openvpn/run__command_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2002-2025 OpenVPN Technologies, Inc. <sales@openvpn.net>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, see <https://www.gnu.org/licenses/>.

 */


#ifndef RUN_COMMAND_H

#define RUN_COMMAND_H


#include "basic.h"

#include "env_set.h"


/* Script security */

#define SSEC_NONE     0

#define SSEC_BUILT_IN 1

#define SSEC_SCRIPTS  2

#define SSEC_PW_ENV   3


#define OPENVPN_EXECVE_ERROR       -1  /* generic error while forking to run an external program */

#define OPENVPN_EXECVE_NOT_ALLOWED -2  /* external program not run due to script security */

#define OPENVPN_EXECVE_FAILURE     127 /* exit code passed back from child when execve fails */


int script_security(void);


void script_security_set(int level);


/* openvpn_execve flags */

#define S_SCRIPT    (1 << 0)

#define S_FATAL     (1 << 1)

#define S_EXITCODE  (1 << 2)

#define S_NOWAITPID (1 << 3)


/* wrapper around the execve() call */

int openvpn_popen(const struct argv *a, const struct env_set *es);


bool openvpn_execve_allowed(const unsigned int flags);


int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags,

                         const char *error_message);


#ifndef WIN32

bool openvpn_waitpid_check(pid_t pid, const char *msg_prefix, int msglevel);


#endif


static inline int


openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags,

                   const char *hook)

{

    char msg[256];


    snprintf(msg, sizeof(msg), "WARNING: Failed running command (%s)", hook);

    return openvpn_execve_check(a, es, flags | S_SCRIPT, msg);

}


#endif /* ifndef RUN_COMMAND_H */

env_set.h

msg
#define msg(flags,...)
Definition error.h:150

openvpn_execve_allowed
bool openvpn_execve_allowed(const unsigned int flags)
Definition run_command.c:146

script_security_set
void script_security_set(int level)
Definition run_command.c:48

openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition run_command.h:89

S_SCRIPT
#define S_SCRIPT
Definition run_command.h:49

openvpn_popen
int openvpn_popen(const struct argv *a, const struct env_set *es)
Definition run_command.c:275

openvpn_waitpid_check
bool openvpn_waitpid_check(pid_t pid, const char *msg_prefix, int msglevel)
Checks if a running process is still running.
Definition run_command.c:110

openvpn_execve_check
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition run_command.c:233

script_security
int script_security(void)
Definition run_command.c:42

argv
Definition argv.h:35

env_set
Definition env_set.h:43

basic.h

es
struct env_set * es
Definition test_pkcs11.c:138