From patchwork Tue Apr 4 07:59:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 3184 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:5492:b0:b2:b40d:92f9 with SMTP id ab18csp2840972dyc; Tue, 4 Apr 2023 01:00:59 -0700 (PDT) X-Google-Smtp-Source: AKy350ZMtcP4mIBECsGJaI4+cpaL0IDn8A3w5MaKE+QgIuaIV/YZV0V2Le/IkSTPg1RzisPOXNwM X-Received: by 2002:a17:90b:1b03:b0:240:d275:d61b with SMTP id nu3-20020a17090b1b0300b00240d275d61bmr1785031pjb.36.1680595259216; Tue, 04 Apr 2023 01:00:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680595259; cv=none; d=google.com; s=arc-20160816; b=x2UE2WCUDvBkzAfarEKJXeTju03vhjf/LkyKNQs7Mfda+V2RZmiE7+8vUke59bITcq bIwBYHBnh/U+Oe6SUj+het3uT5rRQ0H2hDTmjEaxh9txUuou0fI2emk5N5nQIOE/fVou UncpmT5D8ecfZJuDRPswpdVljk/zO2+LHB0EacYoLvUF94WLevfmn7LPkkm5C7emphbZ fX41mKaxOulR8X3XgypbbhszIvRvUQeXDkWhOXfMrUSsoM/wnCM20xhHw2yzs+N1/arw AhxkSpKxoTZpMv3ikALRwtyOxP9gVSY7M4tRnnZGVG3wW/yMvpr3F6yyajYpH6JkG60I gJsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=TcCgWD3wyhxaQdUWbv4duANAatx1FsY2JKfP8jP0eno=; b=QPUNmeoIXbcqR1gAU1XJ+RxbTJzzhv7c9Uu84YoCnP7ekKGikBj9byLDKFDy7DxzU7 ECWchufpRDE4PUHrj8lVSvUTCXWlSdrxWe3UTXu4eEdLY8Kig/81dwVI3qZCpfrjm9vD H1D8udLS9x7Au6o6tfsVCwCubRypru0vU9K5M7n50+ksky5+C+Q5GUdCMgr3q/2TAmH0 BqxdIaBqkqN7RqApzQYbYSIF592nn348FziWzfgc5khrYQ7Vnua+9J5V2tARMIAA84CT HJp+dLOoOfSX+UXVzaktErwrQgrwkZBCD8/mXjuwYtOml9niFZCHPFqxhVYc+gkslNnD ThMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=k81Zi5TF; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XZydIgaN; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=M16eav9P; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id w10-20020a170902d70a00b001a048ff5381si9472795ply.507.2023.04.04.01.00.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Apr 2023 01:00:59 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=k81Zi5TF; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XZydIgaN; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=M16eav9P; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pjbaf-0003DQ-3T; Tue, 04 Apr 2023 08:00:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pjbad-0003DK-Up for openvpn-devel@lists.sourceforge.net; Tue, 04 Apr 2023 08:00:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=hSwBWBb1iAXZgGWNlXwLUAfmBslANUNXSNMtZi8gAjQ=; b=k81Zi5TFu4Fu0jpolpttNw5xTq s07MsRtrLn9C6jFqg7J/tnyrohyFGNteKZSppFyh/STIeN82VVuLL03Z74zCCkjoObx7Xs2tqYuyK jdlUBZ4TFtnr65DbMp4WokhAiG2oc5+CNuNpBRb1VC2+Djw8xonZ0ORtuzcz9eZZKXkE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=hSwBWBb1iAXZgGWNlXwLUAfmBslANUNXSNMtZi8gAjQ=; b=X ZydIgaN+27OAUDjATsJvgSw8lTg2GtVO6RulhfezEhyooYDuOzDJGJIggv/uLLliM/mLAJ/tq2iZQ PZNFBSF3aL/DxM7vjnYjJV9OALRsGu/k/JyOKY/Iw72SG7rcEr9+GrxfBrfA6Dgu54q/1Fh2pz5aP hkAOpscSLQdKa7Vo=; Received: from mail-lj1-f175.google.com ([209.85.208.175]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pjbaa-00EY2w-Q8 for openvpn-devel@lists.sourceforge.net; Tue, 04 Apr 2023 08:00:28 +0000 Received: by mail-lj1-f175.google.com with SMTP id 20so32901132lju.0 for ; Tue, 04 Apr 2023 01:00:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680595218; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=hSwBWBb1iAXZgGWNlXwLUAfmBslANUNXSNMtZi8gAjQ=; b=M16eav9PxDhBbld8XJjkyIxB7ZQe7wNU6K4NjaHxpR2/Xjh/RPr04d7J1oUll3RNqa