summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-09-30 21:10:56 +0200
committerBernhard Schmidt <berni@debian.org>2020-09-30 21:10:56 +0200
commitc3a748571ed19f9259b2e63cd7ba56abdb1b7747 (patch)
treeef419b35f5a1632a8b0c3ab6faa773eed9c6788a /src
parentb97ad09a3b8c0017db0a677667a7215f1a98cccf (diff)
parent5246174f27866c0e9e22844d998f3c97cac54050 (diff)
Update upstream source from tag 'upstream/2.5_rc2'
Update to upstream version '2.5~rc2' with Debian dir 0cd2307abadc06f5064e4d5e7c23689a67b720c5
Diffstat (limited to 'src')
-rw-r--r--src/compat/PropertySheet.props2
-rw-r--r--src/openvpn/errlevel.h1
-rw-r--r--src/openvpn/init.c11
-rw-r--r--src/openvpn/networking_sitnl.c44
-rw-r--r--src/openvpn/openvpn.vcxproj4
-rw-r--r--src/openvpn/options.c6
-rw-r--r--src/openvpn/otime.h1
-rw-r--r--src/openvpn/pool.c18
-rw-r--r--src/openvpn/route.c46
-rw-r--r--src/openvpn/socket.c13
-rw-r--r--src/openvpn/socks.c9
-rw-r--r--src/openvpn/tun.c231
-rw-r--r--src/openvpnmsica/dllmain.c2
-rw-r--r--src/openvpnmsica/openvpnmsica.c16
-rw-r--r--src/openvpnserv/interactive.c141
-rw-r--r--src/tapctl/main.c2
-rw-r--r--src/tapctl/tap.c242
-rw-r--r--src/tapctl/tap.h6
18 files changed, 523 insertions, 272 deletions
diff --git a/src/compat/PropertySheet.props b/src/compat/PropertySheet.props
index fdded31..4f94b97 100644
--- a/src/compat/PropertySheet.props
+++ b/src/compat/PropertySheet.props
@@ -3,7 +3,7 @@
<ImportGroup Label="PropertySheets" />
<PropertyGroup Label="UserMacros">
<SOURCEBASE>$(SolutionDir)</SOURCEBASE>
- <OPENVPN_DEPROOT>$(SOURCEBASE)\..\openvpn-build\msvc\image</OPENVPN_DEPROOT>
+ <OPENVPN_DEPROOT>$(SOURCEBASE)\..\openvpn-build\msvc\image$(PlatformArchitecture)</OPENVPN_DEPROOT>
<OPENSSL_HOME>$(OPENVPN_DEPROOT)</OPENSSL_HOME>
<TAP_WINDOWS_HOME>$(OPENVPN_DEPROOT)</TAP_WINDOWS_HOME>
<LZO_HOME>$(OPENVPN_DEPROOT)</LZO_HOME>
diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h
index e448fc3..5663f84 100644
--- a/src/openvpn/errlevel.h
+++ b/src/openvpn/errlevel.h
@@ -91,6 +91,7 @@
#define D_OSBUF LOGLEV(3, 43, 0) /* show socket/tun/tap buffer sizes */
#define D_PS_PROXY LOGLEV(3, 44, 0) /* messages related to --port-share option */
#define D_PF_INFO LOGLEV(3, 45, 0) /* packet filter informational messages */
+#define D_IFCONFIG LOGLEV(3, 0, 0) /* show ifconfig info (don't mute) */
#define D_SHOW_PARMS LOGLEV(4, 50, 0) /* show all parameters on program initiation */
#define D_SHOW_OCC LOGLEV(4, 51, 0) /* show options compatibility string */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index a785934..d1ad5c8 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -500,6 +500,17 @@ next_connection_entry(struct context *c)
*/
if (!c->options.persist_remote_ip)
{
+ /* Connection entry addrinfo objects might have been
+ * resolved earlier but the entry itself might have been
+ * skipped by management on the previous loop.
+ * If so, clear the addrinfo objects as close_instance does
+ */
+ if (c->c1.link_socket_addr.remote_list)
+ {
+ clear_remote_addrlist(&c->c1.link_socket_addr,
+ !c->options.resolve_in_advance);
+ }
+
/* close_instance should have cleared the addrinfo objects */
ASSERT(c->c1.link_socket_addr.current_remote == NULL);
ASSERT(c->c1.link_socket_addr.remote_list == NULL);
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 713a213..2bc70a5 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -345,6 +345,13 @@ sitnl_send(struct nlmsghdr *payload, pid_t peer, unsigned int groups,
* continue;
* }
*/
+
+ if (h->nlmsg_type == NLMSG_DONE)
+ {
+ ret = 0;
+ goto out;
+ }
+
if (h->nlmsg_type == NLMSG_ERROR)
{
err = (struct nlmsgerr *)NLMSG_DATA(h);
@@ -360,7 +367,11 @@ sitnl_send(struct nlmsghdr *payload, pid_t peer, unsigned int groups,
ret = 0;
if (cb)
{
- ret = cb(h, arg_cb);
+ int r = cb(h, arg_cb);
+ if (r <= 0)
+ {
+ ret = r;
+ }
}
}
else
@@ -375,8 +386,12 @@ sitnl_send(struct nlmsghdr *payload, pid_t peer, unsigned int groups,
if (cb)
{
- ret = cb(h, arg_cb);
- goto out;
+ int r = cb(h, arg_cb);
+ if (r <= 0)
+ {
+ ret = r;
+ goto out;
+ }
}
else
{
@@ -410,6 +425,7 @@ typedef struct {
int addr_size;
inet_address_t gw;
char iface[IFNAMSIZ];
+ bool default_only;
} route_res_t;
static int
@@ -421,6 +437,12 @@ sitnl_route_save(struct nlmsghdr *n, void *arg)
int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r));
unsigned int ifindex = 0;
+ /* filter-out non-zero dst prefixes */
+ if (res->default_only && r->rtm_dst_len != 0)
+ {
+ return 1;
+ }
+
while (RTA_OK(rta, len))
{
switch (rta->rta_type)
@@ -477,11 +499,25 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst,
{
case AF_INET:
res.addr_size = sizeof(in_addr_t);
- req.n.nlmsg_flags |= NLM_F_DUMP;
+ /*
+ * kernel can't return 0.0.0.0/8 host route, dump all
+ * the routes and filter for 0.0.0.0/0 in cb()
+ */
+ if (!dst || !dst->ipv4)
+ {
+ req.n.nlmsg_flags |= NLM_F_DUMP;
+ res.default_only = true;
+ }
+ else
+ {
+ req.r.rtm_dst_len = 32;
+ }
break;
case AF_INET6:
res.addr_size = sizeof(struct in6_addr);
+ /* kernel can return ::/128 host route */
+ req.r.rtm_dst_len = 128;
break;
default:
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 5367979..3863854 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -92,7 +92,7 @@
</ClCompile>
<ResourceCompile />
<Link>
- <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<SubSystem>Console</SubSystem>
</Link>
@@ -122,7 +122,7 @@
</ClCompile>
<ResourceCompile />
<Link>
- <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<SubSystem>Console</SubSystem>
</Link>
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 8bf82c5..3df803d 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2181,10 +2181,11 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
}
if (options->tuntap_options.dhcp_options
+ && options->windows_driver != WINDOWS_DRIVER_WINTUN
&& options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ
&& options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE)
{
- msg(M_USAGE, "--dhcp-options requires --ip-win32 dynamic or adaptive");
+ msg(M_USAGE, "--dhcp-option requires --ip-win32 dynamic or adaptive");
}
if (options->windows_driver == WINDOWS_DRIVER_WINTUN && dev != DEV_TYPE_TUN)
@@ -7439,7 +7440,8 @@ add_option(struct options *options,
VERIFY_PERMISSION(OPT_P_IPWIN32);
bool ipv6dns = false;
- if (streq(p[1], "DOMAIN") && p[2])
+ if ((streq(p[1], "DOMAIN") || streq(p[1], "ADAPTER_DOMAIN_SUFFIX"))
+ && p[2])
{
o->domain = p[2];
}
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index a6f7ec2..78d20ba 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -84,6 +84,7 @@ update_time(void)
openvpn_gettimeofday(&tv, NULL);
#else
update_now(time(NULL));
+ now_usec = 0;
#endif
}
diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c
index 1f74ac5..ece0784 100644
--- a/src/openvpn/pool.c
+++ b/src/openvpn/pool.c
@@ -224,6 +224,24 @@ ifconfig_pool_init(const bool ipv4_pool, enum pool_type type, in_addr_t start,
}
pool->ipv6.base = ipv6_base;
+
+ /* if a pool starts at a base address that has all-zero in the
+ * host part, that first IPv6 address must not be assigned to
+ * clients because it is not usable (subnet anycast address).
