5
5
* packet encryption, packet authentication, and
6
6
* packet compression.
8
* Copyright (C) 2002-2008 OpenVPN Solutions LLC <info@openvpn.net>
8
* Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net>
10
10
* This program is free software; you can redistribute it and/or modify
11
11
* it under the terms of the GNU General Public License version 2
35
35
#include "manage.h"
36
36
#include "crypto.h"
39
40
#include "memdbg.h"
41
42
#ifdef CONFIG_FEATURE_IPROUTE
42
const char *iproute_path = IPROUTE_PATH;
43
const char *iproute_path = IPROUTE_PATH; /* GLOBAL */
46
/* contains an SSEC_x value defined in misc.h */
47
int script_security = SSEC_BUILT_IN; /* GLOBAL */
45
49
/* Redefine the top level directory of the filesystem
46
50
to restrict access to files for security */
196
200
if (plugin_defined (plugins, plugin_type))
198
struct buffer cmd = alloc_buf_gc (256, &gc);
202
struct argv argv = argv_new ();
203
"\"%s\" %d %d %s %s %s",
206
ifconfig_local, ifconfig_remote,
209
if (plugin_call (plugins, plugin_type, BSTR (&cmd), NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
208
ifconfig_local, ifconfig_remote,
211
if (plugin_call (plugins, plugin_type, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
210
212
msg (M_FATAL, "ERROR: up/down plugin call failed");
215
struct buffer cmd = alloc_buf_gc (256, &gc);
219
struct argv argv = argv_new ();
219
221
setenv_str (es, "script_type", script_type);
222
"%s \"%s\" %d %d %s %s %s",
223
"%s %s %d %d %s %s %s",
225
226
tun_mtu, link_mtu,
226
227
ifconfig_local, ifconfig_remote,
228
msg (M_INFO, "%s", BSTR (&cmd));
229
system_check (BSTR (&cmd), es, S_SCRIPT|S_FATAL, "script failed");
229
argv_msg (M_INFO, &argv);
230
openvpn_execve_check (&argv, es, S_SCRIPT|S_FATAL, "script failed");
377
* Wrapper around the system() call.
380
openvpn_system (const char *command, const struct env_set *es, unsigned int flags)
386
* We need to bracket this code by mutex because system() doesn't
387
* accept an environment list, so we have to use the process-wide
388
* list which is shared between all threads.
390
mutex_lock_static (L_SYSTEM);
391
perf_push (PERF_SCRIPT);
394
* add env_set to environment.
396
if (flags & S_SCRIPT)
397
env_set_add_to_environment (es);
401
dmsg (D_SCRIPT, "SYSTEM[%u] '%s'", flags, command);
402
if (flags & S_SCRIPT)
403
env_set_print (D_SCRIPT, es);
406
* execute the command
408
ret = system (command);
411
dmsg (D_SCRIPT, "SYSTEM return=%u", ret);
414
* remove env_set from environment
416
if (flags & S_SCRIPT)
417
env_set_remove_from_environment (es);
420
mutex_unlock_static (L_SYSTEM);
424
msg (M_FATAL, "Sorry but I can't execute the shell command '%s' because this operating system doesn't appear to support the system() call", command);
425
return -1; /* NOTREACHED */
430
379
* Warn if a given file is group/others accessible.
488
437
struct buffer out = alloc_buf_gc (256, gc);
491
buf_printf (&out, "shell command did not execute -- ");
492
buf_printf (&out, "system() returned error code %d", stat);
440
buf_printf (&out, "external program did not execute -- ");
441
buf_printf (&out, "returned error code %d", stat);
495
buf_printf (&out, "shell command fork failed");
444
buf_printf (&out, "external program fork failed");
496
445
else if (!WIFEXITED (stat))
497
buf_printf (&out, "shell command did not exit normally");
446
buf_printf (&out, "external program did not exit normally");
500
449
const int cmd_ret = WEXITSTATUS (stat);
502
buf_printf (&out, "shell command exited normally");
451
buf_printf (&out, "external program exited normally");
503
452
else if (cmd_ret == 127)
504
buf_printf (&out, "could not execute shell command");
453
buf_printf (&out, "could not execute external program");
506
buf_printf (&out, "shell command exited with error status: %d", cmd_ret);
455
buf_printf (&out, "external program exited with error status: %d", cmd_ret);
509
458
return (const char *)out.data;
513
* Run system(), exiting on error.
462
* Wrapper around openvpn_execve
516
system_check (const char *command, const struct env_set *es, unsigned int flags, const char *error_message)
465
openvpn_execve_check (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
518
467
struct gc_arena gc = gc_new ();
519
const int stat = openvpn_system (command, es, flags);
468
const int stat = openvpn_execve (a, es, flags);
522
471
if (system_ok (stat))
485
openvpn_execve_allowed (const unsigned int flags)
487
if (flags & S_SCRIPT)
488
return script_security >= SSEC_SCRIPTS;
490
return script_security >= SSEC_BUILT_IN;
495
* Run execve() inside a fork(). Designed to replicate the semantics of system() but
496
* in a safer way that doesn't require the invocation of a shell or the risks
497
* assocated with formatting and parsing a command line.
