diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 07:27:03 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 07:27:03 +0000 |
| commit | 5a2e9a2587372aeb4b74fa1aadf53283ed7cae10 (patch) | |
| tree | bc79922f81699bc51c2ac047309e6ab594eebcd2 /ssl.c | |
| parent | Added argv_x functions to buffer.[ch] to be used to safely build (diff) | |
| download | openvpn-5a2e9a2587372aeb4b74fa1aadf53283ed7cae10.tar.xz | |
Completely revamped the system for calling external programs and scripts:
* All external programs and scripts are now called by execve() on unix and
CreateProcess on Windows.
* The system() function is no longer used.
* Argument lists for external programs and scripts are now built by the new
argv_printf function which natively outputs to string arrays (i.e.
char *argv[] lists), never truncates its output, and eliminates the security
issues inherent in formatting and parsing command lines, and dealing with
argument quoting.
* The --script-security directive has been added to offer policy controls on
OpenVPN's execution of external programs and scripts.
Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.c')
| -rw-r--r-- | ssl.c | 40 |
1 files changed, 19 insertions, 21 deletions
@@ -544,6 +544,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) struct tls_session *session; const struct tls_options *opt; const int max_depth = 8; + struct argv argv = argv_new (); /* get the tls_session pointer */ ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); @@ -689,16 +690,13 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) /* call --tls-verify plug-in(s) */ if (plugin_defined (opt->plugins, OPENVPN_PLUGIN_TLS_VERIFY)) { - char command[256]; - struct buffer out; int ret; - buf_set_write (&out, (uint8_t*)command, sizeof (command)); - buf_printf (&out, "%d %s", - ctx->error_depth, - subject); + argv_printf (&argv, "%d %s", + ctx->error_depth, + subject); - ret = plugin_call (opt->plugins, OPENVPN_PLUGIN_TLS_VERIFY, command, NULL, opt->es); + ret = plugin_call (opt->plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, opt->es); if (ret == OPENVPN_PLUGIN_FUNC_SUCCESS) { @@ -716,19 +714,16 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) /* run --tls-verify script */ if (opt->verify_command) { - char command[256]; - struct buffer out; int ret; setenv_str (opt->es, "script_type", "tls-verify"); - buf_set_write (&out, (uint8_t*)command, sizeof (command)); - buf_printf (&out, "%s %d %s", - opt->verify_command, - ctx->error_depth, - subject); - dmsg (D_TLS_DEBUG, "TLS: executing verify command: %s", command); - ret = openvpn_system (command, opt->es, S_SCRIPT); + argv_printf (&argv, "%s %d %s", + opt->verify_command, + ctx->error_depth, + subject); + argv_msg_prefix (D_TLS_DEBUG, &argv, "TLS: executing verify command"); + ret = openvpn_execve (&argv, opt->es, S_SCRIPT); if (system_ok (ret)) { @@ -738,7 +733,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) else { if (!system_executed (ret)) - msg (M_ERR, "Verify command failed to execute: %s", command); + argv_msg_prefix (M_ERR, &argv, "Verify command failed to execute"); msg (D_HANDSHAKE, "VERIFY SCRIPT ERROR: depth=%d, %s", ctx->error_depth, subject); goto err; /* Reject connection */ @@ -801,11 +796,13 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) session->verified = true; free (subject); + argv_reset (&argv); return 1; /* Accept connection */ err: ERR_clear_error (); free (subject); + argv_reset (&argv); return 0; /* Reject connection */ } @@ -2901,7 +2898,7 @@ static bool verify_user_pass_script (struct tls_session *session, const struct user_pass *up) { struct gc_arena gc = gc_new (); - struct buffer cmd = alloc_buf_gc (256, &gc); + struct argv argv = argv_new (); const char *tmp_file = ""; int retval; bool ret = false; @@ -2940,16 +2937,16 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up setenv_untrusted (session); /* format command line */ - buf_printf (&cmd, "%s %s", session->opt->auth_user_pass_verify_script, tmp_file); + argv_printf (&argv, "%s %s", session->opt->auth_user_pass_verify_script, tmp_file); /* call command */ - retval = openvpn_system (BSTR (&cmd), session->opt->es, S_SCRIPT); + retval = openvpn_execve (&argv, session->opt->es, S_SCRIPT); /* test return status of command */ if (system_ok (retval)) ret = true; else if (!system_executed (retval)) - msg (D_TLS_ERRORS, "TLS Auth Error: user-pass-verify script failed to execute: %s", BSTR (&cmd)); + argv_msg_prefix (D_TLS_ERRORS, &argv, "TLS Auth Error: user-pass-verify script failed to execute"); if (!session->opt->auth_user_pass_verify_script_via_file) setenv_del (session->opt->es, "password"); @@ -2963,6 +2960,7 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up if (strlen (tmp_file) > 0) delete_file (tmp_file); + argv_reset (&argv); gc_free (&gc); return ret; } |