+ * Start with 1, then.
+ *
+ * NOTE: this will also (mis-)fire for something like
+ * ifconfig-ipv6-pool 2001:db8:0:1:1234::0/64
+ * as we only check the rightmost 32 bits of the host part. So be it.
+ */
+ if (base == 0)
+ {
+ msg(D_IFCONFIG_POOL, "IFCONFIG POOL IPv6: incrementing pool start "
+ "to avoid ::0 assignment");
+ base++;
+ pool->ipv6.base.s6_addr[15]++;
+ }
+
pool_ipv6_size = ipv6_netbits >= 112
? (1 << (128 - ipv6_netbits)) - base
: IFCONFIG_POOL_MAX;
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index f127a90..d75aa5f 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -49,6 +49,10 @@
#include <linux/rtnetlink.h> /* RTM_GETROUTE etc. */
#endif
+#if defined(TARGET_NETBSD)
+#include <net/route.h> /* RT_ROUNDUP(), RT_ADVANCE() */
+#endif
+
#ifdef _WIN32
#include "openvpn-msg.h"
@@ -323,6 +327,10 @@ init_route(struct route_ipv4 *r,
if (get_special_addr(rl, ro->network, (in_addr_t *) &special.s_addr, &status))
{
+ if (!status)
+ {
+ goto fail;
+ }
special.s_addr = htonl(special.s_addr);
ret = openvpn_getaddrinfo(0, inet_ntoa(special), NULL, 0, NULL,
AF_INET, network_list);
@@ -619,7 +627,7 @@ init_route_list(struct route_list *rl,
rl->flags = opt->flags;
- if (remote_host)
+ if (remote_host != IPV4_INVALID_ADDR)
{
rl->spec.remote_host = remote_host;
rl->spec.flags |= RTSA_REMOTE_HOST;
@@ -1979,25 +1987,24 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt,
}
else
{
- struct buffer out = alloc_buf_gc(64, &gc);
+ DWORD adapter_index;
if (r6->adapter_index) /* vpn server special route */
{
- buf_printf(&out, "interface=%lu", r6->adapter_index );
+ adapter_index = r6->adapter_index;
gateway_needed = true;
}
else
{
- buf_printf(&out, "interface=%lu", tt->adapter_index );
+ adapter_index = tt->adapter_index;
}
- device = buf_bptr(&out);
- /* netsh interface ipv6 add route 2001:db8::/32 MyTunDevice */
- argv_printf(&argv, "%s%s interface ipv6 add route %s/%d %s",
+ /* netsh interface ipv6 add route 2001:db8::/32 42 */
+ argv_printf(&argv, "%s%s interface ipv6 add route %s/%d %lu",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
network,
r6->netbits,
- device);
+ adapter_index);
/* next-hop depends on TUN or TAP mode:
* - in TAP mode, we use the "real" next-hop
@@ -2423,25 +2430,24 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt,
}
else
{
- struct buffer out = alloc_buf_gc(64, &gc);
+ DWORD adapter_index;
if (r6->adapter_index) /* vpn server special route */
{
- buf_printf(&out, "interface=%lu", r6->adapter_index );
+ adapter_index = r6->adapter_index;
gateway_needed = true;
}
else
{
- buf_printf(&out, "interface=%lu", tt->adapter_index );
+ adapter_index = tt->adapter_index;
}
- device = buf_bptr(&out);
- /* netsh interface ipv6 delete route 2001:db8::/32 MyTunDevice */
- argv_printf(&argv, "%s%s interface ipv6 delete route %s/%d %s",
+ /* netsh interface ipv6 delete route 2001:db8::/32 42 */
+ argv_printf(&argv, "%s%s interface ipv6 delete route %s/%d %lu",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
network,
r6->netbits,
- device);
+ adapter_index);
/* next-hop depends on TUN or TAP mode:
* - in TAP mode, we use the "real" next-hop
@@ -3408,11 +3414,15 @@ struct rtmsg {
/* the route socket code is identical for all 4 supported BSDs and for
* MacOS X (Darwin), with one crucial difference: when going from
- * 32 bit to 64 bit, the BSDs increased the structure size but kept
+ * 32 bit to 64 bit, FreeBSD/OpenBSD increased the structure size but kept
* source code compatibility by keeping the use of "long", while
* MacOS X decided to keep binary compatibility by *changing* the API
* to use "uint32_t", thus 32 bit on all OS X variants
*
+ * NetBSD does the MacOS way of "fixed number of bits, no matter if
+ * 32 or 64 bit OS", but chose uint64_t. For maximum portability, we
+ * just use the OS RT_ROUNDUP() macro, which is guaranteed to be correct.
