Browse code
Revamped the script-security warning logging (version 2)
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING
over and over again, in addition to not show this warning when it should not
be a problem. This general warning should now only appear once, and only when
--script-security is not set, 0 or 1. In all other cases this warning should
not appear.
In addition, this warning will come close to the script-hook which most probably
will fail. It will also give a little bit more concrete hint on which script-hook
which failed. If --script-security is 2 or 3, only the execve failure itself will
be shown. This message will on the other hand be shown repeatedly.
This is a new rewritten version which simplifies the implementaion of the new
openvpn_run_script() function. It was considered to remove it completely, but
due to code clearity and easy of use it was decided to make this function a static
inline function instead. Anyhow, this function will enforce openvpn_execve_check()
to be called with the S_SCRIPT flag.
Patch ACKed on the developers meeting 2009-04-29.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>
David Sommerseth authored on 2010/04/30 06:35:45Showing 8 changed files
| ... | ... |
@@ -90,6 +90,6 @@ typedef unsigned long ptr_type; |
| 90 | 90 |
/* |
| 91 | 91 |
* Script security warning |
| 92 | 92 |
*/ |
| 93 |
-#define SCRIPT_SECURITY_WARNING "openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info." |
|
| 93 |
+#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info." |
|
| 94 | 94 |
|
| 95 | 95 |
#endif |
| ... | ... |
@@ -975,7 +975,7 @@ do_route (const struct options *options, |
| 975 | 975 |
struct argv argv = argv_new (); |
| 976 | 976 |
setenv_str (es, "script_type", "route-up"); |
| 977 | 977 |
argv_printf (&argv, "%sc", options->route_script); |
| 978 |
- openvpn_execve_check (&argv, es, S_SCRIPT, "Route script failed"); |
|
| 978 |
+ openvpn_run_script (&argv, es, 0, "--route-up"); |
|
| 979 | 979 |
argv_reset (&argv); |
| 980 | 980 |
} |
| 981 | 981 |
|
| ... | ... |
@@ -230,7 +230,7 @@ run_up_down (const char *command, |
| 230 | 230 |
ifconfig_local, ifconfig_remote, |
| 231 | 231 |
context); |
| 232 | 232 |
argv_msg (M_INFO, &argv); |
| 233 |
- openvpn_execve_check (&argv, es, S_SCRIPT|S_FATAL, "script failed"); |
|
| 233 |
+ openvpn_run_script (&argv, es, S_FATAL, "--up/--down"); |
|
| 234 | 234 |
argv_reset (&argv); |
| 235 | 235 |
} |
| 236 | 236 |
|
| ... | ... |
@@ -493,6 +493,7 @@ openvpn_execve_allowed (const unsigned int flags) |
| 493 | 493 |
return script_security >= SSEC_BUILT_IN; |
| 494 | 494 |
} |
| 495 | 495 |
|
| 496 |
+ |
|
| 496 | 497 |
#ifndef WIN32 |
| 497 | 498 |
/* |
| 498 | 499 |
* Run execve() inside a fork(). Designed to replicate the semantics of system() but |
| ... | ... |
@@ -504,6 +505,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i |
| 504 | 504 |
{
|
| 505 | 505 |
struct gc_arena gc = gc_new (); |
| 506 | 506 |
int ret = -1; |
| 507 |
+ static bool warn_shown = false; |
|
| 507 | 508 |
|
| 508 | 509 |
if (a && a->argv[0]) |
| 509 | 510 |
{
|
| ... | ... |
@@ -540,9 +542,10 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i |
| 540 | 540 |
ASSERT (0); |
| 541 | 541 |
} |
| 542 | 542 |
} |
| 543 |
- else |
|
| 543 |
+ else if (!warn_shown && (script_security < SSEC_SCRIPTS)) |
|
| 544 | 544 |
{
|
| 545 | 545 |
msg (M_WARN, SCRIPT_SECURITY_WARNING); |
| 546 |
+ warn_shown = true; |
|
| 546 | 547 |
} |
| 547 | 548 |
#else |
| 548 | 549 |
msg (M_WARN, "openvpn_execve: execve function not available"); |
| ... | ... |
@@ -136,6 +136,15 @@ bool openvpn_execve_check (const struct argv *a, const struct env_set *es, const |
| 136 | 136 |
bool openvpn_execve_allowed (const unsigned int flags); |
| 137 | 137 |
int openvpn_system (const char *command, const struct env_set *es, unsigned int flags); |
| 138 | 138 |
|
| 139 |
+static inline bool |
|
| 140 |
+openvpn_run_script (const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook) |
|
| 141 |
+{
|
|
| 142 |
+ char msg[256]; |
|
| 143 |
+ |
|
| 144 |
+ openvpn_snprintf(msg, sizeof(msg), "WARNING: Failed running command (%s)", hook); |
|
| 145 |
+ return openvpn_execve_check(a, es, flags | S_SCRIPT, msg); |
|
| 146 |
+}; |
|
| 147 |
+ |
|
| 139 | 148 |
#ifdef HAVE_STRERROR |
| 140 | 149 |
/* a thread-safe version of strerror */ |
| 141 | 150 |
const char* strerror_ts (int errnum, struct gc_arena *gc); |
| ... | ... |
