From patchwork Wed Feb 20 13:46:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 688 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id kA38EDD1bVxGEgAAIUCqbw for ; Wed, 20 Feb 2019 19:47:44 -0500 Received: from director6.mail.ord1c.rsapps.net ([172.28.255.1]) by director8.mail.ord1d.rsapps.net with LMTP id KPmgEDD1bVwyBwAAfY0hYg ; Wed, 20 Feb 2019 19:47:44 -0500 Received: from smtp24.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director6.mail.ord1c.rsapps.net with LMTP id 0N92EDD1bVzMBAAA5akwjA ; Wed, 20 Feb 2019 19:47:44 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp24.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 4c52004c-3572-11e9-9adc-b8ca3a674470-1-1 Received: from [216.105.38.7] ([216.105.38.7:53742] helo=lists.sourceforge.net) by smtp24.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 41/48-05671-F25FD6C5; Wed, 20 Feb 2019 19:47:44 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gwcVd-0001Cr-T5; Thu, 21 Feb 2019 00:46:41 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gwcVc-0001Cf-4l for openvpn-devel@lists.sourceforge.net; Thu, 21 Feb 2019 00:46:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=nZ6gcxp82U8yUqJd05XXLKhupWQsAllgR1bMa/kpz5M=; b=mGc6Ih1kFt2J16xvx/F7Me4L8d es/9nBbcqcNwbRTcsVmT/5KLbsTbyzBGELKJQltP9yfVgBQswT/9+rtwDKXXAzZEL/0Yw/lQqmY6d 705p4NzMZ1QZFw1VnpDbIOpWBslTwnv42VVAVrCspqE4LJ5EVNnTvUcmDrQ0ZUmHDRGk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=nZ6gcxp82U8yUqJd05XXLKhupWQsAllgR1bMa/kpz5M=; b=Wr+KviZISc+I+7ZM0dHHvcXUn/ qZ0dd/xLmz898ym7lozMfiircczkxzXkmqlW+ODMRZTC8SBidtUBTBNLAuGC1gofGb96Y7/+QyuN9 bMsNXABaYUNNyb5MgPncTh4F/riVJRCiZw679fytieX1j7BHuN5OwtEio3W74anMgN7U=; Received: from mail-io1-f50.google.com ([209.85.166.50]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) id 1gwcVa-00D3o5-D5 for openvpn-devel@lists.sourceforge.net; Thu, 21 Feb 2019 00:46:39 +0000 Received: by mail-io1-f50.google.com with SMTP id x4so58817ion.2 for ; Wed, 20 Feb 2019 16:46:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nZ6gcxp82U8yUqJd05XXLKhupWQsAllgR1bMa/kpz5M=; b=hCdhgcHVqc0TLjEU9Wc12xYM8ZwTYtiuyX4XoNmLDadM5Bi08hfRX/9NIoKPOdn2vo RFrCRpYO+/81CkbrXqTE7zGOIEFo1BkdCvwr6CIzQkut/M8iI50DN3p0MommHOxlF9DL 0HoXMKcNvgvaoou7324uQp9ib56+6GBzkTUQSyxK603uQW7nBGFiCr1b3xECW07gqZ3f +ss4fM62FPSb8NXRXV2uM+Y9gZ95+2h8tUO5+SryRyKV2MRyELGVjX/UOQZCVP6vWL4l hv9n37i2GsfCAZx3fzjZCd2ZCvNM2X4Bizi+e499V5Ad0ywB3ALTASnDvKTTojpC7EbJ wWGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nZ6gcxp82U8yUqJd05XXLKhupWQsAllgR1bMa/kpz5M=; b=VIk9FrpwPdapX42VRUNfyFmKUwbtKIwfdh3rkIySiMJA4q83L4DiYu5o7IaJaJ/3iP xaQ6470ajevwGbPkkW4SyCHuOYSc0fTAeOGS2B5FiC5oYlIhSDHCjGVE3Mw2BGsRypHl wJ2H9/DPr9e8pchB4+hI0N4i+F+VWrjOnLxnkaw0jCIvsfhdfVlYa55bZK6sJPL7XjD7 yJvZhFcI2I6NCb4yvSC+4iA5OKWkZm1598VcYnWbmZQfvdUaToZyPIL94YXW+SnpllYP CyN+2RWn6VuYUYnz4UuxBdBCz+vBMkscmu7ixrz9oLKa1rJcJPfI700tUlqcZz4DnYnZ TUJQ== X-Gm-Message-State: AHQUAuaqE3x392mtfjBqMYxmi3Bol1dgoSSJEsyOFJB307w+9sgWwqc6 kiYz7wFx5O5LhGGwE/KgyGh5lpUvOFA= X-Google-Smtp-Source: AHgI3IZmm+FIK627CX1PgFsyyX3/X+tUCYLPWF5XSbAc8OMmC1KdrxNw8cOvZQUuJtxoNhK4iYvNvw== X-Received: by 2002:a6b:6603:: with SMTP id a3mr25252902ioc.203.1550709992227; Wed, 20 Feb 2019 16:46:32 -0800 (PST) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.215.92]) by smtp.gmail.com with ESMTPSA id c1sm3723440itd.23.2019.02.20.16.46.