+ *
* We used to have a large amount of duplicate code here which really
* differed only in this (long) vs. (uint32_t) - IMHO, worse than
* having a combined block for all BSDs with this single #ifdef inside
@@ -3421,6 +3431,8 @@ struct rtmsg {
#if defined(TARGET_DARWIN)
#define ROUNDUP(a) \
((a) > 0 ? (1 + (((a) - 1) | (sizeof(uint32_t) - 1))) : sizeof(uint32_t))
+#elif defined(TARGET_NETBSD)
+#define ROUNDUP(a) RT_ROUNDUP(a)
#else
#define ROUNDUP(a) \
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
@@ -3729,7 +3741,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6,
}
if (write(sockfd, (char *)&m_rtmsg, l) < 0)
{
- msg(M_WARN, "GDG6: problem writing to routing socket");
+ msg(M_WARN|M_ERRNO, "GDG6: problem writing to routing socket");
goto done;
}
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index c486327..76bdbfc 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -1141,8 +1141,8 @@ create_socket(struct link_socket *sock, struct addrinfo *addr)
#if defined(TARGET_LINUX)
if (sock->bind_dev)
{
- msg (M_INFO, "Using bind-dev %s", sock->bind_dev);
- if (setsockopt (sock->sd, SOL_SOCKET, SO_BINDTODEVICE, sock->bind_dev, strlen (sock->bind_dev) + 1) != 0)
+ msg(M_INFO, "Using bind-dev %s", sock->bind_dev);
+ if (setsockopt(sock->sd, SOL_SOCKET, SO_BINDTODEVICE, sock->bind_dev, strlen(sock->bind_dev) + 1) != 0)
{
msg(M_WARN|M_ERRNO, "WARN: setsockopt SO_BINDTODEVICE=%s failed", sock->bind_dev);
}
@@ -2030,8 +2030,14 @@ phase2_inetd(struct link_socket *sock, const struct frame *frame,
}
else
{
- msg(M_WARN, "inetd(%s): getsockname(%d) failed, using AF_INET",
+ int saved_errno = errno;
+ msg(M_WARN|M_ERRNO, "inetd(%s): getsockname(%d) failed, using AF_INET",
proto2ascii(sock->info.proto, sock->info.af, false), (int)sock->sd);
+ /* if not called with a socket on stdin, --inetd cannot work */
+ if (saved_errno == ENOTSOCK)
+ {
+ msg(M_FATAL, "ERROR: socket required for --inetd operation");
+ }
}
}
#else /* ifdef HAVE_GETSOCKNAME */
@@ -2047,7 +2053,6 @@ phase2_inetd(struct link_socket *sock, const struct frame *frame,
false,
sock->inetd == INETD_NOWAIT,
signal_received);
-
}
ASSERT(!remote_changed);
}
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 57f0cee..36df747 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -312,7 +312,7 @@ recv_socks_reply(socket_descriptor_t sd,
char atyp = '\0';
int alen = 0;
int len = 0;
- char buf[22];
+ char buf[270]; /* 4 + alen(max 256) + 2 */
const int timeout_sec = 5;
if (addr != NULL)
@@ -381,7 +381,10 @@ recv_socks_reply(socket_descriptor_t sd,
break;
case '\x03': /* DOMAINNAME */
- alen = (unsigned char) c;
+ /* RFC 1928, section 5: 1 byte length, <n> bytes name,
+ * so the total "address length" is (length+1)
+ */
+ alen = (unsigned char) c + 1;
break;
case '\x04': /* IP V6 */
@@ -451,7 +454,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p,
const char *servname, /* openvpn server port */
volatile int *signal_received)
{
- char buf[128];
+ char buf[270];
size_t len;
if (!socks_handshake(p, sd, signal_received))
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 923131a..9eeaed0 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -68,7 +68,7 @@ const static GUID GUID_DEVINTERFACE_NET = { 0xcac88484, 0x7515, 0x4c03, { 0x82,
#define NI_OPTIONS (1<<2)
static void netsh_ifconfig(const struct tuntap_options *to,
- const char *flex_name,
+ DWORD adapter_index,
const in_addr_t ip,
const in_addr_t netmask,
const unsigned int flags);
@@ -79,7 +79,7 @@ static void windows_set_mtu(const int iface_index,
static void netsh_set_dns6_servers(const struct in6_addr *addr_list,
const int addr_len,
- const char *flex_name);
+ DWORD adapter_index);
static void netsh_command(const struct argv *a, int n, int msglevel);
@@ -115,11 +115,17 @@ do_address_service(const bool add, const short family, const struct tuntap *tt)
{
addr.address.ipv4.s_addr = htonl(tt->local);
addr.prefix_len = netmask_to_netbits2(tt->adapter_netmask);
+ msg(D_IFCONFIG, "INET address service: %s %s/%d",
+ add ? "add" : "remove",
+ print_in_addr_t(tt->local, 0, &gc), addr.prefix_len);
}
else
{
addr.address.ipv6 = tt->local_ipv6;
- addr.prefix_len = tt->netbits_ipv6;
+ addr.prefix_len = (tt->type == DEV_TYPE_TUN) ? 128 : tt->netbits_ipv6;
+ msg(D_IFCONFIG, "INET6 address service: %s %s/%d",
+ add ? "add" : "remove",
+ print_in6_addr(tt->local_ipv6, 0, &gc), addr.prefix_len);
}
if (!send_msg_iservice(pipe, &addr, sizeof(addr), &ack, "TUN"))
@@ -143,6 +149,61 @@ out:
}
static bool
+do_dns_domain_service(bool add, const struct tuntap *tt)
+{
+ bool ret = false;
+ ack_message_t ack;
+ struct gc_arena gc = gc_new();
+ HANDLE pipe = tt->options.msg_channel;
+
+ if (!tt->options.domain) /* no domain to add or delete */
+ {
+ return true;
+ }
+
+ /* Use dns_cfg_msg with addr_len = 0 for setting only the DOMAIN */
+ dns_cfg_message_t dns = {
+ .header = {
+ (add ? msg_add_dns_cfg : msg_del_dns_cfg),
+ sizeof(dns_cfg_message_t),
+ 0
+ },
+ .iface = { .index = tt->adapter_index, .name = "" },
+ .domains = "", /* set below */
+ .family = AF_INET, /* unused */
+ .addr_len = 0 /* add/delete only the domain, not DNS servers */
+ };
+
+ strncpynt(dns.iface.name, tt->actual_name, sizeof(dns.iface.name));
+ strncpynt(dns.domains, tt->options.domain, sizeof(dns.domains));
+ /* truncation of domain name is not checked as it can't happen
+ * with 512 bytes room in dns.domains.
+ */
+
+ msg(D_LOW, "%s dns domain on '%s' (if_index = %d) using service",
+ (add ? "Setting" : "Deleting"), dns.iface.name, dns.iface.index);
+ if (!send_msg_iservice(pipe, &dns, sizeof(dns), &ack, "TUN"))
+ {
+ goto out;
+ }
+
+ if (ack.error_number != NO_ERROR)
+ {
+ msg(M_WARN, "TUN: %s dns domain failed using service: %s [status=%u if_name=%s]",
+ (add ? "adding" : "deleting"), strerror_win32(ack.error_number, &gc),
+ ack.error_number, dns.iface.name);
+ goto out;
+ }
+
+ msg(M_INFO, "DNS domain %s using service", (add ? "set" : "deleted"));
+ ret = true;
+
+out:
+ gc_free(&gc);
+ return ret;
+}
+
+static bool
do_dns_service(bool add, const short family, const struct tuntap *tt)
{
bool ret = false;
@@ -158,6 +219,7 @@ do_dns_service(bool add, const short family, const struct tuntap *tt)
return true;
}
+ /* Use dns_cfg_msg with domain = "" for setting only the DNS servers */
dns_cfg_message_t dns = {
.header = {
(add ? msg_add_dns_cfg : msg_del_dns_cfg),
@@ -1088,26 +1150,40 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu,
else if (tt->options.msg_channel)
{
do_address_service(true, AF_INET6, tt);
- add_route_connected_v6_net(tt, es);
+ if (tt->type == DEV_TYPE_TUN)
+ {
+ add_route_connected_v6_net(tt, es);
+ }
do_dns_service(true, AF_INET6, tt);
do_set_mtu_service(tt, AF_INET6, tun_mtu);
+ /* If IPv4 is not enabled, set DNS domain here */
+ if (!tt->did_ifconfig_setup)
+ {
+ do_dns_domain_service(true, tt);
+ }
}
else
{
- /* example: netsh interface ipv6 set address interface=42
- * 2001:608:8003::d store=active
+ /* example: netsh interface ipv6 set address 42
+ * 2001:608:8003::d/bits store=active
+ */
+
+ /* in TUN mode, we only simulate a subnet, so the interface
+ * is configured with /128 + a route to fe80::8. In TAP mode,
+ * the correct netbits must be set, and no on-link route
*/
- char iface[64];
+ int netbits = (tt->type == DEV_TYPE_TUN) ? 128 : tt->netbits_ipv6;
- openvpn_snprintf(iface, sizeof(iface), "interface=%lu",
- tt->adapter_index);
- argv_printf(&argv, "%s%s interface ipv6 set address %s %s store=active",
