diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 07:27:03 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 07:27:03 +0000 |
commit | 5a2e9a2587372aeb4b74fa1aadf53283ed7cae10 (patch) | |
tree | bc79922f81699bc51c2ac047309e6ab594eebcd2 /plugin.c | |
parent | Added argv_x functions to buffer.[ch] to be used to safely build (diff) | |
download | openvpn-5a2e9a2587372aeb4b74fa1aadf53283ed7cae10.tar.xz |
Completely revamped the system for calling external programs and scripts:
* All external programs and scripts are now called by execve() on unix and
CreateProcess on Windows.
* The system() function is no longer used.
* Argument lists for external programs and scripts are now built by the new
argv_printf function which natively outputs to string arrays (i.e.
char *argv[] lists), never truncates its output, and eliminates the security
issues inherent in formatting and parsing command lines, and dealing with
argument quoting.
* The --script-security directive has been added to offer policy controls on
OpenVPN's execution of external programs and scripts.
Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | plugin.c | 19 |
1 files changed, 10 insertions, 9 deletions
@@ -327,7 +327,7 @@ static int plugin_call_item (const struct plugin *p, void *per_client_context, const int type, - const char *args, + const struct argv *av, struct openvpn_plugin_string_list **retlist, const char **envp) { @@ -340,18 +340,18 @@ plugin_call_item (const struct plugin *p, if (p->plugin_handle && (p->plugin_type_mask & OPENVPN_PLUGIN_MASK (type))) { struct gc_arena gc = gc_new (); - const char **argv = make_arg_array (p->so_pathname, args, &gc); + struct argv a = argv_insert_head (av, p->so_pathname); dmsg (D_PLUGIN_DEBUG, "PLUGIN_CALL: PRE type=%s", plugin_type_name (type)); - plugin_show_args_env (D_PLUGIN_DEBUG, argv, envp); + plugin_show_args_env (D_PLUGIN_DEBUG, (const char **)a.argv, envp); /* * Call the plugin work function */ if (p->func2) - status = (*p->func2)(p->plugin_handle, type, argv, envp, per_client_context, retlist); + status = (*p->func2)(p->plugin_handle, type, (const char **)a.argv, envp, per_client_context, retlist); else if (p->func1) - status = (*p->func1)(p->plugin_handle, type, argv, envp); + status = (*p->func1)(p->plugin_handle, type, (const char **)a.argv, envp); else ASSERT (0); @@ -366,6 +366,7 @@ plugin_call_item (const struct plugin *p, status, p->so_pathname); + argv_reset (&a); gc_free (&gc); } return status; @@ -482,7 +483,7 @@ plugin_common_open (struct plugin_common *pc, int i; const char **envp; - envp = make_env_array (es, &gc); + envp = make_env_array (es, false, &gc); if (pr) plugin_return_init (pr); @@ -540,7 +541,7 @@ plugin_list_open (struct plugin_list *pl, int plugin_call (const struct plugin_list *pl, const int type, - const char *args, + const struct argv *av, struct plugin_return *pr, struct env_set *es) { @@ -560,14 +561,14 @@ plugin_call (const struct plugin_list *pl, mutex_lock_static (L_PLUGIN); setenv_del (es, "script_type"); - envp = make_env_array (es, &gc); + envp = make_env_array (es, false, &gc); for (i = 0; i < n; ++i) { const int status = plugin_call_item (&pl->common->plugins[i], pl->per_client.per_client_context[i], type, - args, + av, pr ? &pr->list[i] : NULL, envp); switch (status) |