Go to the documentation of this file.
26 #elif defined(_MSC_VER)
67 buf_printf(&out,
"disallowed by script-security setting");
72 buf_printf(&out,
"external program did not execute -- ");
76 buf_printf(&out,
"returned error code %d", stat);
81 buf_printf(&out,
"external program fork failed");
87 buf_printf(&out,
"external program did not exit normally");
91 const int cmd_ret = WEXITSTATUS(stat);
94 buf_printf(&out,
"external program exited normally");
98 buf_printf(&out,
"could not execute external program");
102 buf_printf(&out,
"external program exited with error status: %d", cmd_ret);
108 return (
const char *)out.
data;
138 static bool warn_shown =
false;
142 #if defined(ENABLE_FEATURE_EXECVE)
145 const char *cmd = a->
argv[0];
153 execve(cmd,
argv, envp);
156 else if (pid < (pid_t)0)
158 msg(
M_ERR,
"openvpn_execve: unable to fork");
162 if (waitpid(pid, &ret, 0) != pid)
178 msg(
M_WARN,
"openvpn_execve: execve function not available");
183 msg(
M_FATAL,
"openvpn_execve: called with empty argv");
239 #if defined(ENABLE_FEATURE_EXECVE)
240 static bool warn_shown =
false;
243 const char *cmd = a->
argv[0];
249 if (pipe(pipe_stdout) == 0)
254 close(pipe_stdout[0]);
255 dup2(pipe_stdout[1], 1);
256 execve(cmd,
argv, envp);
259 else if (pid > (pid_t)0)
263 close(pipe_stdout[1]);
265 ret = pipe_stdout[0];
269 close(pipe_stdout[0]);
270 close(pipe_stdout[1]);
271 msg(
M_ERR,
"openvpn_popen: unable to fork %s", cmd);
276 msg(
M_WARN,
"openvpn_popen: unable to create stdout pipe for %s", cmd);
286 msg(
M_WARN,
"openvpn_popen: execve function not available");
291 msg(
M_FATAL,
"openvpn_popen: called with empty argv");
static struct gc_arena gc_new(void)
void script_security_set(int level)
#define OPENVPN_EXECVE_ERROR
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
static const char * system_error_message(int stat, struct gc_arena *gc)
#define OPENVPN_EXECVE_NOT_ALLOWED
static int script_security_level
Wrapper structure for dynamically allocated memory.
Garbage collection arena used to keep track of dynamically allocated memory.
bool openvpn_execve_allowed(const unsigned int flags)
#define S_EXITCODE
Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise.
static SERVICE_STATUS status
static void gc_free(struct gc_arena *a)
int openvpn_popen(const struct argv *a, const struct env_set *es)
#define SCRIPT_SECURITY_WARNING
#define OPENVPN_EXECVE_FAILURE
const char ** make_env_array(const struct env_set *es, const bool check_allowed, struct gc_arena *gc)
bool buf_printf(struct buffer *buf, const char *format,...)
int openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags)
int script_security(void)
uint8_t * data
Pointer to the allocated memory.