- get_win_sys_path(), NETSH_PATH_SUFFIX, iface,
- ifconfig_ipv6_local);
+ argv_printf(&argv, "%s%s interface ipv6 set address %lu %s/%d store=active",
+ get_win_sys_path(), NETSH_PATH_SUFFIX, tt->adapter_index,
+ ifconfig_ipv6_local, netbits);
netsh_command(&argv, 4, M_FATAL);
- add_route_connected_v6_net(tt, es);
+ if (tt->type == DEV_TYPE_TUN)
+ {
+ add_route_connected_v6_net(tt, es);
+ }
/* set ipv6 dns servers if any are specified */
- netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, ifname);
+ netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, tt->adapter_index);
windows_set_mtu(tt->adapter_index, AF_INET6, tun_mtu);
}
#else /* platforms we have no IPv6 code for */
@@ -1224,7 +1300,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
argv_printf(&argv, "%s %s netmask 255.255.255.255", IFCONFIG_PATH,
ifname);
}
- else if (tt->topology == TOP_SUBNET)
+ else if (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
argv_printf(&argv, "%s %s %s %s netmask %s mtu %d up", IFCONFIG_PATH,
ifname, ifconfig_local, ifconfig_local,
@@ -1243,7 +1319,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
solaris_error_close(tt, es, ifname, false);
}
- if (!tun && tt->topology == TOP_SUBNET)
+ if (!tun && tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
/* Add a network route for the local tun interface */
struct route_ipv4 r;
@@ -1274,7 +1350,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
IFCONFIG_PATH, ifname, ifconfig_local,
ifconfig_remote_netmask, tun_mtu);
}
- else if (tt->topology == TOP_SUBNET)
+ else if (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
remote_end = create_arbitrary_remote( tt );
argv_printf(&argv, "%s %s %s %s mtu %d netmask %s up -link0",
@@ -1292,7 +1368,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
openvpn_execve_check(&argv, es, S_FATAL, "OpenBSD ifconfig failed");
/* Add a network route for the local tun interface */
- if (!tun && tt->topology == TOP_SUBNET)
+ if (!tun && tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
struct route_ipv4 r;
CLEAR(r);
@@ -1312,7 +1388,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
IFCONFIG_PATH, ifname, ifconfig_local,
ifconfig_remote_netmask, tun_mtu);
}
- else if (tt->topology == TOP_SUBNET)
+ else if (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
remote_end = create_arbitrary_remote(tt);
argv_printf(&argv, "%s %s %s %s mtu %d netmask %s up", IFCONFIG_PATH,
@@ -1334,7 +1410,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
openvpn_execve_check(&argv, es, S_FATAL, "NetBSD ifconfig failed");
/* Add a network route for the local tun interface */
- if (!tun && tt->topology == TOP_SUBNET)
+ if (!tun && tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
struct route_ipv4 r;
CLEAR(r);
@@ -1366,7 +1442,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
}
else
{
- if (tt->topology == TOP_SUBNET)
+ if (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
argv_printf(&argv, "%s %s %s %s netmask %s mtu %d up",
IFCONFIG_PATH, ifname, ifconfig_local, ifconfig_local,
@@ -1384,7 +1460,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
openvpn_execve_check(&argv, es, S_FATAL, "Mac OS X ifconfig failed");
/* Add a network route for the local tun interface */
- if (!tun && tt->topology == TOP_SUBNET)
+ if (!tun && tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
struct route_ipv4 r;
CLEAR(r);
@@ -1406,7 +1482,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
IFCONFIG_PATH, ifname, ifconfig_local,
ifconfig_remote_netmask, tun_mtu);
}
- else if (tt->topology == TOP_SUBNET)
+ else if (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
remote_end = create_arbitrary_remote( tt );
argv_printf(&argv, "%s %s %s %s mtu %d netmask %s up", IFCONFIG_PATH,
@@ -1423,7 +1499,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
openvpn_execve_check(&argv, es, S_FATAL, "FreeBSD ifconfig failed");
/* Add a network route for the local tun interface */
- if (!tun && tt->topology == TOP_SUBNET)
+ if (!tun && tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
{
struct route_ipv4 r;
CLEAR(r);
@@ -1455,8 +1531,6 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
env_set_destroy(aix_es);
}
#elif defined (_WIN32)
- ASSERT(ifname != NULL);
-
if (tt->options.ip_win32_type == IPW32_SET_MANUAL)
{
msg(M_INFO,
@@ -1472,10 +1546,11 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
{
do_address_service(true, AF_INET, tt);
do_dns_service(true, AF_INET, tt);
+ do_dns_domain_service(true, tt);
}
else if (tt->options.ip_win32_type == IPW32_SET_NETSH)
{
- netsh_ifconfig(&tt->options, ifname, tt->local,
+ netsh_ifconfig(&tt->options, tt->adapter_index, tt->local,
tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS);
}
if (tt->options.msg_channel)
@@ -1993,6 +2068,11 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
#ifdef ENABLE_FEATURE_TUN_PERSIST
+/* TUNSETGROUP appeared in 2.6.23 */
+#ifndef TUNSETGROUP
+# define TUNSETGROUP _IOW('T', 206, int)
+#endif
+
void
tuncfg(const char *dev, const char *dev_type, const char *dev_node,
int persist_mode, const char *username, const char *groupname,
@@ -2032,7 +2112,7 @@ tuncfg(const char *dev, const char *dev_type, const char *dev_node,
}
else if (ioctl(tt->fd, TUNSETGROUP, platform_state_group.gr->gr_gid) < 0)
{
- msg(M_ERR, "Cannot ioctl TUNSETOWNER(%s) %s", groupname, dev);
+ msg(M_ERR, "Cannot ioctl TUNSETGROUP(%s) %s", groupname, dev);
}
}
close_tun(tt, ctx);
@@ -5263,23 +5343,29 @@ ip_addr_member_of(const in_addr_t addr, const IP_ADDR_STRING *ias)
* Set the ipv6 dns servers on the specified interface.
* The list of dns servers currently set on the interface
* are cleared first.
- * No action is taken if number of addresses (addr_len) < 1.
*/
static void
netsh_set_dns6_servers(const struct in6_addr *addr_list,
const int addr_len,
- const char *flex_name)
+ DWORD adapter_index)
{
struct gc_arena gc = gc_new();
struct argv argv = argv_new();
+ /* delete existing DNS settings from TAP interface */
+ argv_printf(&argv, "%s%s interface ipv6 delete dns %lu all",
+ get_win_sys_path(),
+ NETSH_PATH_SUFFIX,
+ adapter_index);
+ netsh_command(&argv, 2, M_FATAL);
+
for (int i = 0; i < addr_len; ++i)
{
const char *fmt = (i == 0) ?
- "%s%s interface ipv6 set dns %s static %s"
- : "%s%s interface ipv6 add dns %s %s";
+ "%s%s interface ipv6 set dns %lu static %s"
+ : "%s%s interface ipv6 add dns %lu %s";
argv_printf(&argv, fmt, get_win_sys_path(),
- NETSH_PATH_SUFFIX, flex_name,
+ NETSH_PATH_SUFFIX, adapter_index,
print_in6_addr(addr_list[i], 0, &gc));
/* disable slow address validation on Windows 7 and higher */
@@ -5301,7 +5387,7 @@ netsh_ifconfig_options(const char *type,
const in_addr_t *addr_list,
const int addr_len,
const IP_ADDR_STRING *current,
- const char *flex_name,
+ DWORD adapter_index,
const bool test_first)
{
struct gc_arena gc = gc_new();
@@ -5325,11 +5411,11 @@ netsh_ifconfig_options(const char *type,
/* delete existing DNS/WINS settings from TAP interface */
if (delete_first)
{
- argv_printf(&argv, "%s%s interface ip delete %s %s all",
+ argv_printf(&argv, "%s%s interface ip delete %s %lu all",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
type,
- flex_name);
+ adapter_index);
netsh_command(&argv, 2, M_FATAL);
}
@@ -5342,14 +5428,14 @@ netsh_ifconfig_options(const char *type,
if (delete_first || !test_first || !ip_addr_member_of(addr_list[i], current))
{
const char *fmt = count ?