KhJKgx6EUnWzcaA/Ni3Vpx/ohQif0FJuRUJPkJl/Vc3Q2KnvyP4Lt4SKQPw1cXxpOlz1 5nkUN7B5S6yLvqiVk1NDI5j7InqJeclTWq3CnwNfr1iN9nqKGSyvE+7pTuHQco9o3RmX MJVkUTYmk7eKg4r0llzsXdv2RhP+86/BX1ZNIWnzvgcHThsJRO4cXYXVMRlkGJIzRXZ3 /7vpEiZAjxr7CwUHNsi5+0Z8G4HChbJ8Xw3aJNNABlPw1qHs0zSDMEKbYF+tXgU3TtgG WA3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680595218; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hSwBWBb1iAXZgGWNlXwLUAfmBslANUNXSNMtZi8gAjQ=; b=AAnzM1CZ0BoMpb0lWVGYzJJJZ0U6D0jxD61lokpHLxfqcwxdrZ2EQbcYzUgrTHMHBN jpy7mp9mELPKV095NBdxmIe5tC/hkggRiU3u+DJPIpmTFsNtlTJaLpCrey++sfpAkQqB jqhK1awVGbD4SOiDNXN/+oK3+jYrOR3+aOjJiTKBR0NbFhPUD0/Adu7Sxk529H5AR9sL X+vfHcCZUYL0gQQc0m3V0uXn0QWFhZb+WPqOwWNHTDdr76DqXSfMrYpk2Zx7rHsilcme ViUoBfeNUvn5S169uro1mZ+JbQa37l4oZV2O0GhWb3JMWq0gf8rMmSmxXxe99NNDhIOD Y5cg== X-Gm-Message-State: AAQBX9e+3JKn158ngrhbzRWFlHhXyrE8l020UQ/luK3FjnJOoEWPRBvb 6voo7vVBdkygawA6vco3yyUvCN11dnDq0A== X-Received: by 2002:a2e:7307:0:b0:299:edc5:9c10 with SMTP id o7-20020a2e7307000000b00299edc59c10mr568268ljc.2.1680595217524; Tue, 04 Apr 2023 01:00:17 -0700 (PDT) Received: from localhost.localdomain (nat2.panoulu.net. [185.38.2.2]) by smtp.gmail.com with ESMTPSA id y18-20020a2e95d2000000b002986d9bdecesm2178258ljh.129.2023.04.04.01.00.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Apr 2023 01:00:16 -0700 (PDT) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Tue, 4 Apr 2023 10:59:32 +0300 Message-Id: <20230404075931.840-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.23.0.windows.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov We set DNS domain either via interactve service or DHCP. When interactive service is not used, for example, when profiles are started by OpenVPNService, this option is not working for DCO and wintun. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.175 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.175 listed in wl.mailspike.net] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-Headers-End: 1pjbaa-00EY2w-Q8 Subject: [Openvpn-devel] [PATCH] Support of DNS domain for DHCP-less drivers X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1762231854516090393?= X-GMAIL-MSGID: =?utf-8?q?1762231854516090393?= From: Lev Stipakov We set DNS domain either via interactve service or DHCP. When interactive service is not used, for example, when profiles are started by OpenVPNService, this option is not working for DCO and wintun. This implements setting DNS domain via WMIC command, similar to implementation in interactive service. This is done when: - interactive service is not used - ip_win32_type is either METSH or IPAPI, which is the case for DCO and wintun. Fixes https://github.com/OpenVPN/openvpn/issues/306 Change-Id: I9ab51bf1c0774564204c75ecce9ebfb818db2f5b --- src/openvpn/options.c | 8 ++--- src/openvpn/tun.c | 72 ++++++++++++++++++++++++++++++++++--------- src/openvpn/tun.h | 6 ++++ src/openvpn/win32.h | 1 + 4 files changed, 67 insertions(+), 20 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 2680f268..36d54ceb 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3396,11 +3396,11 @@ options_postprocess_mutate_invariant(struct