temporary file as $1 (i.e. the first command line argu- ment), to be used by the script to pass dynamically generated
config file directives back to OpenVPN.That's very handy. When I next have some free time, I'll take a look at adding support for specifying configuration directives on the basis of LDAP group membership.
Thanks! -landonf
PGP.sig
Description: This is a digitally signed message part