OpenVPN
Main Page
Related Pages
Modules
Namespaces
Namespace List
Namespace Members
All
Functions
Variables
Data Structures
Data Structures
Class Hierarchy
Data Fields
All
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Functions
Variables
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Enumerator
Files
File List
Globals
All
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
Functions
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
Variables
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
q
r
s
t
u
w
x
z
Typedefs
a
b
c
d
e
f
h
i
l
m
n
o
p
s
u
w
Enumerations
_
a
c
d
e
f
g
h
k
m
o
p
r
t
u
v
w
Enumerator
_
a
c
d
e
f
g
i
k
m
o
p
r
s
t
u
v
w
Macros
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
q
r
s
t
u
v
w
x
src
openvpn
run_command.h
Go to the documentation of this file.
1
/*
2
* OpenVPN -- An application to securely tunnel IP networks
3
* over a single TCP/UDP port, with support for SSL/TLS-based
4
* session authentication and key exchange,
5
* packet encryption, packet authentication, and
6
* packet compression.
7
*
8
* Copyright (C) 2002-2024 OpenVPN Technologies, Inc. <sales@openvpn.net>
9
*
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License version 2
12
* as published by the Free Software Foundation.
13
*
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
18
*
19
* You should have received a copy of the GNU General Public License along
20
* with this program; if not, write to the Free Software Foundation, Inc.,
21
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22
*/
23
24
#ifndef RUN_COMMAND_H
25
#define RUN_COMMAND_H
26
27
#include "
basic.h
"
28
#include "
env_set.h
"
29
30
/* Script security */
31
#define SSEC_NONE 0
/* strictly no calling of external programs */
32
#define SSEC_BUILT_IN 1
/* only call built-in programs such as ifconfig, route, netsh, etc.*/
33
#define SSEC_SCRIPTS 2
/* allow calling of built-in programs and user-defined scripts */
34
#define SSEC_PW_ENV 3
/* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */
35
36
#define OPENVPN_EXECVE_ERROR -1
/* generic error while forking to run an external program */
37
#define OPENVPN_EXECVE_NOT_ALLOWED -2
/* external program not run due to script security */
38
#define OPENVPN_EXECVE_FAILURE 127
/* exit code passed back from child when execve fails */
39
40
int
script_security
(
void
);
41
42
void
script_security_set
(
int
level);
43
44
/* openvpn_execve flags */
45
#define S_SCRIPT (1<<0)
46
#define S_FATAL (1<<1)
47
49
#define S_EXITCODE (1<<2)
50
52
#define S_NOWAITPID (1<<3)
53
54
/* wrapper around the execve() call */
55
int
openvpn_popen
(
const
struct
argv
*a,
const
struct
env_set
*
es
);
56
57
bool
openvpn_execve_allowed
(
const
unsigned
int
flags);
58
59
int
openvpn_execve_check
(
const
struct
argv
*a,
const
struct
env_set
*
es
,
60
const
unsigned
int
flags,
const
char
*error_message);
61
62
63
#ifndef WIN32
64
76
bool
77
openvpn_waitpid_check
(pid_t pid,
const
char
*msg_prefix,
78
int
msglevel);
79
80
#endif
81
86
static
inline
int
87
openvpn_run_script
(
const
struct
argv
*a,
const
struct
env_set
*
es
,
88
const
unsigned
int
flags,
const
char
*hook)
89
{
90
char
msg
[256];
91
92
snprintf(
msg
,
sizeof
(
msg
),
93
"WARNING: Failed running command (%s)"
, hook);
94
return
openvpn_execve_check
(a,
es
, flags |
S_SCRIPT
,
msg
);
95
}
96
97
#endif
/* ifndef RUN_COMMAND_H */
argv
Definition:
argv.h:35
es
struct env_set * es
Definition:
test_pkcs11.c:141
openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition:
run_command.h:87
script_security_set
void script_security_set(int level)
Definition:
run_command.c:49
openvpn_execve_check
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition:
run_command.c:238
openvpn_waitpid_check
bool openvpn_waitpid_check(pid_t pid, const char *msg_prefix, int msglevel)
Checks if a running process is still running.
Definition:
run_command.c:111
env_set.h
script_security
int script_security(void)
Definition:
run_command.c:43
openvpn_popen
int openvpn_popen(const struct argv *a, const struct env_set *es)
Definition:
run_command.c:280
env_set
Definition:
env_set.h:42
openvpn_execve_allowed
bool openvpn_execve_allowed(const unsigned int flags)
Definition:
run_command.c:151
basic.h
S_SCRIPT
#define S_SCRIPT
Definition:
run_command.h:45
msg
#define msg(flags,...)
Definition:
error.h:144
Generated by
1.8.17