options *options) #ifdef _WIN32 const int dev = dev_type_enum(options->dev, options->dev_type); + const bool dhcp = tuntap_maybe_dhcp(&options->tuntap_options); + /* when using wintun/ovpn-dco, kernel doesn't send DHCP requests, so don't use it */ if ((options->windows_driver == WINDOWS_DRIVER_WINTUN - || options->windows_driver == WINDOWS_DRIVER_DCO) - && (options->tuntap_options.ip_win32_type == IPW32_SET_DHCP_MASQ - || options->tuntap_options.ip_win32_type == IPW32_SET_ADAPTIVE)) + || options->windows_driver == WINDOWS_DRIVER_DCO) && dhcp) { options->tuntap_options.ip_win32_type = IPW32_SET_NETSH; } @@ -3408,8 +3408,6 @@ options_postprocess_mutate_invariant(struct options *options) if ((dev == DEV_TYPE_TUN || dev == DEV_TYPE_TAP) && !options->route_delay_defined) { /* delay may only be necessary when we perform DHCP handshake */ - const bool dhcp = (options->tuntap_options.ip_win32_type == IPW32_SET_DHCP_MASQ) - || (options->tuntap_options.ip_win32_type == IPW32_SET_ADAPTIVE); if ((options->mode == MODE_POINT_TO_POINT) && dhcp) { options->route_delay_defined = true; diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 2ebe4809..c2cc7e26 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -84,6 +84,8 @@ static void netsh_set_dns6_servers(const struct in6_addr *addr_list, static void netsh_command(const struct argv *a, int n, int msglevel); +static void exec_command(const char *prefix, const struct argv *a, int n, int msglevel); + static const char *netsh_get_id(const char *dev_node, struct gc_arena *gc); static bool @@ -324,6 +326,22 @@ out: return ret; } +static void +wmic_do_dns_domain(bool add, const struct tuntap *tt) +{ + if (!tt->options.domain) + { + return; + } + + struct argv argv = argv_new(); + argv_printf(&argv, "%s%s nicconfig where (InterfaceIndex=%ld) call SetDNSDomain %s", + get_win_sys_path(), WMIC_PATH_SUFFIX, tt->adapter_index, add ? tt->options.domain : ""); + exec_command("WMIC", &argv, 1, M_WARN); + + argv_free(&argv); +} + #endif /* ifdef _WIN32 */ #ifdef TARGET_SOLARIS @@ -1190,6 +1208,11 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, /* set ipv6 dns servers if any are specified */ netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, tt->adapter_index); windows_set_mtu(tt->adapter_index, AF_INET6, tun_mtu); + + if (!tt->did_ifconfig_setup && !tuntap_maybe_dhcp(&tt->options)) + { + wmic_do_dns_domain(true, tt); + } } #else /* platforms we have no IPv6 code for */ msg(M_FATAL, "Sorry, but I don't know how to do IPv6 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); @@ -1525,7 +1548,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, ifname, ifconfig_local, ifconfig_remote_netmask); } - else if (tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ || tt->options.ip_win32_type == IPW32_SET_ADAPTIVE) + else if (tuntap_maybe_dhcp(&tt->options)) { /* Let the DHCP configure the interface. */ } @@ -1535,11 +1558,18 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, do_dns_service(true, AF_INET, tt); do_dns_domain_service(true, tt); } - else if (tt->options.ip_win32_type == IPW32_SET_NETSH) + else { - netsh_ifconfig(&tt->options, tt->adapter_index, tt->local, - tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS); + if (tt->options.ip_win32_type == IPW32_SET_NETSH) + { + netsh_ifconfig(&tt->options, tt->adapter_index, tt->local, + tt->adapter_netmask, NI_IP_NETMASK | NI_OPTIONS); + } + + wmic_do_dns_domain(true, tt); } + + if (tt->options.msg_channel) { do_set_mtu_service(tt, AF_INET, tun_mtu); @@ -5238,12 +5268,8 @@ dhcp_renew(const struct tuntap *tt) } } -/* - * netsh functions - */ - static void -netsh_command(const struct argv *a, int n, int msglevel) +exec_command(const char *prefix, const struct argv *a, int n, int msglevel) { int i; for (i = 0; i < n; ++i) @@ -5251,8 +5277,8 @@ netsh_command(const struct argv *a, int n, int msglevel) bool status; management_sleep(0); netcmd_semaphore_lock(); - argv_msg_prefix(M_INFO, a, "NETSH"); - status = openvpn_execve_check(a, NULL, 0, "ERROR: netsh command failed"); + argv_msg_prefix(M_INFO, a, prefix); + status = openvpn_execve_check(a, NULL, 0, "ERROR: command failed"); netcmd_semaphore_release(); if (status) { @@ -5260,7 +5286,13 @@ netsh_command(const struct argv *a, int n, int msglevel) } management_sleep(4); } - msg(msglevel, "NETSH: command failed"); + msg(msglevel, "%s: command failed", prefix); +} + +static void +netsh_command(const struct argv *a, int n, int msglevel) +{ + exec_command("NETSH", a, n, msglevel); } void @@ -6927,6 +6959,11 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) } else { + if (!tt->did_ifconfig_setup && !tuntap_maybe_dhcp(&tt->options)) + { + wmic_do_dns_domain(false, tt); + } + netsh_delete_address_dns(tt, true, &gc); } } @@ -6937,7 +6974,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) { /* We didn't do ifconfig. */ } - else if (tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ || tt->options.ip_win32_type == IPW32_SET_ADAPTIVE) + else if (tuntap_maybe_dhcp(&tt->options)) { /* We don't have to clean the configuration with DHCP. */ } @@ -6947,9 +6984,14 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) do_dns_service(false, AF_INET, tt); do_address_service(false, AF_INET, tt); } - else if (tt->options.ip_win32_type == IPW32_SET_NETSH) + else { - netsh_delete_address_dns(tt, false, &gc); + wmic_do_dns_domain(false, tt); + + if (tt->options.ip_win32_type == IPW32_SET_NETSH) + { + netsh_delete_address_dns(tt, false, &gc); + } } } diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index e19e1a2e..0d8e2307 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -668,6 +668,12 @@ tuntap_is_dco_win_timeout(struct tuntap *tt, int status) const char * print_windows_driver(enum windows_driver_type windows_driver); +static inline bool +tuntap_maybe_dhcp(struct tuntap_options *o) +{ + return o->ip_win32_type == IPW32_SET_DHCP_MASQ || o->ip_win32_type == IPW32_SET_ADAPTIVE; +} + #else /* ifdef _WIN32 */ static inline bool diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index 72ffb012..36059662 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -38,6 +38,7 @@ #define WIN_ROUTE_PATH_SUFFIX "\\system32\\route.exe" #define WIN_IPCONFIG_PATH_SUFFIX "\\system32\\ipconfig.exe" #define WIN_NET_PATH_SUFFIX "\\system32\\net.exe" +#define WMIC_PATH_SUFFIX "\\system32\\wbem\\wmic.exe" /* * Win32-specific OpenVPN code, targeted at the mingw