500
openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned int flags)
502
struct gc_arena gc = gc_new ();
507
#if defined(ENABLE_EXECVE)
508
if (openvpn_execve_allowed (flags))
510
const char *cmd = a->argv[0];
511
char *const *argv = a->argv;
512
char *const *envp = (char *const *)make_env_array (es, true, &gc);
516
if (pid == (pid_t)0) /* child side */
518
execve (cmd, argv, envp);
521
else if (pid < (pid_t)0) /* fork failed */
523
else /* parent side */
525
if (waitpid (pid, &ret, 0) != pid)
531
msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
534
msg (M_WARN, "openvpn_execve: execve function not available");
539
msg (M_WARN, "openvpn_execve: called with empty argv");
536
548
* Initialize random number seed. random() is only used
537
549
* when "weak" random numbers are acceptable.
772
msg (msglevel, "ENV [%d] '%s'", i, e->string);
784
if (env_safe_to_print (e->string))
785
msg (msglevel, "ENV [%d] '%s'", i, e->string);
901
914
setenv_str_safe (struct env_set *es, const char *name, const char *value)
904
openvpn_snprintf (buf, sizeof(buf), "OPENVPN_%s", name);
905
setenv_str (es, buf, value);
918
buf_set_write (&buf, b, sizeof (b));
919
if (buf_printf (&buf, "OPENVPN_%s", name))
920
setenv_str (es, BSTR(&buf), value);
922
msg (M_WARN, "setenv_str_safe: name overflow");
1096
1115
mutex_unlock_static (L_CREATE_TEMP);
1098
buf_printf (&fname, PACKAGE "_%s_%u_%u_%u.tmp",
1118
uint8_t rndbytes[16];
1121
prng_bytes (rndbytes, sizeof (rndbytes));
1122
rndstr = format_hex_ex (rndbytes, sizeof (rndbytes), 40, 0, NULL, gc);
1123
buf_printf (&fname, PACKAGE "_%s_%s.tmp", prefix, rndstr);
1104
1126
return gen_path (directory, BSTR (&fname), gc);
1108
1132
* Put a directory and filename together.
1115
1139
if (safe_filename
1116
1140
&& strcmp (safe_filename, ".")
1117
&& strcmp (safe_filename, ".."))
1141
&& strcmp (safe_filename, "..")
1143
&& win_safe_filename (safe_filename)
1119
struct buffer out = alloc_buf_gc (256, gc);
1147
const size_t outsize = strlen(safe_filename) + (directory ? strlen (directory) : 0) + 16;
1148
struct buffer out = alloc_buf_gc (outsize, gc);
1120
1149
char dirsep[2];
1122
1151
dirsep[0] = OS_SPECIFIC_DIRSEP;
1178
absolute_pathname (const char *pathname)
1182
const int c = pathname[0];
1184
return c == '\\' || (isalpha(c) && pathname[1] == ':' && pathname[2] == '\\');
1149
1194
* Return the next largest power of 2
1150
1195
* or u if u is a power of 2.
1449
1498
return string_mod_const (str, CC_PRINT, CC_CRLF, '.', gc);
1502
is_password_env_var (const char *str)
1504
return (strncmp (str, "password", 8) == 0);
1508
env_allowed (const char *str)
1510
return (script_security >= SSEC_PW_ENV || !is_password_env_var (str));
1514
env_safe_to_print (const char *str)
1516
#ifndef UNSAFE_DEBUG
1517
if (is_password_env_var (str))
1452
1523
/* Make arrays of strings */
1455
make_env_array (const struct env_set *es, struct gc_arena *gc)
1526
make_env_array (const struct env_set *es,
1527
const bool check_allowed,
1528
struct gc_arena *gc)
1457
1530
char **ret = NULL;
1458
1531
struct env_item *e = NULL;
1717
struct gc_arena gc = gc_new ();
1725
argv_printf (&a, "%s foo bar %s", "c:\\src\\test\\jyargs.exe", "foo bar");
1726
//argv_printf (&a, "%s %s %s", "c:\\src\\test files\\batargs.bat", "foo", "bar");
1728
argv_printf (&a, "./myechox foo bar");
1731
argv_msg_prefix (M_INFO, &a, "ARGV");
1732
openvpn_execve_check (&a, NULL, 0, "command failed");
1734
argv_printf (&a, "this is a %s test of int %d unsigned %u", "FOO", -69, 42);
1735
s = argv_str (&a, &gc, PA_BRACKET);
1739
struct argv b = argv_insert_head (&a, "MARK");
1740
s = argv_str (&b, &gc, PA_BRACKET);
1745
argv_printf (&a, "foo bar %d", 99);
1746
s = argv_str (&a, &gc, PA_BRACKET);
1750
s = argv_str (&a, &gc, PA_BRACKET);
1754
argv_printf (&a, "foo bar %d", 99);
1755
argv_printf_cat (&a, "bar %d foo", 42);
1756
argv_printf_cat (&a, "cool %s %d u %s/%d end", "frood", 4, "hello", 7);
1757
s = argv_str (&a, &gc, PA_BRACKET);
1761
while (fgets (line, sizeof(line), stdin) != NULL)
1764
const char *f = line;
1767
while ((term = argv_term (&f)) != NULL)
1769
printf ("[%d] '%s'\n", i, term);