- "%s%s interface ip add %s %s %s"
- : "%s%s interface ip set %s %s static %s";
+ "%s%s interface ip add %s %lu %s"
+ : "%s%s interface ip set %s %lu static %s";
argv_printf(&argv, fmt,
get_win_sys_path(),
NETSH_PATH_SUFFIX,
type,
- flex_name,
+ adapter_index,
print_in_addr_t(addr_list[i], 0, &gc));
/* disable slow address validation on Windows 7 and higher */
@@ -5365,8 +5451,8 @@ netsh_ifconfig_options(const char *type,
}
else
{
- msg(M_INFO, "NETSH: \"%s\" %s %s [already set]",
- flex_name,
+ msg(M_INFO, "NETSH: %lu %s %s [already set]",
+ adapter_index,
type,
print_in_addr_t(addr_list[i], 0, &gc));
}
@@ -5397,7 +5483,7 @@ init_ip_addr_string2(IP_ADDR_STRING *dest, const IP_ADDR_STRING *src1, const IP_
static void
netsh_ifconfig(const struct tuntap_options *to,
- const char *flex_name,
+ DWORD adapter_index,
const in_addr_t ip,
const in_addr_t netmask,
const unsigned int flags)
@@ -5410,27 +5496,26 @@ netsh_ifconfig(const struct tuntap_options *to,
if (flags & NI_TEST_FIRST)
{
const IP_ADAPTER_INFO *list = get_adapter_info_list(&gc);
- const int index = get_adapter_index_flexible(flex_name);
- ai = get_adapter(list, index);
- pai = get_per_adapter_info(index, &gc);
+ ai = get_adapter(list, adapter_index);
+ pai = get_per_adapter_info(adapter_index, &gc);
}
if (flags & NI_IP_NETMASK)
{
if (test_adapter_ip_netmask(ai, ip, netmask))
{
- msg(M_INFO, "NETSH: \"%s\" %s/%s [already set]",
- flex_name,
+ msg(M_INFO, "NETSH: %lu %s/%s [already set]",
+ adapter_index,
print_in_addr_t(ip, 0, &gc),
print_in_addr_t(netmask, 0, &gc));
}
else
{
- /* example: netsh interface ip set address my-tap static 10.3.0.1 255.255.255.0 */
- argv_printf(&argv, "%s%s interface ip set address %s static %s %s",
+ /* example: netsh interface ip set address 42 static 10.3.0.1 255.255.255.0 */
+ argv_printf(&argv, "%s%s interface ip set address %lu static %s %s",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
- flex_name,
+ adapter_index,
print_in_addr_t(ip, 0, &gc),
print_in_addr_t(netmask, 0, &gc));
@@ -5449,7 +5534,7 @@ netsh_ifconfig(const struct tuntap_options *to,
to->dns,
to->dns_len,
pai ? &pai->DnsServerList : NULL,
- flex_name,
+ adapter_index,
BOOL_CAST(flags & NI_TEST_FIRST));
if (ai && ai->HaveWins)
{
@@ -5460,7 +5545,7 @@ netsh_ifconfig(const struct tuntap_options *to,
to->wins,
to->wins_len,
ai ? wins : NULL,
- flex_name,
+ adapter_index,
BOOL_CAST(flags & NI_TEST_FIRST));
}
@@ -5469,16 +5554,16 @@ netsh_ifconfig(const struct tuntap_options *to,
}
static void
-netsh_enable_dhcp(const char *actual_name)
+netsh_enable_dhcp(DWORD adapter_index)
{
struct argv argv = argv_new();
- /* example: netsh interface ip set address my-tap dhcp */
+ /* example: netsh interface ip set address 42 dhcp */
argv_printf(&argv,
- "%s%s interface ip set address %s dhcp",
+ "%s%s interface ip set address %lu dhcp",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
- actual_name);
+ adapter_index);
netsh_command(&argv, 4, M_FATAL);
@@ -5624,7 +5709,7 @@ tun_standby(struct tuntap *tt)
{
msg(M_INFO, "NOTE: now trying netsh (this may take some time)");
netsh_ifconfig(&tt->options,
- tt->actual_name,
+ tt->adapter_index,
tt->local,
tt->adapter_netmask,
NI_TEST_FIRST|NI_IP_NETMASK|NI_OPTIONS);
@@ -6529,7 +6614,7 @@ tuntap_set_ip_props(const struct tuntap *tt, bool *dhcp_masq, bool *dhcp_masq_po
}
else
{
- netsh_enable_dhcp(tt->actual_name);
+ netsh_enable_dhcp(tt->adapter_index);
}
}
*dhcp_masq = true;
@@ -6543,7 +6628,7 @@ tuntap_set_ip_props(const struct tuntap *tt, bool *dhcp_masq, bool *dhcp_masq_po
if (dhcp_status(tt->adapter_index) != DHCP_STATUS_ENABLED)
{
netsh_ifconfig(&tt->options,
- tt->actual_name,
+ tt->adapter_index,
tt->local,
tt->adapter_netmask,
NI_TEST_FIRST | NI_IP_NETMASK | NI_OPTIONS);
@@ -6675,15 +6760,25 @@ netsh_delete_address_dns(const struct tuntap *tt, bool ipv6, struct gc_arena *gc
if (len > 0)
{
argv_printf(&argv,
- "%s%s interface %s delete dns %s all",
+ "%s%s interface %s delete dns %lu all",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
ipv6 ? "ipv6" : "ipv4",
- tt->actual_name);
+ tt->adapter_index);
netsh_command(&argv, 1, M_WARN);
}
- if (ipv6)
+ if (!ipv6 && tt->options.wins_len > 0)
+ {
+ argv_printf(&argv,
+ "%s%s interface ipv4 delete winsservers %lu all",
+ get_win_sys_path(),
+ NETSH_PATH_SUFFIX,
+ tt->adapter_index);
+ netsh_command(&argv, 1, M_WARN);
+ }
+
+ if (ipv6 && tt->type == DEV_TYPE_TUN)
{
delete_route_connected_v6_net(tt);
}
@@ -6692,7 +6787,7 @@ netsh_delete_address_dns(const struct tuntap *tt, bool ipv6, struct gc_arena *gc
* address we added (pointed out by Cedric Tabary).
