Go to the source code of this file.
Macros | |
| #define | SSEC_NONE 0 /* strictly no calling of external programs */ |
| #define | SSEC_BUILT_IN 1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/ |
| #define | SSEC_SCRIPTS 2 /* allow calling of built-in programs and user-defined scripts */ |
| #define | SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */ |
| #define | OPENVPN_EXECVE_ERROR -1 /* generic error while forking to run an external program */ |
| #define | OPENVPN_EXECVE_NOT_ALLOWED -2 /* external program not run due to script security */ |
| #define | OPENVPN_EXECVE_FAILURE 127 /* exit code passed back from child when execve fails */ |
| #define | S_SCRIPT (1<<0) |
| #define | S_FATAL (1<<1) |
| #define | S_EXITCODE (1<<2) |
| Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise. More... | |
Functions | |
| int | script_security (void) |
| void | script_security_set (int level) |
| int | openvpn_popen (const struct argv *a, const struct env_set *es) |
| bool | openvpn_execve_allowed (const unsigned int flags) |
| int | openvpn_execve_check (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message) |
| static int | openvpn_run_script (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook) |
| Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise. More... | |
Macro Definition Documentation
◆ OPENVPN_EXECVE_ERROR
| #define OPENVPN_EXECVE_ERROR -1 /* generic error while forking to run an external program */ |
Definition at line 36 of file run_command.h.
◆ OPENVPN_EXECVE_FAILURE
| #define OPENVPN_EXECVE_FAILURE 127 /* exit code passed back from child when execve fails */ |
Definition at line 38 of file run_command.h.
◆ OPENVPN_EXECVE_NOT_ALLOWED
| #define OPENVPN_EXECVE_NOT_ALLOWED -2 /* external program not run due to script security */ |
Definition at line 37 of file run_command.h.
◆ S_EXITCODE
| #define S_EXITCODE (1<<2) |
Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise.
Definition at line 49 of file run_command.h.
◆ S_FATAL
| #define S_FATAL (1<<1) |
Definition at line 46 of file run_command.h.
◆ S_SCRIPT
| #define S_SCRIPT (1<<0) |
Definition at line 45 of file run_command.h.
◆ SSEC_BUILT_IN
| #define SSEC_BUILT_IN 1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/ |
Definition at line 32 of file run_command.h.
◆ SSEC_NONE
| #define SSEC_NONE 0 /* strictly no calling of external programs */ |
Definition at line 31 of file run_command.h.
◆ SSEC_PW_ENV
| #define SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */ |
Definition at line 34 of file run_command.h.
◆ SSEC_SCRIPTS
| #define SSEC_SCRIPTS 2 /* allow calling of built-in programs and user-defined scripts */ |
Definition at line 33 of file run_command.h.
Function Documentation
◆ openvpn_execve_allowed()
| bool openvpn_execve_allowed | ( | const unsigned int | flags | ) |
Definition at line 110 of file run_command.c.
References S_SCRIPT, script_security(), SSEC_BUILT_IN, and SSEC_SCRIPTS.
Referenced by openvpn_execve().
◆ openvpn_execve_check()
| int openvpn_execve_check | ( | const struct argv * | a, |
| const struct env_set * | es, | ||
| const unsigned int | flags, | ||
| const char * | error_message | ||
| ) |
Definition at line 193 of file run_command.c.
References es, gc_free(), gc_new(), M_FATAL, M_WARN, msg, openvpn_execve(), platform_ret_code(), platform_system_ok(), S_EXITCODE, S_FATAL, and system_error_message().
Referenced by add_route(), add_route_ipv6(), cleanup(), delete_route(), delete_route_ipv6(), do_ifconfig_ipv4(), do_ifconfig_ipv6(), exec_command(), init(), ipconfig_register_dns(), openvpn_run_script(), set_lladdr(), undo_ifconfig_ipv4(), and undo_ifconfig_ipv6().
◆ openvpn_popen()
Definition at line 230 of file run_command.c.
References argv::argv, es, gc_free(), gc_new(), M_ERR, M_FATAL, M_WARN, make_env_array(), msg, OPENVPN_EXECVE_FAILURE, script_security(), SCRIPT_SECURITY_WARNING, SSEC_BUILT_IN, SSEC_SCRIPTS, and status.
◆ openvpn_run_script()
|
inlinestatic |
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition at line 64 of file run_command.h.
References es, msg, openvpn_execve_check(), openvpn_snprintf(), and S_SCRIPT.
Referenced by do_route(), learn_address_script(), link_socket_connection_initiated(), multi_client_connect_call_script(), multi_client_disconnect_script(), run_up_down(), tls_crypt_v2_verify_metadata(), verify_cert_call_command(), verify_crresponse_script(), and verify_user_pass_script().
◆ script_security()
| int script_security | ( | void | ) |
Definition at line 43 of file run_command.c.
References script_security_level.
Referenced by do_option_warnings(), env_allowed(), openvpn_execve(), openvpn_execve_allowed(), and openvpn_popen().
◆ script_security_set()
| void script_security_set | ( | int | level | ) |
Definition at line 49 of file run_command.c.
References script_security_level.
Referenced by add_option().
