diff options
Diffstat (limited to 'src/openvpnserv/openvpnserv.c')
| -rwxr-xr-x | src/openvpnserv/openvpnserv.c | 534 |
1 files changed, 534 insertions, 0 deletions
diff --git a/src/openvpnserv/openvpnserv.c b/src/openvpnserv/openvpnserv.c new file mode 100755 index 0000000..56f5a02 --- /dev/null +++ b/src/openvpnserv/openvpnserv.c @@ -0,0 +1,534 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +/* + * This program allows one or more OpenVPN processes to be started + * as a service. To build, you must get the service sample from the + * Platform SDK and replace Simple.c with this file. + * + * You should also apply service.patch to + * service.c and service.h from the Platform SDK service sample. + * + * This code is designed to be built with the mingw compiler. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif +#include <windows.h> +#include <stdlib.h> +#include <stdio.h> +#include <stdarg.h> +#include <process.h> +#include "service.h" + +/* bool definitions */ +#define bool int +#define true 1 +#define false 0 + +/* These are new for 2000/XP, so they aren't in the mingw headers yet */ +#ifndef BELOW_NORMAL_PRIORITY_CLASS +#define BELOW_NORMAL_PRIORITY_CLASS 0x00004000 +#endif +#ifndef ABOVE_NORMAL_PRIORITY_CLASS +#define ABOVE_NORMAL_PRIORITY_CLASS 0x00008000 +#endif + +struct security_attributes +{ + SECURITY_ATTRIBUTES sa; + SECURITY_DESCRIPTOR sd; +}; + +/* + * This event is initially created in the non-signaled + * state. It will transition to the signaled state when + * we have received a terminate signal from the Service + * Control Manager which will cause an asynchronous call + * of ServiceStop below. + */ +#define EXIT_EVENT_NAME PACKAGE "_exit_1" + +/* + * Which registry key in HKLM should + * we get config info from? + */ +#define REG_KEY "SOFTWARE\\" PACKAGE_NAME + +static HANDLE exit_event = NULL; + +/* clear an object */ +#define CLEAR(x) memset(&(x), 0, sizeof(x)) + +/* + * Message handling + */ +#define M_INFO (0) /* informational */ +#define M_SYSERR (MSG_FLAGS_ERROR|MSG_FLAGS_SYS_CODE) /* error + system code */ +#define M_ERR (MSG_FLAGS_ERROR) /* error */ + +/* write error to event log */ +#define MSG(flags, ...) \ + { \ + char x_msg[256]; \ + openvpn_snprintf (x_msg, sizeof(x_msg), __VA_ARGS__); \ + AddToMessageLog ((flags), x_msg); \ + } + +/* get a registry string */ +#define QUERY_REG_STRING(name, data) \ + { \ + len = sizeof (data); \ + status = RegQueryValueEx(openvpn_key, name, NULL, &type, data, &len); \ + if (status != ERROR_SUCCESS || type != REG_SZ) \ + { \ + SetLastError (status); \ + MSG (M_SYSERR, error_format_str, name); \ + RegCloseKey (openvpn_key); \ + goto finish; \ + } \ + } + +/* get a registry string */ +#define QUERY_REG_DWORD(name, data) \ + { \ + len = sizeof (DWORD); \ + status = RegQueryValueEx(openvpn_key, name, NULL, &type, (LPBYTE)&data, &len); \ + if (status != ERROR_SUCCESS || type != REG_DWORD || len != sizeof (DWORD)) \ + { \ + SetLastError (status); \ + MSG (M_SYSERR, error_format_dword, name); \ + RegCloseKey (openvpn_key); \ + goto finish; \ + } \ + } + +/* + * This is necessary due to certain buggy implementations of snprintf, + * that don't guarantee null termination for size > 0. + * (copied from ../buffer.c, line 217) + * (git: 100644 blob e2f8caab0a5b2a870092c6cd508a1a50c21c3ba3 buffer.c) + */ + +int openvpn_snprintf(char *str, size_t size, const char *format, ...) +{ + va_list arglist; + int len = -1; + if (size > 0) + { + va_start (arglist, format); + len = vsnprintf (str, size, format, arglist); + va_end (arglist); + str[size - 1] = 0; + } + return (len >= 0 && len < size); +} + + +bool +init_security_attributes_allow_all (struct security_attributes *obj) +{ + CLEAR (*obj); + + obj->sa.nLength = sizeof (SECURITY_ATTRIBUTES); + obj->sa.lpSecurityDescriptor = &obj->sd; + obj->sa.bInheritHandle = TRUE; + if (!InitializeSecurityDescriptor (&obj->sd, SECURITY_DESCRIPTOR_REVISION)) + return false; + if (!SetSecurityDescriptorDacl (&obj->sd, TRUE, NULL, FALSE)) + return false; + return true; +} + +HANDLE +create_event (const char *name, bool allow_all, bool initial_state, bool manual_reset) +{ + if (allow_all) + { + struct security_attributes sa; + if (!init_security_attributes_allow_all (&sa)) + return NULL; + return CreateEvent (&sa.sa, (BOOL)manual_reset, (BOOL)initial_state, name); + } + else + return CreateEvent (NULL, (BOOL)manual_reset, (BOOL)initial_state, name); +} + +void +close_if_open (HANDLE h) +{ + if (h != NULL) + CloseHandle (h); +} + +static bool +match (const WIN32_FIND_DATA *find, const char *ext) +{ + int i; + + if (find->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) + return false; + + if (!strlen (ext)) + return true; + + i = strlen (find->cFileName) - strlen (ext) - 1; + if (i < 1) + return false; + + return find->cFileName[i] == '.' && !