*/
- /* netsh interface ipvX delete address \"%s\" %s */
+ /* netsh interface ipvX delete address %lu %s */
if (ipv6)
{
ifconfig_ip_local = print_in6_addr(tt->local_ipv6, 0, gc);
@@ -6702,11 +6797,11 @@ netsh_delete_address_dns(const struct tuntap *tt, bool ipv6, struct gc_arena *gc
ifconfig_ip_local = print_in_addr_t(tt->local, 0, gc);
}
argv_printf(&argv,
- "%s%s interface %s delete address %s %s store=active",
+ "%s%s interface %s delete address %lu %s store=active",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
ipv6 ? "ipv6" : "ipv4",
- tt->actual_name,
+ tt->adapter_index,
ifconfig_ip_local);
netsh_command(&argv, 1, M_WARN);
@@ -6728,6 +6823,11 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx)
}
else if (tt->options.msg_channel)
{
+ /* If IPv4 is not enabled, delete DNS domain here */
+ if (!tt->did_ifconfig_setup)
+ {
+ do_dns_domain_service(false, tt);
+ }
if (tt->options.dns6_len > 0)
{
do_dns_service(false, AF_INET6, tt);
@@ -6753,6 +6853,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx)
}
else if (tt->options.msg_channel)
{
+ do_dns_domain_service(false, tt);
do_dns_service(false, AF_INET, tt);
do_address_service(false, AF_INET, tt);
}
diff --git a/src/openvpnmsica/dllmain.c b/src/openvpnmsica/dllmain.c
index 201fd9a..34946ed 100644
--- a/src/openvpnmsica/dllmain.c
+++ b/src/openvpnmsica/dllmain.c
@@ -193,6 +193,6 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist)
}
}
- MsiProcessMessage(s->hInstall, INSTALLMESSAGE_ERROR, hRecordProg);
+ MsiProcessMessage(s->hInstall, (flags & M_WARN) ? INSTALLMESSAGE_INFO : INSTALLMESSAGE_ERROR, hRecordProg);
MsiCloseHandle(hRecordProg);
}
diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 31e90bd..de1cf65 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -248,7 +248,7 @@ cleanup_OpenSCManager:
}
-static UINT
+static void
find_adapters(
_In_ MSIHANDLE hInstall,
_In_z_ LPCTSTR szzHardwareIDs,
@@ -262,12 +262,12 @@ find_adapters(
uiResult = tap_list_adapters(NULL, szzHardwareIDs, &pAdapterList);
if (uiResult != ERROR_SUCCESS)
{
- return uiResult;
+ return;
}
else if (pAdapterList == NULL)
{
/* No adapters - no fun. */
- return ERROR_SUCCESS;
+ return;
}
/* Get IPv4/v6 info for all network adapters. Actually, we're interested in link status only: up/down? */
@@ -394,7 +394,6 @@ cleanup_pAdapterAdresses:
free(pAdapterAdresses);
cleanup_pAdapterList:
tap_free_adapter_list(pAdapterList);
- return uiResult;
}
@@ -1096,12 +1095,9 @@ ProcessDeferredAction(_In_ MSIHANDLE hInstall)
dwResult = tap_create_adapter(NULL, NULL, szHardwareId, &bRebootRequired, &guidAdapter);
if (dwResult == ERROR_SUCCESS)
{
- /* Set adapter name. */
- dwResult = tap_set_adapter_name(&guidAdapter, szName);
- if (dwResult != ERROR_SUCCESS)
- {
- tap_delete_adapter(NULL, &guidAdapter, &bRebootRequired);
- }
+ /* Set adapter name. May fail on some machines, but that is not critical - use silent
+ flag to mute messagebox and print error only to log */
+ tap_set_adapter_name(&guidAdapter, szName, TRUE);
}
}
else if (wcsncmp(szArg[i], L"deleteN=", 8) == 0)
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index 207cc4a..65bb106 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -91,6 +91,7 @@ typedef enum {
block_dns,
undo_dns4,
undo_dns6,
+ undo_domain,
_undo_type_max
} undo_type_t;
typedef list_item_t *undo_lists_t[_undo_type_max];
@@ -564,6 +565,24 @@ InterfaceLuid(const char *iface_name, PNET_LUID luid)
return status;
}
+static DWORD
+ConvertInterfaceNameToIndex(const wchar_t *ifname, NET_IFINDEX *index)
+{
+ NET_LUID luid;
+ DWORD err;
+
+ err = ConvertInterfaceAliasToLuid(ifname, &luid);
+ if (err == ERROR_SUCCESS)
+ {
+ err = ConvertInterfaceLuidToIndex(&luid, index);
+ }
+ if (err != ERROR_SUCCESS)
+ {
+ MsgToEventLog(M_ERR, L"Failed to find interface index for <%s>", ifname);
+ }
+ return err;
+}
+
static BOOL
CmpAddress(LPVOID item, LPVOID address)
{
@@ -1057,6 +1076,53 @@ out:
return err;
}
+/**
+ * Run command: wmic nicconfig (InterfaceIndex=$if_index) call $action ($data)
+ * @param if_index "index of interface"
+ * @param action e.g., "SetDNSDomain"
+ * @param data data if required for action
+ * - a single word for SetDNSDomain, empty or NULL to delete
+ * - comma separated values for a list
+ */
+static DWORD
+wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index,
+ const wchar_t *data)
+{
+ DWORD err = 0;
+ wchar_t argv0[MAX_PATH];
+ wchar_t *cmdline = NULL;
+ int timeout = 10000; /* in msec */
+
+ swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"wbem\\wmic.exe");
+ argv0[_countof(argv0) - 1] = L'\0';
+
+ const wchar_t *fmt;
+ /* comma separated list must be enclosed in parenthesis */
+ if (data && wcschr(data, L','))
+ {
+ fmt = L"wmic nicconfig where (InterfaceIndex=%ld) call %s (%s)";
+ }
+ else
+ {
+ fmt = L"wmic nicconfig where (InterfaceIndex=%ld) call %s %s";
+ }
+
+ size_t ncmdline = wcslen(fmt) + 20 + wcslen(action) /* max 20 for ifindex */
+ + (data ? wcslen(data) + 1 : 1);
+ cmdline = malloc(ncmdline*sizeof(wchar_t));
+ if (!cmdline)
+ {
+ return ERROR_OUTOFMEMORY;
+ }
+
+ openvpn_sntprintf(cmdline, ncmdline, fmt, if_index, action,
+ data? data : L"");
+ err = ExecCommand(argv0, cmdline, timeout);
+
+ free(cmdline);
+ return err;
+}
+
/* Delete all IPv4 or IPv6 dns servers for an interface */
static DWORD
DeleteDNS(short family, wchar_t *if_name)
@@ -1079,6 +1145,54 @@ CmpWString(LPVOID item, LPVOID str)
return (wcscmp(item, str) == 0) ? TRUE : FALSE;
}
+/**
+ * Set interface specific DNS domain suffix
+ * @param if_name name of the the interface
+ * @param domain a single domain name
+ * @param lists pointer to the undo lists. If NULL
+ * undo lists are not altered.
+ * Will delete the currently set value if domain is empty.
+ */
+static DWORD
+SetDNSDomain(const wchar_t *if_name, const char *domain, undo_lists_t *lists)
+{
+ NET_IFINDEX if_index;
+
+ DWORD err = ConvertInterfaceNameToIndex(if_name, &if_index);
+ if (err != ERROR_SUCCESS)
+ {
+ return err;
+ }
+
+ wchar_t *wdomain = utf8to16(domain); /* utf8 to wide-char */
+ if (!wdomain)
+ {
+ return ERROR_OUTOFMEMORY;
+ }
+
+ /* free undo list if previously set */
+ if (lists)
+ {
+ free(RemoveListItem(&(*lists)[undo_domain], CmpWString, (void *)if_name));
+ }
+
+ err = wmic_nicconfig_cmd(L"SetDNSDomain", if_index, wdomain);
+
