The current implementation of check_file_access() does not consider that
some options take scripts and executables as input. When some of these
commands are given arguments in the OpenVPN configuration,
check_file_access() would take those arguments as a part of the file name
to the command. Thus the file check would fail.
This patch improves that by introducing a check_cmd_access() function which
first splits out the arguments to the command before checking if the file
with the command is available.
[DS: This patch is splitted out from the options.c.diff patch sent to the
mailing list - where only the function changes is included here]
Signed-off-by: Jonathan K. Bullard <jkbullard@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: CAEsd45RkyJw6yUk1Jwkip70HkCjKYoU+V=do3N7SH7JOaHBZdw@mail.gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6194
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -2674,6 +2674,51 @@ check_file_access(const int type, const char *file, const int mode, const char * |
2674 | 2674 |
} |
2675 | 2675 |
|
2676 | 2676 |
/* |
2677 |
+ * Verifies that the path in the "command" that comes after certain script options (e.g., --up) is a |
|
2678 |
+ * valid file with appropriate permissions. |
|
2679 |
+ * |
|
2680 |
+ * "command" consists of a path, optionally followed by a space, which may be |
|
2681 |
+ * followed by arbitrary arguments. It is NOT a full shell command line -- shell expansion is not |
|
2682 |
+ * performed. |
|
2683 |
+ * |
|
2684 |
+ * The path and arguments in "command" may be single- or double-quoted or escaped. |
|
2685 |
+ * |
|
2686 |
+ * The path is extracted from "command", then check_file_access() is called to check it. The |
|
2687 |
+ * arguments, if any, are ignored. |
|
2688 |
+ * |
|
2689 |
+ * Note that the type, mode, and opt arguments to this routine are the same as the corresponding |
|
2690 |
+ * check_file_access() arguments. |
|
2691 |
+ */ |
|
2692 |
+static bool |
|
2693 |
+check_cmd_access(const int type, const char *command, const int mode, const char *opt) |
|
2694 |
+{ |
|
2695 |
+ struct argv argv; |
|
2696 |
+ bool return_code; |
|
2697 |
+ |
|
2698 |
+ /* If no command was set, there are no errors to look for */ |
|
2699 |
+ if (! command) |
|
2700 |
+ return false; |
|
2701 |
+ |
|
2702 |
+ /* Extract executable path and arguments */ |
|
2703 |
+ argv = argv_new (); |
|
2704 |
+ argv_printf (&argv, "%sc", command); |
|
2705 |
+ |
|
2706 |
+ /* if an executable is specified then check it; otherwise, complain */ |
|
2707 |
+ if (argv.argv[0]) |
|
2708 |
+ return_code = check_file_access(type, argv.argv[0], mode, opt); |
|
2709 |
+ else |
|
2710 |
+ { |
|
2711 |
+ msg (M_NOPREFIX|M_OPTERR, "%s fails with '%s': No path to executable.", |
|
2712 |
+ opt, command); |
|
2713 |
+ return_code = true; |
|
2714 |
+ } |
|
2715 |
+ |
|
2716 |
+ argv_reset (&argv); |
|
2717 |
+ |
|
2718 |
+ return return_code; |
|
2719 |
+} |
|
2720 |
+ |
|
2721 |
+/* |
|
2677 | 2722 |
* Sanity check of all file/dir options. Checks that file/dir |
2678 | 2723 |
* is accessible by OpenVPN |
2679 | 2724 |
*/ |
... | ... |
@@ -2749,27 +2794,29 @@ options_postprocess_filechecks (struct options *options) |
2749 | 2749 |
#if P2MP_SERVER |
2750 | 2750 |
errs |= check_file_access (CHKACC_FILE, options->client_config_dir, |
2751 | 2751 |
R_OK|X_OK, "--client-config-dir"); |
2752 |
- /* ** Script hooks ** */ |
|
2753 |
- errs |= check_file_access (CHKACC_FILE, options->client_connect_script, |
|
2754 |
- R_OK|X_OK, "--client-connect script"); |
|
2755 |
- errs |= check_file_access (CHKACC_FILE, options->client_disconnect_script, |
|
2756 |
- R_OK|X_OK, "--client-disconnect script"); |
|
2757 |
- errs |= check_file_access (CHKACC_FILE, options->auth_user_pass_verify_script, |
|
2758 |
- R_OK|X_OK, "--auth-user-pass-verify script"); |
|
2759 |
- errs |= check_file_access (CHKACC_FILE, options->tls_verify, |
|
2760 |
- R_OK|X_OK, "--tls-verify script"); |
|
2761 |
- errs |= check_file_access (CHKACC_FILE, options->up_script, |
|
2762 |
- R_OK|X_OK, "--up script"); |
|
2763 |
- errs |= check_file_access (CHKACC_FILE, options->down_script, |
|
2764 |
- R_OK|X_OK, "--down script"); |
|
2765 |
- errs |= check_file_access (CHKACC_FILE, options->ipchange, |
|
2766 |
- R_OK|X_OK, "--ipchange script"); |
|
2767 |
- errs |= check_file_access (CHKACC_FILE, options->route_script, |
|
2768 |
- R_OK|X_OK, "--route-up script"); |
|
2769 |
- errs |= check_file_access (CHKACC_FILE, options->route_predown_script, |
|
2770 |
- R_OK|X_OK, "--route-pre-down script"); |
|
2771 |
- errs |= check_file_access (CHKACC_FILE, options->learn_address_script, |
|
2772 |
- R_OK|X_OK, "--learn-address script"); |
|
2752 |
+ |
|
2753 |
+ /* ** Script hooks that accept an optionally quoted and/or escaped executable path, ** */ |
|
2754 |
+ /* ** optionally followed by arguments ** */ |
|
2755 |
+ errs |= check_cmd_access (CHKACC_FILE, options->auth_user_pass_verify_script, |
|
2756 |
+ R_OK|X_OK, "--auth-user-pass-verify script"); |
|
2757 |
+ errs |= check_cmd_access (CHKACC_FILE, options->client_connect_script, |
|
2758 |
+ R_OK|X_OK, "--client-connect script"); |
|
2759 |
+ errs |= check_cmd_access (CHKACC_FILE, options->client_disconnect_script, |
|
2760 |
+ R_OK|X_OK, "--client-disconnect script"); |
|
2761 |
+ errs |= check_cmd_access (CHKACC_FILE, options->tls_verify, |
|
2762 |
+ R_OK|X_OK, "--tls-verify script"); |
|
2763 |
+ errs |= check_cmd_access (CHKACC_FILE, options->up_script, |
|
2764 |
+ R_OK|X_OK, "--up script"); |
|
2765 |
+ errs |= check_cmd_access (CHKACC_FILE, options->down_script, |
|
2766 |
+ R_OK|X_OK, "--down script"); |
|
2767 |
+ errs |= check_cmd_access (CHKACC_FILE, options->ipchange, |
|
2768 |
+ R_OK|X_OK, "--ipchange script"); |
|
2769 |
+ errs |= check_cmd_access (CHKACC_FILE, options->route_script, |
|
2770 |
+ R_OK|X_OK, "--route-up script"); |
|
2771 |
+ errs |= check_cmd_access (CHKACC_FILE, options->route_predown_script, |
|
2772 |
+ R_OK|X_OK, "--route-pre-down script"); |
|
2773 |
+ errs |= check_cmd_access (CHKACC_FILE, options->learn_address_script, |
|
2774 |
+ R_OK|X_OK, "--learn-address script"); |
|
2773 | 2775 |
#endif /* P2MP_SERVER */ |
2774 | 2776 |
|
2775 | 2777 |
if (errs) |