@@ -303,6 +312,7 @@ void get_user_pass_auto_userid (struct user_pass *up, const char *tag); |
| 303 | 303 |
extern const char *iproute_path; |
| 304 | 304 |
#endif |
| 305 | 305 |
|
| 306 |
+/* Script security */ |
|
| 306 | 307 |
#define SSEC_NONE 0 /* strictly no calling of external programs */ |
| 307 | 308 |
#define SSEC_BUILT_IN 1 /* only call built-in programs such as ifconfig, route, netsh, etc.*/ |
| 308 | 309 |
#define SSEC_SCRIPTS 2 /* allow calling of built-in programs and user-defined scripts */ |
| ... | ... |
@@ -109,7 +109,7 @@ learn_address_script (const struct multi_context *m, |
| 109 | 109 |
mroute_addr_print (addr, &gc)); |
| 110 | 110 |
if (mi) |
| 111 | 111 |
argv_printf_cat (&argv, "%s", tls_common_name (mi->context.c2.tls_multi, false)); |
| 112 |
- if (!openvpn_execve_check (&argv, es, S_SCRIPT, "WARNING: learn-address command failed")) |
|
| 112 |
+ if (!openvpn_run_script (&argv, es, 0, "--learn-address")) |
|
| 113 | 113 |
ret = false; |
| 114 | 114 |
argv_reset (&argv); |
| 115 | 115 |
} |
| ... | ... |
@@ -480,7 +480,7 @@ multi_client_disconnect_script (struct multi_context *m, |
| 480 | 480 |
struct argv argv = argv_new (); |
| 481 | 481 |
setenv_str (mi->context.c2.es, "script_type", "client-disconnect"); |
| 482 | 482 |
argv_printf (&argv, "%sc", mi->context.options.client_disconnect_script); |
| 483 |
- openvpn_execve_check (&argv, mi->context.c2.es, S_SCRIPT, "client-disconnect command failed"); |
|
| 483 |
+ openvpn_run_script (&argv, mi->context.c2.es, 0, "--client-disconnect"); |
|
| 484 | 484 |
argv_reset (&argv); |
| 485 | 485 |
} |
| 486 | 486 |
#ifdef MANAGEMENT_DEF_AUTH |
| ... | ... |
@@ -1586,7 +1586,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi |
| 1586 | 1586 |
mi->context.options.client_connect_script, |
| 1587 | 1587 |
dc_file); |
| 1588 | 1588 |
|
| 1589 |
- if (openvpn_execve_check (&argv, mi->context.c2.es, S_SCRIPT, "client-connect command failed")) |
|
| 1589 |
+ if (openvpn_run_script (&argv, mi->context.c2.es, 0, "--client-connect")) |
|
| 1590 | 1590 |
{
|
| 1591 | 1591 |
multi_client_connect_post (m, mi, dc_file, option_permissions_mask, &option_types_found); |
| 1592 | 1592 |
++cc_succeeded_count; |
| ... | ... |
@@ -1663,7 +1663,7 @@ link_socket_connection_initiated (const struct buffer *buf, |
| 1663 | 1663 |
struct argv argv = argv_new (); |
| 1664 | 1664 |
setenv_str (es, "script_type", "ipchange"); |
| 1665 | 1665 |
ipchange_fmt (true, &argv, info, &gc); |
| 1666 |
- openvpn_execve_check (&argv, es, S_SCRIPT, "ip-change command failed"); |
|
| 1666 |
+ openvpn_run_script (&argv, es, 0, "--ipchange"); |
|
| 1667 | 1667 |
argv_reset (&argv); |
| 1668 | 1668 |
} |
| 1669 | 1669 |
|
| ... | ... |
@@ -948,7 +948,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) |
| 948 | 948 |
ctx->error_depth, |
| 949 | 949 |
subject); |
| 950 | 950 |
argv_msg_prefix (D_TLS_DEBUG, &argv, "TLS: executing verify command"); |
| 951 |
- ret = openvpn_execve (&argv, opt->es, S_SCRIPT); |
|
| 951 |
+ ret = openvpn_run_script (&argv, opt->es, 0, "--tls-verify script"); |
|
| 952 | 952 |
|
| 953 | 953 |
if (opt->verify_export_cert) |
| 954 | 954 |
{
|
| ... | ... |
@@ -3232,7 +3232,7 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up |
| 3232 | 3232 |
argv_printf (&argv, "%sc %s", session->opt->auth_user_pass_verify_script, tmp_file); |
| 3233 | 3233 |
|
| 3234 | 3234 |
/* call command */ |
| 3235 |
- retval = openvpn_execve (&argv, session->opt->es, S_SCRIPT); |
|
| 3235 |
+ retval = openvpn_run_script (&argv, session->opt->es, 0, "--auth-user-pass-verify"); |
|
| 3236 | 3236 |
|
| 3237 | 3237 |
/* test return status of command */ |
| 3238 | 3238 |
if (system_ok (retval)) |
| ... | ... |
@@ -952,6 +952,8 @@ int |
| 952 | 952 |
openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned int flags) |
| 953 | 953 |
{
|
| 954 | 954 |
int ret = -1; |
| 955 |
+ static bool exec_warn = false; |
|
| 956 |
+ |
|
| 955 | 957 |
if (a && a->argv[0]) |
| 956 | 958 |
{
|
| 957 | 959 |
if (openvpn_execve_allowed (flags)) |
| ... | ... |
@@ -1004,9 +1006,10 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i |
| 1004 | 1004 |
ASSERT (0); |
| 1005 | 1005 |
} |
| 1006 | 1006 |
} |
| 1007 |
- else |
|
| 1007 |
+ else if (!exec_warn && (script_security < SSEC_SCRIPTS)) |
|
| 1008 | 1008 |
{
|
| 1009 | 1009 |
msg (M_WARN, SCRIPT_SECURITY_WARNING); |
| 1010 |
+ exec_warn = true; |
|
| 1010 | 1011 |
} |
| 1011 | 1012 |
} |
| 1012 | 1013 |
else |