diff options
Diffstat (limited to 'src/openvpnserv')
-rw-r--r-- | src/openvpnserv/Makefile.in | 60 | ||||
-rw-r--r-- | src/openvpnserv/common.c | 16 | ||||
-rw-r--r-- | src/openvpnserv/interactive.c | 77 | ||||
-rw-r--r-- | src/openvpnserv/service.h | 3 | ||||
-rw-r--r-- | src/openvpnserv/validate.c | 2 |
5 files changed, 118 insertions, 40 deletions
diff --git a/src/openvpnserv/Makefile.in b/src/openvpnserv/Makefile.in index 0dd9792..68cb4a0 100644 --- a/src/openvpnserv/Makefile.in +++ b/src/openvpnserv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -159,7 +159,13 @@ am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -I$(top_builddir)/include depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/openvpnserv-automatic.Po \ + ./$(DEPDIR)/openvpnserv-block_dns.Po \ + ./$(DEPDIR)/openvpnserv-common.Po \ + ./$(DEPDIR)/openvpnserv-interactive.Po \ + ./$(DEPDIR)/openvpnserv-service.Po \ + ./$(DEPDIR)/openvpnserv-validate.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -376,7 +382,6 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ @@ -436,8 +441,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_srcdir)/build/ltrc.inc $(am__empty): @@ -509,12 +514,18 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-automatic.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-block_dns.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-common.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-interactive.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-service.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-validate.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-automatic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-block_dns.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-common.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-interactive.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-service.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvpnserv-validate.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -679,7 +690,10 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -753,7 +767,12 @@ clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/openvpnserv-automatic.Po + -rm -f ./$(DEPDIR)/openvpnserv-block_dns.Po + -rm -f ./$(DEPDIR)/openvpnserv-common.Po + -rm -f ./$(DEPDIR)/openvpnserv-interactive.Po + -rm -f ./$(DEPDIR)/openvpnserv-service.Po + -rm -f ./$(DEPDIR)/openvpnserv-validate.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -799,7 +818,12 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/openvpnserv-automatic.Po + -rm -f ./$(DEPDIR)/openvpnserv-block_dns.Po + -rm -f ./$(DEPDIR)/openvpnserv-common.Po + -rm -f ./$(DEPDIR)/openvpnserv-interactive.Po + -rm -f ./$(DEPDIR)/openvpnserv-service.Po + -rm -f ./$(DEPDIR)/openvpnserv-validate.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -820,9 +844,9 @@ uninstall-am: uninstall-sbinPROGRAMS .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \ - distclean distclean-compile distclean-generic \ +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-libtool clean-sbinPROGRAMS cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c index dc47666..73c418f 100644 --- a/src/openvpnserv/common.c +++ b/src/openvpnserv/common.c @@ -25,7 +25,7 @@ #include "validate.h" LPCTSTR service_instance = TEXT(""); - +static wchar_t win_sys_path[MAX_PATH]; /* * These are necessary due to certain buggy implementations of (v)snprintf, @@ -285,3 +285,17 @@ utf8to16(const char *utf8) MultiByteToWideChar(CP_UTF8, 0, utf8, -1, utf16, n); return utf16; } + +const wchar_t * +get_win_sys_path(void) +{ + const wchar_t *default_sys_path = L"C:\\Windows\\system32"; + + if (!GetSystemDirectoryW(win_sys_path, _countof(win_sys_path))) + { + wcsncpy(win_sys_path, default_sys_path, _countof(win_sys_path)); + win_sys_path[_countof(win_sys_path) - 1] = L'\0'; + } + + return win_sys_path; +} diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 9cfc94e..d7c9eea 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -934,11 +934,10 @@ RegisterDNS(LPVOID unused) { DWORD err; DWORD i; - WCHAR sys_path[MAX_PATH]; DWORD timeout = RDNS_TIMEOUT * 1000; /* in milliseconds */ - /* default path of ipconfig command */ - WCHAR ipcfg[MAX_PATH] = L"C:\\Windows\\system32\\ipconfig.exe"; + /* path of ipconfig command */ + WCHAR ipcfg[MAX_PATH]; struct { @@ -953,11 +952,8 @@ RegisterDNS(LPVOID unused) HANDLE wait_handles[2] = {rdns_semaphore, exit_event}; - if (GetSystemDirectory(sys_path, MAX_PATH)) - { - swprintf(ipcfg, MAX_PATH, L"%s\\%s", sys_path, L"ipconfig.exe"); - ipcfg[MAX_PATH-1] = L'\0'; - } + swprintf(ipcfg, _countof(ipcfg), L"%s\\%s", get_win_sys_path(), L"ipconfig.exe"); + ipcfg[_countof(ipcfg) - 