aboutsummaryrefslogtreecommitdiff
path: root/plugin.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-26 07:27:03 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-26 07:27:03 +0000
commit5a2e9a2587372aeb4b74fa1aadf53283ed7cae10 (patch)
treebc79922f81699bc51c2ac047309e6ab594eebcd2 /plugin.c
parentAdded argv_x functions to buffer.[ch] to be used to safely build (diff)
downloadopenvpn-5a2e9a2587372aeb4b74fa1aadf53283ed7cae10.tar.xz
Completely revamped the system for calling external programs and scripts:
* All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--plugin.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/plugin.c b/plugin.c
index 432ed23..eac301e 100644
--- a/plugin.c
+++ b/plugin.c
@@ -327,7 +327,7 @@ static int
plugin_call_item (const struct plugin *p,
void *per_client_context,
const int type,
- const char *args,
+ const struct argv *av,
struct openvpn_plugin_string_list **retlist,
const char **envp)
{
@@ -340,18 +340,18 @@ plugin_call_item (const struct plugin *p,
if (p->plugin_handle && (p->plugin_type_mask & OPENVPN_PLUGIN_MASK (type)))
{
struct gc_arena gc = gc_new ();
- const char **argv = make_arg_array (p->so_pathname, args, &gc);
+ struct argv a = argv_insert_head (av, p->so_pathname);
dmsg (D_PLUGIN_DEBUG, "PLUGIN_CALL: PRE type=%s", plugin_type_name (type));
- plugin_show_args_env (D_PLUGIN_DEBUG, argv, envp);
+ plugin_show_args_env (D_PLUGIN_DEBUG, (const char **)a.argv, envp);
/*
* Call the plugin work function
*/
if (p->func2)
- status = (*p->func2)(p->plugin_handle, type, argv, envp, per_client_context, retlist);
+ status = (*p->func2)(p->plugin_handle, type, (const char **)a.argv, envp, per_client_context, retlist);
else if (p->func1)
- status = (*p->func1)(p->plugin_handle, type, argv, envp);
+ status = (*p->func1)(p->plugin_handle, type, (const char **)a.argv, envp);
else
ASSERT (0);
@@ -366,6 +366,7 @@ plugin_call_item (const struct plugin *p,
status,
p->so_pathname);
+ argv_reset (&a);
gc_free (&gc);
}
return status;
@@ -482,7 +483,7 @@ plugin_common_open (struct plugin_common *pc,
int i;
const char **envp;
- envp = make_env_array (es, &gc);
+ envp = make_env_array (es, false, &gc);
if (pr)
plugin_return_init (pr);
@@ -540,7 +541,7 @@ plugin_list_open (struct plugin_list *pl,
int
plugin_call (const struct plugin_list *pl,
const int type,
- const char *args,
+ const struct argv *av,
struct plugin_return *pr,
struct env_set *es)
{
@@ -560,14 +561,14 @@ plugin_call (const struct plugin_list *pl,
mutex_lock_static (L_PLUGIN);
setenv_del (es, "script_type");
- envp = make_env_array (es, &gc);
+ envp = make_env_array (es, false, &gc);
for (i = 0; i < n; ++i)
{
const int status = plugin_call_item (&pl->common->plugins[i],
pl->per_client.per_client_context[i],
type,
- args,
+ av,
pr ? &pr->list[i] : NULL,
envp);
switch (status)