summaryrefslogtreecommitdiff
path: root/src/openvpnserv
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpnserv')
-rw-r--r--src/openvpnserv/Makefile.in60
-rw-r--r--src/openvpnserv/common.c16
-rw-r--r--src/openvpnserv/interactive.c77
-rw-r--r--src/openvpnserv/service.h3
-rw-r--r--src/openvpnserv/validate.c2
5 files changed, 118 insertions, 40 deletions
diff --git a/src/openvpnserv/Makefile.in b/src/openvpnserv/Makefile.in
index 0dd9792..68cb4a0 100644
--- a/src/openvpnserv/Makefile.in
+++ b/src/openvpnserv/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -159,7 +159,13 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -I$(top_builddir)/include
depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/openvpnserv-automatic.Po \
+ ./$(DEPDIR)/openvpnserv-block_dns.Po \
+ ./$(DEPDIR)/openvpnserv-common.Po \
+ ./$(DEPDIR)/openvpnserv-interactive.Po \
+ ./$(DEPDIR)/openvpnserv-service.Po \
+ ./$(DEPDIR)/openvpnserv-validate.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -376,7 +382,6 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
-runstatedir = @runstatedir@
sampledir = @sampledir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
@@ -436,8 +441,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_srcdir)/build/ltrc.inc $(am__empty):
@@ -509,12 +514,18 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-automatic.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-block_dns.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-common.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-interactive.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-service.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-validate.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-automatic.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-block_dns.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-common.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-interactive.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-service.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-validate.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -679,7 +690,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -753,7 +767,12 @@ clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/openvpnserv-automatic.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-block_dns.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-common.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-interactive.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-service.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-validate.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -799,7 +818,12 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/openvpnserv-automatic.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-block_dns.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-common.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-interactive.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-service.Po
+ -rm -f ./$(DEPDIR)/openvpnserv-validate.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -820,9 +844,9 @@ uninstall-am: uninstall-sbinPROGRAMS
.MAKE: install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \
- distclean distclean-compile distclean-generic \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+ clean-generic clean-libtool clean-sbinPROGRAMS cscopelist-am \
+ ctags ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c
index dc47666..73c418f 100644
--- a/src/openvpnserv/common.c
+++ b/src/openvpnserv/common.c
@@ -25,7 +25,7 @@
#include "validate.h"
LPCTSTR service_instance = TEXT("");
-
+static wchar_t win_sys_path[MAX_PATH];
/*
* These are necessary due to certain buggy implementations of (v)snprintf,
@@ -285,3 +285,17 @@ utf8to16(const char *utf8)
MultiByteToWideChar(CP_UTF8, 0, utf8, -1, utf16, n);
return utf16;
}
+
+const wchar_t *
+get_win_sys_path(void)
+{
+ const wchar_t *default_sys_path = L"C:\\Windows\\system32";
+
+ if (!GetSystemDirectoryW(win_sys_path, _countof(win_sys_path)))
+ {
+ wcsncpy(win_sys_path, default_sys_path, _countof(win_sys_path));
+ win_sys_path[_countof(win_sys_path) - 1] = L'\0';
+ }
+
+ return win_sys_path;
+}
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index 9cfc94e..d7c9eea 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -934,11 +934,10 @@ RegisterDNS(LPVOID unused)
{
DWORD err;
DWORD i;
- WCHAR sys_path[MAX_PATH];
DWORD timeout = RDNS_TIMEOUT * 1000; /* in milliseconds */
- /* default path of ipconfig command */
- WCHAR ipcfg[MAX_PATH] = L"C:\\Windows\\system32\\ipconfig.exe";
+ /* path of ipconfig command */
+ WCHAR ipcfg[MAX_PATH];
struct
{
@@ -953,11 +952,8 @@ RegisterDNS(LPVOID unused)
HANDLE wait_handles[2] = {rdns_semaphore, exit_event};