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 20 Feb 2019 16:46:31 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 20 Feb 2019 19:46:22 -0500 Message-Id: <1550709982-19319-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1550368541-10402-1-git-send-email-selva.nair@gmail.com> References: <1550368541-10402-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.166.50 listed in list.dnswl.org] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1gwcVa-00D3o5-D5 Subject: [Openvpn-devel] [PATCH v2] Better error message when script fails due to script-security setting X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair - Add a new return value (-2) for openvpn_execve() when external program execution is not allowed due to a low script-security setting. - Add a corresponding error message Errors and warnings in such cases will now display as "WARNING: failed running command () :" followed by "disallowed by script-security setting" on all platforms instead of the current "external program did not execute -- returned error code -1" on Windows and "external program fork failed" on other platforms. The error is FATAL for some scripts and that behaviour is unchanged. This helps the Windows GUI to detect when a connection failure results from a safer script-security setting enforced by the GUI, and show a relevant message. v2 changes as suggested by - define macros for return values of openvpn_execve() - replace if/else by switch() in system_error_message() Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/run_command.c | 93 ++++++++++++++++++++++++++++------------------- src/openvpn/run_command.h | 4 ++ src/openvpn/win32.c | 12 ++++-- 3 files changed, 68 insertions(+), 41 deletions(-) diff --git a/src/openvpn/run_command.c b/src/openvpn/run_command.c index 2d75a3e..4c4adf9 100644 --- a/src/openvpn/run_command.c +++ b/src/openvpn/run_command.c @@ -54,44 +54,57 @@ script_security_set(int level) } /* - * Print an error message based on the status code returned by system(). + * Generate an error message based on the status code returned by openvpn_execve(). */ static const char * system_error_message(int stat, struct gc_arena *gc) { struct buffer out = alloc_buf_gc(256, gc); -#ifdef _WIN32 - if (stat == -1) + + switch (stat) { - buf_printf(&out, "external program did not execute -- "); - } - buf_printf(&out, "returned error code %d", stat); + case OPENVPN_EXECVE_NOT_ALLOWED: + buf_printf(&out, "disallowed by script-security setting"); + break; + +#ifdef _WIN32 + case OPENVPN_EXECVE_ERROR: + buf_printf(&out, "external program did not execute -- "); + /* fall through */ + + default: + buf_printf(&out, "returned error code %d", stat); + break; #else /* ifdef _WIN32 */ - if (stat == -1) - { - buf_printf(&out, "external program fork failed"); - } - else if (!WIFEXITED(stat)) - { - buf_printf(&out, "external program did not exit normally"); - } - else - { - const int cmd_ret = WEXITSTATUS(stat); - if (!cmd_ret) - { - buf_printf(&out, "external program exited normally"); - } - else if (cmd_ret == 127) - { - buf_printf(&out, "could not execute external program"); - } - else - { - buf_printf(&out, "external program exited with error status: %d", cmd_ret); - } - } + + case OPENVPN_EXECVE_ERROR: + buf_printf(&out, "external program fork failed"); + break; + + default: + if (!WIFEXITED(stat)) + { + buf_printf(&out, "external program did not exit normally"); + } + else + { + const int cmd_ret = WEXITSTATUS(stat); + if (!cmd_ret) + { + buf_printf(&out, "external program exited normally"); + } + else if (cmd_ret == OPENVPN_EXECVE_FAILURE) + { + buf_printf(&out, "could not execute external program"); + } + else + { + buf_printf(&out, "external program exited with error status: %d", cmd_ret); + } + } + break; #endif /* ifdef _WIN32 */ + } return (const char *)out.data; } @@ -114,12 +127,14 @@ openvpn_execve_allowed(const unsigned int flags) * Run execve() inside a fork(). Designed to replicate the semantics of system() but * in a safer way that doesn't require the invocation of a shell or the risks * associated with formatting and parsing a command line. + * Returns the exit status of child, OPENVPN_EXECVE_NOT_ALLOWED if openvpn_execve_allowed() + * returns false, or OPENVPN_EXECVE_ERROR on other errors. */ int openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags) { struct gc_arena gc = gc_new(); - int ret = -1; + int ret = OPENVPN_EXECVE_ERROR; static bool warn_shown = false; if (a && a->argv[0]) @@ -136,7 +151,7 @@ openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned in if (pid == (pid_t)0) /* child side */ { execve(cmd, argv, envp); - exit(127); + exit(OPENVPN_EXECVE_FAILURE); } else if (pid < (pid_t)0) /* fork failed */ { @@ -146,14 +161,18 @@ openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned in { if (waitpid(pid, &ret, 0) != pid) { - ret = -1; + ret = OPENVPN_EXECVE_ERROR; } } } - else if (!warn_shown && (script_security() < SSEC_SCRIPTS)) + else { - msg(M_WARN, SCRIPT_SECURITY_WARNING); - warn_shown = true; + ret = OPENVPN_EXECVE_NOT_ALLOWED; + if (!warn_shown && (script_security() < SSEC_SCRIPTS)) + { + msg(M_WARN, SCRIPT_SECURITY_WARNING); + warn_shown = true; + } } #else /* if defined(ENABLE_FEATURE_EXECVE) */ msg(M_WARN, "openvpn_execve: execve function not available"); @@ -227,7 +246,7 @@ openvpn_popen(const struct argv *a, const struct env_set *es) close(pipe_stdout[0]); /* Close read end */ dup2(pipe_stdout[1],1); execve(cmd, argv, envp); - exit(127); + exit(OPENVPN_EXECVE_FAILURE); } else if (pid > (pid_t)0) /* parent side */ { diff --git a/src/openvpn/run_command.h b/src/openvpn/run_command.h index 4501a5c..7ccb13c 100644 --- a/src/openvpn/run_command.h +++ b/src/openvpn/run_command.h @@ -33,6 +33,10 @@ #define SSEC_SCRIPTS 2 /* allow calling of built-in programs and user-defined scripts */ #define SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */ +#define OPENVPN_EXECVE_ERROR -1 /* generic error while forking to run an external program */ +#define OPENVPN_EXECVE_NOT_ALLOWED -2 /* external program not run due to script security */ +#define OPENVPN_EXECVE_FAILURE 127 /* exit code passed back from child when execve fails */ + int script_security(void); void script_security_set(int level); diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 463ac07..55d9843 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -1088,7 +1088,7 @@ wide_cmd_line(const struct argv *a, struct gc_arena *gc) int openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags) { - int ret = -1; + int ret = OPENVPN_EXECVE_ERROR; static bool exec_warn = false; if (a && a->argv[0]) @@ -1137,10 +1137,14 @@ openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned in free(env); gc_free(&gc); } - else if (!exec_warn && (script_security() < SSEC_SCRIPTS)) + else { - msg(M_WARN, SCRIPT_SECURITY_WARNING); - exec_warn = true; + ret = OPENVPN_EXECVE_NOT_ALLOWED; + if (!exec_warn && (script_security() < SSEC_SCRIPTS)) + { + msg(M_WARN, SCRIPT_SECURITY_WARNING); + exec_warn = true; + } } } else