_stricmp (find->cFileName + i + 1, ext); +} + +/* + * Modify the extension on a filename. + */ +static bool +modext (char *dest, int size, const char *src, const char *newext) +{ + int i; + + if (size > 0 && (strlen (src) + 1) <= size) + { + strcpy (dest, src); + dest [size - 1] = '\0'; + i = strlen (dest); + while (--i >= 0) + { + if (dest[i] == '\\') + break; + if (dest[i] == '.') + { + dest[i] = '\0'; + break; + } + } + if (strlen (dest) + strlen(newext) + 2 <= size) + { + strcat (dest, "."); + strcat (dest, newext); + return true; + } + dest [0] = '\0'; + } + return false; +} + +VOID ServiceStart (DWORD dwArgc, LPTSTR *lpszArgv) +{ + char exe_path[MAX_PATH]; + char config_dir[MAX_PATH]; + char ext_string[16]; + char log_dir[MAX_PATH]; + char priority_string[64]; + char append_string[2]; + + DWORD priority; + bool append; + + ResetError (); + + if (!ReportStatusToSCMgr(SERVICE_START_PENDING, NO_ERROR, 3000)) + { + MSG (M_ERR, "ReportStatusToSCMgr #1 failed"); + goto finish; + } + + /* + * Create our exit event + */ + exit_event = create_event (EXIT_EVENT_NAME, false, false, true); + if (!exit_event) + { + MSG (M_ERR, "CreateEvent failed"); + goto finish; + } + + /* + * If exit event is already signaled, it means we were not + * shut down properly. + */ + if (WaitForSingleObject (exit_event, 0) != WAIT_TIMEOUT) + { + MSG (M_ERR, "Exit event is already signaled -- we were not shut down properly"); + goto finish; + } + + if (!ReportStatusToSCMgr(SERVICE_START_PENDING, NO_ERROR, 3000)) + { + MSG (M_ERR, "ReportStatusToSCMgr #2 failed"); + goto finish; + } + + /* + * Read info from registry in key HKLM\SOFTWARE\OpenVPN + */ + { + HKEY openvpn_key; + LONG status; + DWORD len; + DWORD type; + + static const char error_format_str[] = + "Error querying registry key of type REG_SZ: HKLM\\" REG_KEY "\\%s"; + + static const char error_format_dword[] = + "Error querying registry key of type REG_DWORD: HKLM\\" REG_KEY "\\%s"; + + status = RegOpenKeyEx( + HKEY_LOCAL_MACHINE, + REG_KEY, + 0, + KEY_READ, + &openvpn_key); + + if (status != ERROR_SUCCESS) + { + SetLastError (status); + MSG (M_SYSERR, "Registry key HKLM\\" REG_KEY " not found"); + goto finish; + } + + /* get path to openvpn.exe */ + QUERY_REG_STRING ("exe_path", exe_path); + + /* get path to configuration directory */ + QUERY_REG_STRING ("config_dir", config_dir); + + /* get extension on configuration files */ + QUERY_REG_STRING ("config_ext", ext_string); + + /* get path to log directory */ + QUERY_REG_STRING ("log_dir", log_dir); + + /* get priority for spawned OpenVPN subprocesses */ + QUERY_REG_STRING ("priority", priority_string); + + /* should we truncate or append to logfile? */ + QUERY_REG_STRING ("log_append", append_string); + + RegCloseKey (openvpn_key); + } + + /* set process priority */ + priority = NORMAL_PRIORITY_CLASS; + if (!_stricmp (priority_string, "IDLE_PRIORITY_CLASS")) + priority = IDLE_PRIORITY_CLASS; + else if (!_stricmp (priority_string, "BELOW_NORMAL_PRIORITY_CLASS")) + priority = BELOW_NORMAL_PRIORITY_CLASS; + else if (!_stricmp (priority_string, "NORMAL_PRIORITY_CLASS")) + priority = NORMAL_PRIORITY_CLASS; + else if (!_stricmp (priority_string, "ABOVE_NORMAL_PRIORITY_CLASS")) + priority = ABOVE_NORMAL_PRIORITY_CLASS; + else if (!