OpenVPN
run_command.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifndef RUN_COMMAND_H
24#define RUN_COMMAND_H
25
26#include "basic.h"
27#include "env_set.h"
28
29/* Script security */
31#define SSEC_NONE 0
33#define SSEC_BUILT_IN 1
35#define SSEC_SCRIPTS 2
38#define SSEC_PW_ENV 3
39
40#define OPENVPN_EXECVE_ERROR -1 /* generic error while forking to run an external program */
41#define OPENVPN_EXECVE_NOT_ALLOWED -2 /* external program not run due to script security */
42#define OPENVPN_EXECVE_FAILURE 127 /* exit code passed back from child when execve fails */
43
44int script_security(void);
45
46void script_security_set(int level);
47
48/* openvpn_execve flags */
49#define S_SCRIPT (1 << 0)
50#define S_FATAL (1 << 1)
53#define S_EXITCODE (1 << 2)
56#define S_NOWAITPID (1 << 3)
57
58/* wrapper around the execve() call */
59int openvpn_popen(const struct argv *a, const struct env_set *es);
60
61bool openvpn_execve_allowed(const unsigned int flags);
62
63int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags,
64 const char *error_message);
65
66
67#ifndef WIN32
80bool openvpn_waitpid_check(pid_t pid, const char *msg_prefix, int msglevel);
81
82#endif
83
88static inline int
89openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags,
90 const char *hook)
91{
92 char msg[256];
93
94 snprintf(msg, sizeof(msg), "WARNING: Failed running command (%s)", hook);
95 return openvpn_execve_check(a, es, flags | S_SCRIPT, msg);
96}
97
98#endif /* ifndef RUN_COMMAND_H */
#define msg(flags,...)
Definition error.h:150
bool openvpn_execve_allowed(const unsigned int flags)
void script_security_set(int level)
Definition run_command.c:48
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition run_command.h:89
#define S_SCRIPT
Definition run_command.h:49
int openvpn_popen(const struct argv *a, const struct env_set *es)
bool openvpn_waitpid_check(pid_t pid, const char *msg_prefix, int msglevel)
Checks if a running process is still running.
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
int script_security(void)
Definition run_command.c:42
Definition argv.h:35
struct env_set * es