35 L
"management-forget-disconnect",
37 L
"management-query-passwords",
38 L
"management-query-proxy",
40 L
"management-up-down",
51static BOOL
IsUserInGroup(PSID sid,
const PTOKEN_GROUPS groups,
const WCHAR *group_name);
63 const WCHAR *config_file = NULL;
64 const WCHAR *config_dir = NULL;
67 if (PathIsRelativeW(fname))
69 swprintf(tmp, _countof(tmp), L
"%ls\\%ls", workdir, fname);
79 if (wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
80 && wcsstr(config_file + wcslen(config_dir), L
"..") == NULL)
117 PSID admin_sid = NULL;
118 DWORD sid_size = SECURITY_MAX_SID_SIZE;
122 DWORD dlen = _countof(domain);
124 admin_sid = malloc(sid_size);
130 b = CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
133 b = LookupAccountSidW(NULL, admin_sid, name, &nlen, domain, &dlen, &snu);
143 const WCHAR *ovpn_service_user)
145 const WCHAR *admin_group[2];
151 SID_NAME_USE sid_type;
154 if (!LookupAccountSidW(NULL, sid, username, &len, domain, &len, &sid_type))
163 if ((wcscmp(username, ovpn_service_user) == 0) && (wcscmp(domain, L
"NT SERVICE") == 0))
170 admin_group[0] = sysadmin_group;
175 L
"Failed to get the name of Administrators group. Using the default.");
179 admin_group[1] = ovpn_admin_group;
182 for (
int i = 0;
i < 2; ++
i)
188 L
"Authorizing user '%ls@%ls' by virtue of membership in group '%ls'",
189 username, domain, admin_group[
i]);
207 PTOKEN_GROUPS groups = NULL;
210 if (!GetTokenInformation(token, TokenGroups, groups, buf_size, &buf_size)
211 && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
213 groups = malloc(buf_size);
219 else if (!GetTokenInformation(token, TokenGroups, groups, buf_size, &buf_size))
239 DWORD dlen = _countof(domain);
241 if (!LookupAccountName(NULL, name, sid, &sid_size, domain, &dlen, &su))
261IsUserInGroup(PSID sid,
const PTOKEN_GROUPS token_groups,
const WCHAR *group_name)
264 DWORD_PTR resume = 0;
266 BYTE grp_sid[SECURITY_MAX_SID_SIZE];
270 if (token_groups &&
LookupSID(group_name, (PSID)grp_sid, _countof(grp_sid)))
272 for (DWORD
i = 0;
i < token_groups->GroupCount; ++
i)
274 if (EqualSid((PSID)grp_sid, token_groups->Groups[
i].Sid))
289 LOCALGROUP_MEMBERS_INFO_0 *members = NULL;
290 err = NetLocalGroupGetMembers(NULL, group_name, 0, (LPBYTE *)&members, MAX_PREFERRED_LENGTH,
291 &nread, &nmax, &resume);
292 if ((err != NERR_Success && err != ERROR_MORE_DATA))
297 for (DWORD
i = 0;
i < nread && !ret; ++
i)
299 ret = EqualSid(members[
i].lgrmi0_sid, sid);
301 NetApiBufferFree(members);
303 }
while (err == ERROR_MORE_DATA && nloop++ < 100);
305 if (err != NERR_Success && err != NERR_GroupNotFound)
DWORD MsgToEventLog(DWORD flags, LPCWSTR format,...)
WCHAR config_dir[MAX_PATH]
static BOOL CheckConfigPath(const WCHAR *workdir, const WCHAR *fname, const settings_t *s)
static const WCHAR * white_list[]
static int OptionLookup(const WCHAR *name, const WCHAR *white_list[])
BOOL IsAuthorizedUser(PSID sid, const HANDLE token, const WCHAR *ovpn_admin_group, const WCHAR *ovpn_service_user)
static BOOL IsUserInGroup(PSID sid, const PTOKEN_GROUPS groups, const WCHAR *group_name)
User is in group if the token groups contain the SID of the group of if the user is a direct member o...
static BOOL LookupSID(const WCHAR *name, PSID sid, DWORD sid_size)
BOOL CheckOption(const WCHAR *workdir, int argc, WCHAR *argv[], const settings_t *s)
static BOOL GetBuiltinAdminGroupName(WCHAR *name, DWORD nlen)
static PTOKEN_GROUPS GetTokenGroups(const HANDLE token)
Get a list of groups in token.
#define SYSTEM_ADMIN_GROUP