OpenVPN
run_command.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2024 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24#ifndef RUN_COMMAND_H
25#define RUN_COMMAND_H
26
27#include "basic.h"
28#include "env_set.h"
29
30/* Script security */
31#define SSEC_NONE 0 /* strictly no calling of external programs */
32#define SSEC_BUILT_IN 1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/
33#define SSEC_SCRIPTS 2 /* allow calling of built-in programs and user-defined scripts */
34#define SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */
35
36#define OPENVPN_EXECVE_ERROR -1 /* generic error while forking to run an external program */
37#define OPENVPN_EXECVE_NOT_ALLOWED -2 /* external program not run due to script security */
38#define OPENVPN_EXECVE_FAILURE 127 /* exit code passed back from child when execve fails */
39
40int script_security(void);
41
42void script_security_set(int level);
43
44/* openvpn_execve flags */
45#define S_SCRIPT (1<<0)
46#define S_FATAL (1<<1)
49#define S_EXITCODE (1<<2)
52#define S_NOWAITPID (1<<3)
53
54/* wrapper around the execve() call */
55int openvpn_popen(const struct argv *a, const struct env_set *es);
56
57bool openvpn_execve_allowed(const unsigned int flags);
58
59int openvpn_execve_check(const struct argv *a, const struct env_set *es,
60 const unsigned int flags, const char *error_message);
61
62
63#ifndef WIN32
76bool
77openvpn_waitpid_check(pid_t pid, const char *msg_prefix,
78 int msglevel);
79
80#endif
81
86static inline int
87openvpn_run_script(const struct argv *a, const struct env_set *es,
88 const unsigned int flags, const char *hook)
89{
90 char msg[256];
91
92 snprintf(msg, sizeof(msg),
93 "WARNING: Failed running command (%s)", hook);
94 return openvpn_execve_check(a, es, flags | S_SCRIPT, msg);
95}
96
97#endif /* ifndef RUN_COMMAND_H */
env_set.h
msg
#define msg(flags,...)
Definition error.h:144
openvpn_execve_allowed
bool openvpn_execve_allowed(const unsigned int flags)
Definition run_command.c:151
script_security_set
void script_security_set(int level)
Definition run_command.c:49
openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition run_command.h:87
S_SCRIPT
#define S_SCRIPT
Definition run_command.h:45
openvpn_popen
int openvpn_popen(const struct argv *a, const struct env_set *es)
Definition run_command.c:280
openvpn_waitpid_check
bool openvpn_waitpid_check(pid_t pid, const char *msg_prefix, int msglevel)
Checks if a running process is still running.
Definition run_command.c:111
openvpn_execve_check
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition run_command.c:238
script_security
int script_security(void)
Definition run_command.c:43
argv
Definition argv.h:35
env_set
Definition env_set.h:42
es
struct env_set * es
Definition test_pkcs11.c:141
Generated by doxygen 1.9.8