diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 07:27:03 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 07:27:03 +0000 |
commit | 5a2e9a2587372aeb4b74fa1aadf53283ed7cae10 (patch) | |
tree | bc79922f81699bc51c2ac047309e6ab594eebcd2 /misc.h | |
parent | Added argv_x functions to buffer.[ch] to be used to safely build (diff) | |
download | openvpn-5a2e9a2587372aeb4b74fa1aadf53283ed7cae10.tar.xz |
Completely revamped the system for calling external programs and scripts:
* All external programs and scripts are now called by execve() on unix and
CreateProcess on Windows.
* The system() function is no longer used.
* Argument lists for external programs and scripts are now built by the new
argv_printf function which natively outputs to string arrays (i.e.
char *argv[] lists), never truncates its output, and eliminates the security
issues inherent in formatting and parsing command lines, and dealing with
argument quoting.
* The --script-security directive has been added to offer policy controls on
OpenVPN's execution of external programs and scripts.
Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | misc.h | 26 |
1 files changed, 18 insertions, 8 deletions
@@ -117,17 +117,15 @@ void warn_if_group_others_accessible(const char* filename); #define S_SCRIPT (1<<0) #define S_FATAL (1<<1) -/* wrapper around the system() call. */ -int openvpn_system (const char *command, const struct env_set *es, unsigned int flags); - -/* interpret the status code returned by system() */ +/* interpret the status code returned by system()/execve() */ bool system_ok(int); int system_executed (int stat); const char *system_error_message (int, struct gc_arena *gc); -/* run system() with error check, return true if success, - false if error, exit if error and fatal==true */ -bool system_check (const char *command, const struct env_set *es, unsigned int flags, const char *error_message); +/* wrapper around the execve() call */ +int openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned int flags); +bool openvpn_execve_check (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message); +bool openvpn_execve_allowed (const unsigned int flags); #ifdef HAVE_STRERROR /* a thread-safe version of strerror */ @@ -184,7 +182,10 @@ void env_set_remove_from_environment (const struct env_set *es); /* Make arrays of strings */ -const char **make_env_array (const struct env_set *es, struct gc_arena *gc); +const char **make_env_array (const struct env_set *es, + const bool check_allowed, + struct gc_arena *gc); + const char **make_arg_array (const char *first, const char *parms, struct gc_arena *gc); const char **make_extended_arg_array (char **p, struct gc_arena *gc); @@ -271,6 +272,9 @@ const char *safe_print (const char *str, struct gc_arena *gc); /* returns true if environmental variable safe to print to log */ bool env_safe_to_print (const char *str); +/* returns true if environmental variable may be passed to an external program */ +bool env_allowed (const char *str); + /* * A sleep function that services the management layer for n * seconds rather than doing nothing. @@ -290,4 +294,10 @@ void get_user_pass_auto_userid (struct user_pass *up, const char *tag); extern const char *iproute_path; #endif +#define SSEC_NONE 0 /* strictly no calling of external programs */ +#define SSEC_BUILT_IN 1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/ +#define SSEC_SCRIPTS 2 /* allow calling of built-in programs and user-defined scripts */ +#define SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */ +extern int script_security; /* GLOBAL */ + #endif |