+ /* Add to undo list if domain is non-empty */
+ if (err == 0 && wdomain[0] && lists)
+ {
+ wchar_t *tmp_name = wcsdup(if_name);
+ if (!tmp_name || AddListItem(&(*lists)[undo_domain], tmp_name))
+ {
+ free(tmp_name);
+ err = ERROR_OUTOFMEMORY;
+ }
+ }
+
+ free(wdomain);
+ return err;
+}
+
static DWORD
HandleDNSConfigMessage(const dns_cfg_message_t *msg, undo_lists_t *lists)
{
@@ -1098,6 +1212,13 @@ HandleDNSConfigMessage(const dns_cfg_message_t *msg, undo_lists_t *lists)
return ERROR_MESSAGE_DATA;
}
+ /* use a non-const reference with limited scope to enforce null-termination of strings from client */
+ {
+ dns_cfg_message_t *msgptr = (dns_cfg_message_t *) msg;
+ msgptr->iface.name[_countof(msg->iface.name)-1] = '\0';
+ msgptr->domains[_countof(msg->domains)-1] = '\0';
+ }
+
wchar_t *wide_name = utf8to16(msg->iface.name); /* utf8 to wide-char */
if (!wide_name)
{
@@ -1117,9 +1238,14 @@ HandleDNSConfigMessage(const dns_cfg_message_t *msg, undo_lists_t *lists)
free(RemoveListItem(&(*lists)[undo_type], CmpWString, wide_name));
}
- if (msg->header.type == msg_del_dns_cfg) /* job done */
+ if (msg->header.type == msg_del_dns_cfg)
{
- goto out;
+ if (msg->domains[0])
+ {
+ /* setting an empty domain removes any previous value */
+ err = SetDNSDomain(wide_name, "", lists);
+ }
+ goto out; /* job done */
}
for (int i = 0; i < addr_len; ++i)
@@ -1142,6 +1268,8 @@ HandleDNSConfigMessage(const dns_cfg_message_t *msg, undo_lists_t *lists)
*/
}
+ err = 0;
+
if (msg->addr_len > 0)
{
wchar_t *tmp_name = wcsdup(wide_name);
@@ -1154,7 +1282,10 @@ HandleDNSConfigMessage(const dns_cfg_message_t *msg, undo_lists_t *lists)
}
}
- err = 0;
+ if (msg->domains[0])
+ {
+ err = SetDNSDomain(wide_name, msg->domains, lists);
+ }
out:
free(wide_name);
@@ -1445,6 +1576,10 @@ Undo(undo_lists_t *lists)
DeleteDNS(AF_INET6, item->data);
break;
+ case undo_domain:
+ SetDNSDomain(item->data, "", NULL);
+ break;
+
case block_dns:
interface_data = (block_dns_data_t *)(item->data);
delete_block_dns_filters(interface_data->engine);
diff --git a/src/tapctl/main.c b/src/tapctl/main.c
index 31bb2ec..d5bc729 100644
--- a/src/tapctl/main.c
+++ b/src/tapctl/main.c
@@ -237,7 +237,7 @@ _tmain(int argc, LPCTSTR argv[])
}
/* Rename the adapter. */
- dwResult = tap_set_adapter_name(&guidAdapter, szName);
+ dwResult = tap_set_adapter_name(&guidAdapter, szName, FALSE);
if (dwResult != ERROR_SUCCESS)
{
StringFromIID((REFIID)&guidAdapter, &szAdapterId);
diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index 7cb3ded..dd4a10a 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -33,18 +33,69 @@
#include <setupapi.h>
#include <stdio.h>
#include <tchar.h>
+#include <newdev.h>
#ifdef _MSC_VER
#pragma comment(lib, "advapi32.lib")
#pragma comment(lib, "ole32.lib")
#pragma comment(lib, "setupapi.lib")
+#pragma comment(lib, "newdev.lib")
#endif
+
const static GUID GUID_DEVCLASS_NET = { 0x4d36e972L, 0xe325, 0x11ce, { 0xbf, 0xc1, 0x08, 0x00, 0x2b, 0xe1, 0x03, 0x18 } };
const static TCHAR szAdapterRegKeyPathTemplate[] = TEXT("SYSTEM\\CurrentControlSet\\Control\\Network\\%") TEXT(PRIsLPOLESTR) TEXT("\\%") TEXT(PRIsLPOLESTR) TEXT("\\Connection");
#define ADAPTER_REGKEY_PATH_MAX (_countof(TEXT("SYSTEM\\CurrentControlSet\\Control\\Network\\")) - 1 + 38 + _countof(TEXT("\\")) - 1 + 38 + _countof(TEXT("\\Connection")))
+/**
+ * Dynamically load a library and find a function in it
+ *
+ * @param libname Name of the library to load
+ * @param funcname Name of the function to find
+ * @param m Pointer to a module. On return this is set to the
+ * the handle to the loaded library. The caller must
+ * free it by calling FreeLibrary() if not NULL.
+ *
+ * @return Pointer to the function
+ * NULL on error -- use GetLastError() to find the error code.
+ *
+ **/
+static void *
+find_function(const WCHAR *libname, const char *funcname, HMODULE *m)
+{
+ WCHAR libpath[MAX_PATH];
+ void *fptr = NULL;
+
+ /* Make sure the dll is loaded from the system32 folder */
+ if (!GetSystemDirectoryW(libpath, _countof(libpath)))
+ {
+ return NULL;
+ }
+
+ size_t len = _countof(libpath) - wcslen(libpath) - 1;
+ if (len < wcslen(libname) + 1)
+ {
+ SetLastError(ERROR_INSUFFICIENT_BUFFER);
+ return NULL;
+ }
+ wcsncat(libpath, L"\\", len);
+ wcsncat(libpath, libname, len-1);
+
+ *m = LoadLibraryW(libpath);
+ if (*m == NULL)
+ {
+ return NULL;
+ }
+ fptr = GetProcAddress(*m, funcname);
+ if (!fptr)
+ {
+ FreeLibrary(*m);
+ *m = NULL;
+ return NULL;
+ }
+ return fptr;
+}
/**
* Returns length of string of strings
@@ -678,6 +729,7 @@ tap_create_adapter(
_Out_ LPGUID pguidAdapter)
{
DWORD dwResult;
+ HMODULE libnewdev = NULL;
if (szHwId == NULL
|| pbRebootRequired == NULL
@@ -746,129 +798,7 @@ tap_create_adapter(
goto cleanup_hDevInfoList;
}
- /* Search for the driver. */
- if (!SetupDiBuildDriverInfoList(
- hDevInfoList,
- &devinfo_data,
- SPDIT_CLASSDRIVER))
- {
- dwResult = GetLastError();
- msg(M_NONFATAL, "%s: SetupDiBuildDriverInfoList failed", __FUNCTION__);
- goto cleanup_hDevInfoList;
- }
- DWORDLONG dwlDriverVersion = 0;
- DWORD drvinfo_detail_data_size = sizeof(SP_DRVINFO_DETAIL_DATA) + 0x100;
- SP_DRVINFO_DETAIL_DATA *drvinfo_detail_data = (SP_DRVINFO_DETAIL_DATA *)malloc(drvinfo_detail_data_size);
- if (drvinfo_detail_data == NULL)
- {
- msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, drvinfo_detail_data_size);
- dwResult = ERROR_OUTOFMEMORY; goto cleanup_DriverInfoList;
- }
-
- for (DWORD dwIndex = 0;; dwIndex++)
- {
- /* Get a driver from the list. */
- SP_DRVINFO_DATA drvinfo_data = { .cbSize = sizeof(SP_DRVINFO_DATA) };
- if (!SetupDiEnumDriverInfo(
- hDevInfoList,
- &devinfo_data,
- SPDIT_CLASSDRIVER,
- dwIndex,
- &drvinfo_data))
- {
- if (GetLastError() == ERROR_NO_MORE_ITEMS)
- {
- break;
- }
- else
- {
- /* Something is wrong with this driver. Skip it. */
- msg(M_WARN | M_ERRNO, "%s: SetupDiEnumDriverInfo(%u) failed", __FUNCTION__, dwIndex);
- continue;
- }
- }
-
- /* Get driver info details. */
- DWORD dwSize;
- drvinfo_detail_data->cbSize = sizeof(SP_DRVINFO_DETAIL_DATA);
- if (!SetupDiGetDriverInfoDetail(
- hDevInfoList,
- &devinfo_data,
- &drvinfo_data,
- drvinfo_detail_data,
- drvinfo_detail_data_size,
- &dwSize))
- {
- if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
- {
- /* (Re)allocate buffer. */
- if (drvinfo_detail_data)
- {
