OpenVPN
Macros | Functions
run_command.h File Reference
#include "basic.h"
#include "env_set.h"
Include dependency graph for run_command.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define SSEC_NONE   0 /* strictly no calling of external programs */
 
#define SSEC_BUILT_IN   1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/
 
#define SSEC_SCRIPTS   2 /* allow calling of built-in programs and user-defined scripts */
 
#define SSEC_PW_ENV   3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */
 
#define OPENVPN_EXECVE_ERROR   -1 /* generic error while forking to run an external program */
 
#define OPENVPN_EXECVE_NOT_ALLOWED   -2 /* external program not run due to script security */
 
#define OPENVPN_EXECVE_FAILURE   127 /* exit code passed back from child when execve fails */
 
#define S_SCRIPT   (1<<0)
 
#define S_FATAL   (1<<1)
 
#define S_EXITCODE   (1<<2)
 Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise.
 
#define S_NOWAITPID   (1<<3)
 instead of waiting for child process to exit and report the status, return the pid of the child process
 

Functions

int script_security (void)
 
void script_security_set (int level)
 
int openvpn_popen (const struct argv *a, const struct env_set *es)
 
bool openvpn_execve_allowed (const unsigned int flags)
 
int openvpn_execve_check (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
 
bool openvpn_waitpid_check (pid_t pid, const char *msg_prefix, int msglevel)
 Checks if a running process is still running.
 
static int openvpn_run_script (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
 Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
 

Macro Definition Documentation

◆ OPENVPN_EXECVE_ERROR

#define OPENVPN_EXECVE_ERROR   -1 /* generic error while forking to run an external program */

Definition at line 36 of file run_command.h.

◆ OPENVPN_EXECVE_FAILURE

#define OPENVPN_EXECVE_FAILURE   127 /* exit code passed back from child when execve fails */

Definition at line 38 of file run_command.h.

◆ OPENVPN_EXECVE_NOT_ALLOWED

#define OPENVPN_EXECVE_NOT_ALLOWED   -2 /* external program not run due to script security */

Definition at line 37 of file run_command.h.

◆ S_EXITCODE

#define S_EXITCODE   (1<<2)

Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise.

Definition at line 49 of file run_command.h.

◆ S_FATAL

#define S_FATAL   (1<<1)

Definition at line 46 of file run_command.h.

◆ S_NOWAITPID

#define S_NOWAITPID   (1<<3)

instead of waiting for child process to exit and report the status, return the pid of the child process

Definition at line 52 of file run_command.h.

◆ S_SCRIPT

#define S_SCRIPT   (1<<0)

Definition at line 45 of file run_command.h.

◆ SSEC_BUILT_IN

#define SSEC_BUILT_IN   1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/

Definition at line 32 of file run_command.h.

◆ SSEC_NONE

#define SSEC_NONE   0 /* strictly no calling of external programs */

Definition at line 31 of file run_command.h.

◆ SSEC_PW_ENV

#define SSEC_PW_ENV   3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */

Definition at line 34 of file run_command.h.

◆ SSEC_SCRIPTS

#define SSEC_SCRIPTS   2 /* allow calling of built-in programs and user-defined scripts */

Definition at line 33 of file run_command.h.

Function Documentation

◆ openvpn_execve_allowed()

bool openvpn_execve_allowed ( const unsigned int  flags)

Definition at line 151 of file run_command.c.

References S_SCRIPT, script_security(), SSEC_BUILT_IN, and SSEC_SCRIPTS.

Referenced by openvpn_execve().

◆ openvpn_execve_check()

int openvpn_execve_check ( const struct argv a,
const struct env_set es,
const unsigned int  flags,
const char *  error_message 
)

Definition at line 238 of file run_command.c.

References es, gc, gc_free(), gc_new(), M_FATAL, M_WARN, msg, openvpn_execve(), platform_ret_code(), platform_system_ok(), S_EXITCODE, S_FATAL, S_NOWAITPID, and system_error_message().

Referenced by add_route(), add_route_ipv6(), cleanup(), delete_route(), delete_route_ipv6(), do_ifconfig_ipv4(), do_ifconfig_ipv6(), exec_command(), init(), ipconfig_register_dns(), openvpn_run_script(), set_lladdr(), tun_afunix_exec_child(), undo_ifconfig_ipv4(), and undo_ifconfig_ipv6().

◆ openvpn_popen()

int openvpn_popen ( const struct argv a,
const struct env_set es 
)

Definition at line 280 of file run_command.c.

References argv::argv, es, gc, gc_free(), gc_new(), M_ERR, M_FATAL, M_WARN, make_env_array(), msg, OPENVPN_EXECVE_FAILURE, script_security(), SCRIPT_SECURITY_WARNING, SSEC_BUILT_IN, SSEC_SCRIPTS, and status.

◆ openvpn_run_script()

static int openvpn_run_script ( const struct argv a,
const struct env_set es,
const unsigned int  flags,
const char *  hook 
)
inlinestatic

Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.

Definition at line 87 of file run_command.h.

References es, msg, openvpn_execve_check(), and S_SCRIPT.

Referenced by do_route(), learn_address_script(), link_socket_connection_initiated(), multi_client_connect_call_script(), multi_client_disconnect_script(), run_up_down(), tls_crypt_v2_verify_metadata(), verify_cert_call_command(), verify_crresponse_script(), and verify_user_pass_script().

◆ openvpn_waitpid_check()

bool openvpn_waitpid_check ( pid_t  pid,
const char *  msg_prefix,
int  msglevel 
)

Checks if a running process is still running.

This is mainly useful for processes started with S_NOWAITPID

This function is currently not implemented for Windows as the helper macros used by this function are not available.

Parameters
pidpid of the process to be checked
msg_prefixprefixed of the message that be printed
msglevelmsglevel of the messages to be printed
Returns
true if the process is still running, false if an error condition occurred

Definition at line 111 of file run_command.c.

References buffer::len, msg, OPENVPN_EXECVE_FAILURE, and status.

Referenced by read_tun_afunix(), tun_afunix_exec_child(), and write_tun_afunix().

◆ script_security()

int script_security ( void  )

Definition at line 43 of file run_command.c.

References script_security_level.

Referenced by do_option_warnings(), env_allowed(), openvpn_execve(), openvpn_execve_allowed(), and openvpn_popen().

◆ script_security_set()

void script_security_set ( int  level)

Definition at line 49 of file run_command.c.

References script_security_level.

Referenced by add_option().

Generated by doxygen 1.9.8