_stricmp (priority_string, "HIGH_PRIORITY_CLASS")) + priority = HIGH_PRIORITY_CLASS; + else + { + MSG (M_ERR, "Unknown priority name: %s", priority_string); + goto finish; + } + + /* set log file append/truncate flag */ + append = false; + if (append_string[0] == '0') + append = false; + else if (append_string[0] == '1') + append = true; + else + { + MSG (M_ERR, "Log file append flag (given as '%s') must be '0' or '1'", append_string); + goto finish; + } + + /* + * Instantiate an OpenVPN process for each configuration + * file found. + */ + { + WIN32_FIND_DATA find_obj; + HANDLE find_handle; + BOOL more_files; + char find_string[MAX_PATH]; + + openvpn_snprintf (find_string, MAX_PATH, "%s\\*", config_dir); + + find_handle = FindFirstFile (find_string, &find_obj); + if (find_handle == INVALID_HANDLE_VALUE) + { + MSG (M_ERR, "Cannot get configuration file list using: %s", find_string); + goto finish; + } + + /* + * Loop over each config file + */ + do { + HANDLE log_handle = NULL; + STARTUPINFO start_info; + PROCESS_INFORMATION proc_info; + struct security_attributes sa; + char log_file[MAX_PATH]; + char log_path[MAX_PATH]; + char command_line[256]; + + CLEAR (start_info); + CLEAR (proc_info); + CLEAR (sa); + + if (!ReportStatusToSCMgr(SERVICE_START_PENDING, NO_ERROR, 3000)) + { + MSG (M_ERR, "ReportStatusToSCMgr #3 failed"); + FindClose (find_handle); + goto finish; + } + + /* does file have the correct type and extension? */ + if (match (&find_obj, ext_string)) + { + /* get log file pathname */ + if (!modext (log_file, sizeof (log_file), find_obj.cFileName, "log")) + { + MSG (M_ERR, "Cannot construct logfile name based on: %s", find_obj.cFileName); + FindClose (find_handle); + goto finish; + } + openvpn_snprintf (log_path, sizeof(log_path), + "%s\\%s", log_dir, log_file); + + /* construct command line */ + openvpn_snprintf (command_line, sizeof(command_line), PACKAGE " --service %s 1 --config \"%s\"", + EXIT_EVENT_NAME, + find_obj.cFileName); + + /* Make security attributes struct for logfile handle so it can + be inherited. */ + if (!init_security_attributes_allow_all (&sa)) + { + MSG (M_SYSERR, "InitializeSecurityDescriptor start_" PACKAGE " failed"); + goto finish; + } + + /* open logfile as stdout/stderr for soon-to-be-spawned subprocess */ + log_handle = CreateFile (log_path, + GENERIC_WRITE, + FILE_SHARE_READ, + &sa.sa, + append ? OPEN_ALWAYS : CREATE_ALWAYS, + FILE_ATTRIBUTE_NORMAL, + NULL); + + if (log_handle == INVALID_HANDLE_VALUE) + { + MSG (M_SYSERR, "Cannot open logfile: %s", log_path); + FindClose (find_handle); + goto finish; + } + + /* append to logfile? */ + if (append) + { + if (SetFilePointer (log_handle, 0, NULL, FILE_END) == INVALID_SET_FILE_POINTER) + { + MSG (M_SYSERR, "Cannot seek to end of logfile: %s", log_path); + FindClose (find_handle); + goto finish; + } + } + + /* fill in STARTUPINFO struct */ + GetStartupInfo(&start_info); + start_info.cb = sizeof(start_info); + start_info.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW; + start_info.wShowWindow = SW_HIDE; + start_info.hStdInput = GetStdHandle(STD_INPUT_HANDLE); + start_info.hStdOutput = start_info.hStdError = log_handle; + + /* create an OpenVPN process for one config file */ + if (!CreateProcess(exe_path, + command_line, + NULL, + NULL, + TRUE, + priority | CREATE_NEW_CONSOLE, + NULL, + config_dir, + &start_info, + &proc_info)) + { + MSG (M_SYSERR, "CreateProcess failed, exe='%s' cmdline='%s' dir='%s'", + exe_path, + command_line, + config_dir); + + FindClose (find_handle); + CloseHandle (log_handle); + goto finish; + } + + /* close unneeded handles */ + Sleep (1000); /* try to prevent race if we close logfile + handle before child process DUPs it */ + if (!CloseHandle (proc_info.hProcess) + || !CloseHandle (proc_info.hThread) + || !CloseHandle (log_handle)) + { + MSG (M_SYSERR, "CloseHandle failed"); + goto finish; + } + } + + /* more files to process? */ + more_files = FindNextFile (find_handle, &find_obj); + + } while (more_files); + + FindClose (find_handle); + } + + /* we are now fully started */ + if (!ReportStatusToSCMgr(SERVICE_RUNNING, NO_ERROR, 0)) + { + MSG (M_ERR, "ReportStatusToSCMgr SERVICE_RUNNING failed"); + goto finish; + } + + /* wait for our shutdown signal */ + if (WaitForSingleObject (exit_event, INFINITE) != WAIT_OBJECT_0) + { + MSG (M_ERR, "wait for shutdown signal failed"); + } + + finish: + ServiceStop (); + if (exit_event) + CloseHandle (exit_event); +} + +VOID ServiceStop() +{ + if (exit_event) + SetEvent(exit_event); +} |