- free(drvinfo_detail_data);
- }
-
- drvinfo_detail_data_size = dwSize;
- drvinfo_detail_data = (SP_DRVINFO_DETAIL_DATA *)malloc(drvinfo_detail_data_size);
- if (drvinfo_detail_data == NULL)
- {
- msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, drvinfo_detail_data_size);
- dwResult = ERROR_OUTOFMEMORY; goto cleanup_DriverInfoList;
- }
-
- /* Re-get driver info details. */
- drvinfo_detail_data->cbSize = sizeof(SP_DRVINFO_DETAIL_DATA);
- if (!SetupDiGetDriverInfoDetail(
- hDevInfoList,
- &devinfo_data,
- &drvinfo_data,
- drvinfo_detail_data,
- drvinfo_detail_data_size,
- &dwSize))
- {
- /* Something is wrong with this driver. Skip it. */
- continue;
- }
- }
- else
- {
- /* Something is wrong with this driver. Skip it. */
- msg(M_WARN | M_ERRNO, "%s: SetupDiGetDriverInfoDetail(\"%hs\") failed", __FUNCTION__, drvinfo_data.Description);
- continue;
- }
- }
-
- /* Check the driver version and hardware ID. */
- if (dwlDriverVersion < drvinfo_data.DriverVersion
- && drvinfo_detail_data->HardwareID
- && _tcszistr(drvinfo_detail_data->HardwareID, szHwId))
- {
- /* Newer version and matching hardware ID found. Select the driver. */
- if (!SetupDiSetSelectedDriver(
- hDevInfoList,
- &devinfo_data,
- &drvinfo_data))
- {
- /* Something is wrong with this driver. Skip it. */
- msg(M_WARN | M_ERRNO, "%s: SetupDiSetSelectedDriver(\"%hs\") failed", __FUNCTION__, drvinfo_data.Description);
- continue;
- }
-
- dwlDriverVersion = drvinfo_data.DriverVersion;
- }
- }
- if (drvinfo_detail_data)
- {
- free(drvinfo_detail_data);
- }
-
- if (dwlDriverVersion == 0)
- {
- dwResult = ERROR_NOT_FOUND;
- msg(M_NONFATAL, "%s: No driver for device \"%" PRIsLPTSTR "\" installed.", __FUNCTION__, szHwId);
- goto cleanup_DriverInfoList;
- }
-
- /* Call appropriate class installer. */
+ /* Register the device instance with the PnP Manager */
if (!SetupDiCallClassInstaller(
DIF_REGISTERDEVICE,
hDevInfoList,
@@ -876,43 +806,38 @@ tap_create_adapter(
{
dwResult = GetLastError();
msg(M_NONFATAL, "%s: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed", __FUNCTION__);
- goto cleanup_DriverInfoList;
+ goto cleanup_hDevInfoList;
}
- /* Register device co-installers if any. */
- if (!SetupDiCallClassInstaller(
- DIF_REGISTER_COINSTALLERS,
- hDevInfoList,
- &devinfo_data))
- {
- dwResult = GetLastError();
- msg(M_WARN | M_ERRNO, "%s: SetupDiCallClassInstaller(DIF_REGISTER_COINSTALLERS) failed", __FUNCTION__);
- }
+ /* Install the device using DiInstallDevice()
+ * We instruct the system to use the best driver in the driver store
+ * by setting the drvinfo argument of DiInstallDevice as NULL. This
+ * assumes a driver is already installed in the driver store.
+ */
+#ifdef HAVE_DIINSTALLDEVICE
+ if (!DiInstallDevice(hwndParent, hDevInfoList, &devinfo_data, NULL, 0, pbRebootRequired))
+#else
+ /* mingw does not resolve DiInstallDevice, so load it at run time. */
+ typedef BOOL (WINAPI *DiInstallDeviceFn) (HWND, HDEVINFO, SP_DEVINFO_DATA *,
+ SP_DRVINFO_DATA *, DWORD, BOOL *);
+ DiInstallDeviceFn installfn
+ = find_function (L"newdev.dll", "DiInstallDevice", &libnewdev);
- /* Install adapters if any. */
- if (!SetupDiCallClassInstaller(
- DIF_INSTALLINTERFACES,
- hDevInfoList,
- &devinfo_data))
+ if (!installfn)
{
dwResult = GetLastError();
- msg(M_WARN | M_ERRNO, "%s: SetupDiCallClassInstaller(DIF_INSTALLINTERFACES) failed", __FUNCTION__);
+ msg(M_NONFATAL | M_ERRNO, "%s: Failed to locate DiInstallDevice()", __FUNCTION__);
+ goto cleanup_hDevInfoList;
}
- /* Install the device. */
- if (!SetupDiCallClassInstaller(
- DIF_INSTALLDEVICE,
- hDevInfoList,
- &devinfo_data))
+ if (!installfn(hwndParent, hDevInfoList, &devinfo_data, NULL, 0, pbRebootRequired))
+#endif
{
dwResult = GetLastError();
- msg(M_NONFATAL | M_ERRNO, "%s: SetupDiCallClassInstaller(DIF_INSTALLDEVICE) failed", __FUNCTION__);
+ msg(M_NONFATAL | M_ERRNO, "%s: DiInstallDevice failed", __FUNCTION__);
goto cleanup_remove_device;
}
- /* Check if a system reboot is required. (Ignore errors) */
- check_reboot(hDevInfoList, &devinfo_data, pbRebootRequired);
-
/* Get network adapter ID from registry. Retry for max 30sec. */
dwResult = get_net_adapter_guid(hDevInfoList, &devinfo_data, 30, pguidAdapter);
@@ -958,13 +883,11 @@ cleanup_remove_device:
}
}
-cleanup_DriverInfoList:
- SetupDiDestroyDriverInfoList(
- hDevInfoList,
- &devinfo_data,
- SPDIT_CLASSDRIVER);
-
cleanup_hDevInfoList:
+ if (libnewdev)
+ {
+ FreeLibrary(libnewdev);
+ }
SetupDiDestroyDeviceInfoList(hDevInfoList);
return dwResult;
}
@@ -1140,9 +1063,12 @@ ExecCommand(const WCHAR* cmdline)
DWORD
tap_set_adapter_name(
_In_ LPCGUID pguidAdapter,
- _In_ LPCTSTR szName)
+ _In_ LPCTSTR szName,
+ _In_ BOOL bSilent)
{
DWORD dwResult;
+ int msg_flag = bSilent ? M_WARN : M_NONFATAL;
+ msg_flag |= M_ERRNO;
if (pguidAdapter == NULL || szName == NULL)
{
@@ -1176,7 +1102,7 @@ tap_set_adapter_name(
if (dwResult != ERROR_SUCCESS)
{
SetLastError(dwResult); /* MSDN does not mention RegOpenKeyEx() to set GetLastError(). But we do have an error code. Set last error manually. */
- msg(M_NONFATAL | M_ERRNO, "%s: RegOpenKeyEx(HKLM, \"%" PRIsLPTSTR "\") failed", __FUNCTION__, szRegKey);
+ msg(msg_flag, "%s: RegOpenKeyEx(HKLM, \"%" PRIsLPTSTR "\") failed", __FUNCTION__, szRegKey);
goto cleanup_szAdapterId;
}
@@ -1185,7 +1111,7 @@ tap_set_adapter_name(
if (dwResult != ERROR_SUCCESS)
{
SetLastError(dwResult);
- msg(M_NONFATAL | M_ERRNO, "%s: Error reading adapter name", __FUNCTION__);
+ msg(msg_flag, "%s: Error reading adapter name", __FUNCTION__);
goto cleanup_hKey;
}
@@ -1203,7 +1129,7 @@ tap_set_adapter_name(
if (dwResult != ERROR_SUCCESS)
{
SetLastError(dwResult);
- msg(M_NONFATAL | M_ERRNO, "%s: Error renaming adapter", __FUNCTION__);
+ msg(msg_flag, "%s: Error renaming adapter", __FUNCTION__);
goto cleanup_hKey;
}
diff --git a/src/tapctl/tap.h b/src/tapctl/tap.h
index 102de32..63d791c 100644
--- a/src/tapctl/tap.h
+++ b/src/tapctl/tap.h
@@ -118,12 +118,16 @@ tap_enable_adapter(
*
* @param szName New adapter name - must be unique
*
+ * @param bSilent If true, MSI installer won't display message box and
+ * only print error to log.
+ *
* @return ERROR_SUCCESS on success; Win32 error code otherwise
**/
DWORD
tap_set_adapter_name(
_In_ LPCGUID pguidAdapter,
- _In_ LPCTSTR szName);
+ _In_ LPCTSTR szName,
+ _In_ BOOL bSilent);
/**