On Aug 23, 2006, at 10:58, Charles Duffy wrote:
Landon Fuller wrote:In terms of the existing plugin interface, however, this is notcurrently feasible. There is no obvious way for the plugin to return apath / setting to the openvpn instance from within openvpn_plugin_func_v1().I'm under the impression that the plugin interface allows one to hook into client-connect and return client-specific directives via writingthem to a file (the name of which is passed in the argv array), similarto the mechanism used by regular hook scripts. Indeed, in OpenVPN-2.0.7's multi.c:1273, it appears to be creating a temporary filename for precisely that use.
Whoops, I totally missed that:
--client-connect script
Run script on client connection. The script is
passed the com-
mon name and IP address of the just-authenticated
client as en-
vironmental variables (see environmental variable
section be-
low). The script is also passed the pathname of a
not-yet-cre-
ated temporary file as $1 (i.e. the first command
line argu-
ment), to be used by the script to pass dynamically
generated
config file directives back to OpenVPN.
That's very handy. When I next have some free time, I'll take a look
at adding support for specifying configuration directives on the
basis of LDAP group membership.
Thanks! -landonf
PGP.sig
Description: This is a digitally signed message part