- if (GetSystemDirectory(sys_path, MAX_PATH))
- {
- swprintf(ipcfg, MAX_PATH, L"%s\\%s", sys_path, L"ipconfig.exe");
- ipcfg[MAX_PATH-1] = L'\0';
- }
+ swprintf(ipcfg, _countof(ipcfg), L"%s\\%s", get_win_sys_path(), L"ipconfig.exe");
+ ipcfg[_countof(ipcfg) - 1] = L'\0';
if (WaitForMultipleObjects(2, wait_handles, FALSE, timeout) == WAIT_OBJECT_0)
{
@@ -1021,6 +1017,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam
DWORD err = 0;
int timeout = 30000; /* in msec */
wchar_t argv0[MAX_PATH];
+ wchar_t *cmdline = NULL;
if (!addr)
{
@@ -1035,15 +1032,8 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam
}
/* Path of netsh */
- int n = GetSystemDirectory(argv0, MAX_PATH);
- if (n > 0 && n < MAX_PATH) /* got system directory */
- {
- wcsncat(argv0, L"\\netsh.exe", MAX_PATH - n - 1);
- }
- else
- {
- wcsncpy(argv0, L"C:\\Windows\\system32\\netsh.exe", MAX_PATH);
- }
+ swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"netsh.exe");
+ argv0[_countof(argv0) - 1] = L'\0';
/* cmd template:
* netsh interface $proto $action dns $if_name $addr [validate=no]
@@ -1052,7 +1042,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam
/* max cmdline length in wchars -- include room for worst case and some */
int ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 + 1;
- wchar_t *cmdline = malloc(ncmdline*sizeof(wchar_t));
+ cmdline = malloc(ncmdline*sizeof(wchar_t));
if (!cmdline)
{
err = ERROR_OUTOFMEMORY;
@@ -1176,6 +1166,45 @@ out:
return err;
}
+static DWORD
+HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp)
+{
+ DWORD err = 0;
+ DWORD timeout = 5000; /* in milli seconds */
+ wchar_t argv0[MAX_PATH];
+
+ /* Path of netsh */
+ swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"netsh.exe");
+ argv0[_countof(argv0) - 1] = L'\0';
+
+ /* cmd template:
+ * netsh interface ipv4 set address name=$if_index source=dhcp
+ */
+ const wchar_t *fmt = L"netsh interface ipv4 set address name=\"%d\" source=dhcp";
+
+ /* max cmdline length in wchars -- include room for if index:
+ * 10 chars for 32 bit int in decimal and +1 for NUL
+ */
+ size_t ncmdline = wcslen(fmt) + 10 + 1;
+ wchar_t *cmdline = malloc(ncmdline*sizeof(wchar_t));
+ if (!cmdline)
+ {
+ err = ERROR_OUTOFMEMORY;
+ return err;
+ }
+
+ openvpn_sntprintf(cmdline, ncmdline, fmt, dhcp->iface.index);
+
+ err = ExecCommand(argv0, cmdline, timeout);
+
+ /* Note: This could fail if dhcp is already enabled, so the caller
+ * may not want to treat errors as FATAL.
+ */
+
+ free(cmdline);
+ return err;
+}
+
static VOID
HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists_t *lists)
{
@@ -1187,6 +1216,7 @@ HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists
flush_neighbors_message_t flush_neighbors;
block_dns_message_t block_dns;
dns_cfg_message_t dns;
+ enable_dhcp_message_t dhcp;
} msg;
ack_message_t ack = {
.header = {
@@ -1247,6 +1277,13 @@ HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists
ack.error_number = HandleDNSConfigMessage(&msg.dns, lists);
break;
+ case msg_enable_dhcp:
+ if (msg.header.size == sizeof(msg.dhcp))
+ {
+ ack.error_number = HandleEnableDHCPMessage(&msg.dhcp);
+ }
+ break;
+
default:
ack.error_number = ERROR_MESSAGE_TYPE;
MsgToEventLog(MSG_FLAGS_ERROR, TEXT("Unknown message type %d"), msg.header.type);
@@ -1316,7 +1353,7 @@ RunOpenvpn(LPVOID p)
{
HANDLE pipe = p;
HANDLE ovpn_pipe, svc_pipe;
- PTOKEN_USER svc_user, ovpn_user;
+ PTOKEN_USER svc_user = NULL, ovpn_user = NULL;
HANDLE svc_token = NULL, imp_token = NULL, pri_token = NULL;
HANDLE stdin_read = NULL, stdin_write = NULL;
HANDLE stdout_write = NULL;
@@ -1369,7 +1406,6 @@ RunOpenvpn(LPVOID p)
goto out;
}
len = 0;
- svc_user = NULL;
while (!GetTokenInformation(svc_token, TokenUser, svc_user, len, &len))
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
@@ -1402,7 +1438,6 @@ RunOpenvpn(LPVOID p)
goto out;
}
len = 0;
- ovpn_user = NULL;
while (!GetTokenInformation(imp_token, TokenUser, ovpn_user, len, &len))
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
diff --git a/src/openvpnserv/service.h b/src/openvpnserv/service.h
index af8f37f..23b105f 100644
--- a/src/openvpnserv/service.h
+++ b/src/openvpnserv/service.h
@@ -96,4 +96,7 @@ DWORD MsgToEventLog(DWORD flags, LPCTSTR lpszMsg, ...);
/* Convert a utf8 string to utf16. Caller should free the result */
wchar_t *utf8to16(const char *utf8);
+/* return windows system directory as a pointer to a static string */
+const wchar_t *get_win_sys_path(void);
+
#endif /* ifndef _SERVICE_H */
diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c
index 653bd12..d35938c 100644
--- a/src/openvpnserv/validate.c
+++ b/src/openvpnserv/validate.c
@@ -44,6 +44,8 @@ static const WCHAR *white_list[] =
L"setenv",
L"service",
L"verb",
+ L"pull-filter",
+ L"script-security",
NULL /* last value */
};