1] = L'\0'; if (WaitForMultipleObjects(2, wait_handles, FALSE, timeout) == WAIT_OBJECT_0) { @@ -1021,6 +1017,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam DWORD err = 0; int timeout = 30000; /* in msec */ wchar_t argv0[MAX_PATH]; + wchar_t *cmdline = NULL; if (!addr) { @@ -1035,15 +1032,8 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam } /* Path of netsh */ - int n = GetSystemDirectory(argv0, MAX_PATH); - if (n > 0 && n < MAX_PATH) /* got system directory */ - { - wcsncat(argv0, L"\\netsh.exe", MAX_PATH - n - 1); - } - else - { - wcsncpy(argv0, L"C:\\Windows\\system32\\netsh.exe", MAX_PATH); - } + swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"netsh.exe"); + argv0[_countof(argv0) - 1] = L'\0'; /* cmd template: * netsh interface $proto $action dns $if_name $addr [validate=no] @@ -1052,7 +1042,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam /* max cmdline length in wchars -- include room for worst case and some */ int ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 + 1; - wchar_t *cmdline = malloc(ncmdline*sizeof(wchar_t)); + cmdline = malloc(ncmdline*sizeof(wchar_t)); if (!cmdline) { err = ERROR_OUTOFMEMORY; @@ -1176,6 +1166,45 @@ out: return err; } +static DWORD +HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp) +{ + DWORD err = 0; + DWORD timeout = 5000; /* in milli seconds */ + wchar_t argv0[MAX_PATH]; + + /* Path of netsh */ + swprintf(argv0, _countof(argv0), L"%s\\%s", get_win_sys_path(), L"netsh.exe"); + argv0[_countof(argv0) - 1] = L'\0'; + + /* cmd template: + * netsh interface ipv4 set address name=$if_index source=dhcp + */ + const wchar_t *fmt = L"netsh interface ipv4 set address name=\"%d\" source=dhcp"; + + /* max cmdline length in wchars -- include room for if index: + * 10 chars for 32 bit int in decimal and +1 for NUL + */ + size_t ncmdline = wcslen(fmt) + 10 + 1; + wchar_t *cmdline = malloc(ncmdline*sizeof(wchar_t)); + if (!cmdline) + { + err = ERROR_OUTOFMEMORY; + return err; + } + + openvpn_sntprintf(cmdline, ncmdline, fmt, dhcp->iface.index); + + err = ExecCommand(argv0, cmdline, timeout); + + /* Note: This could fail if dhcp is already enabled, so the caller + * may not want to treat errors as FATAL. + */ + + free(cmdline); + return err; +} + static VOID HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists_t *lists) { @@ -1187,6 +1216,7 @@ HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists flush_neighbors_message_t flush_neighbors; block_dns_message_t block_dns; dns_cfg_message_t dns; + enable_dhcp_message_t dhcp; } msg; ack_message_t ack = { .header = { @@ -1247,6 +1277,13 @@ HandleMessage(HANDLE pipe, DWORD bytes, DWORD count, LPHANDLE events, undo_lists ack.error_number = HandleDNSConfigMessage(&msg.dns, lists); break; + case msg_enable_dhcp: + if (msg.header.size == sizeof(msg.dhcp)) + { + ack.error_number = HandleEnableDHCPMessage(&msg.dhcp); + } + break; + default: ack.error_number = ERROR_MESSAGE_TYPE; MsgToEventLog(MSG_FLAGS_ERROR, TEXT("Unknown message type %d"), msg.header.type); @@ -1316,7 +1353,7 @@ RunOpenvpn(LPVOID p) { HANDLE pipe = p; HANDLE ovpn_pipe, svc_pipe; - PTOKEN_USER svc_user, ovpn_user; + PTOKEN_USER svc_user = NULL, ovpn_user = NULL; HANDLE svc_token = NULL, imp_token = NULL, pri_token = NULL; HANDLE stdin_read = NULL, stdin_write = NULL; HANDLE stdout_write = NULL; @@ -1369,7 +1406,6 @@ RunOpenvpn(LPVOID p) goto out; } len = 0; - svc_user = NULL; while (!GetTokenInformation(svc_token, TokenUser, svc_user, len, &len)) { if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) @@ -1402,7 +1438,6 @@ RunOpenvpn(LPVOID p) goto out; } len = 0; - ovpn_user = NULL; while (!GetTokenInformation(imp_token, TokenUser, ovpn_user, len, &len)) { if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) diff --git a/src/openvpnserv/service.h b/src/openvpnserv/service.h index af8f37f..23b105f 100644 --- a/src/openvpnserv/service.h +++ b/src/openvpnserv/service.h @@ -96,4 +96,7 @@ DWORD MsgToEventLog(DWORD flags, LPCTSTR lpszMsg, ...); /* Convert a utf8 string to utf16. Caller should free the result */ wchar_t *utf8to16(const char *utf8); +/* return windows system directory as a pointer to a static string */ +const wchar_t *get_win_sys_path(void); + #endif /* ifndef _SERVICE_H */ diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c index 653bd12..d35938c 100644 --- a/src/openvpnserv/validate.c +++ b/src/openvpnserv/validate.c @@ -44,6 +44,8 @@ static const WCHAR *white_list[] = L"setenv", L"service", L"verb", + L"pull-filter", + L"script-security", NULL /* last value */ }; |