From patchwork Mon Sep 15 06:20:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4416 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6ad9:b0:671:5a2c:6455 with SMTP id v25csp1080602maw; Sun, 14 Sep 2025 23:20:26 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXutqJvgtUjT4Unr+7n3/Aa+OqopM6EX1H9NyrkOhD4090aV0C7pfa9t2vzc4P8Bp0y8i8EheAkm9I=@openvpn.net X-Google-Smtp-Source: AGHT+IHQXDvw1H+Oer4LKT+49OyoJRDsV0+1g4sK+rymNznDdE/iOs8m+dBUIsm1Qglf/gYFZt2R X-Received: by 2002:a05:6808:244f:b0:43d:232c:1eab with SMTP id 5614622812f47-43d232c23f7mr1922801b6e.8.1757917226442; Sun, 14 Sep 2025 23:20:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1757917226; cv=none; d=google.com; s=arc-20240605; b=JymFW2cveMD2WU0KL7y2tQbAfqcYbLl0rxm2R5xG4wiJFdjVf89YswhXrsf5K4qSVj YgUvU4a/Isg4uaCVxGKqU1KX1DWrMvVu6nOIg/G2K4LAVXmIzCiaQ5/J+LB+SzKVTJ04 QdSGfLpNBL2rsRz7UHoHQs9NncUGFWl1T9+qMJhaJQmyK3VQTZZ7kM6+69G8wQ9ANps0 x+dSZNkvRD+y8TRDbklPR91iIjFe8wYflo+IuA6OuO7mpqGarSv+pvaj+RCAjP1aE3Um IBzzmdgG4G4/r5PcuxEL189aKlYWaAs/FrS6fxjHeJx1U+Xi843p6JGMbzO64t9IM7PM Dn6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=0DK1Cidb2LWCW0+qAS/MYYOTN5v3Xv3Cbu0SfnTmrTQ=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=aPBiMs+ZVfl81EuTGKvAUQFd+458iIaPAYHeVqomVH7u8Vu1Atyj9VO05Bem6U3nsX AU6lf6bUGJqS0Ia4b188dTE56hZ3Bv2mwUTIVNmNAXdqsaquB/8K4NrCfgp2bkn3wF7A r7zKMOq4Zc6S0gMXsJ3eMmKentPfddgOJGZFQwnXRUu/FcjQ4pGVb+W3wwBgOId1vszL B97UjcQaP7PxJyvlcN9zahThIaU/MBvdfnUEl4e2fKe7kDVhFbCwrwAu9JCZ1SzNT/F1 L0XJ6OMxae7iOcZh+Ur5BEMQHU+Ky8O3CxcQJAwSMNf9oNYdTwc6iPODG0b9xfzlsLXb h8fw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=irKJ5lnj; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LZ832eDm; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SXVxnXwI; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-43b8dda18eesi2027076b6e.189.2025.09.14.23.20.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Sep 2025 23:20:26 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=irKJ5lnj; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LZ832eDm; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SXVxnXwI; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=0DK1Cidb2LWCW0+qAS/MYYOTN5v3Xv3Cbu0SfnTmrTQ=; b=irKJ5lnjY5ID0PS7Q9/0438XDz vVb8+Ch9IhSalosz77aT5Pt8mBA7MAWTLozWuvCid/ecwg0xH+0Ti3LAEMxVVJI0IfOModgcVI5zc IDGTIsTOn7D4MV1T7BBUg4L8y7m8DjhMkJuL8p4t+R2vD4ddXw0iKkRkhEoVD97maops=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uy2Zc-0004rZ-1f; Mon, 15 Sep 2025 06:20:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uy2Za-0004rS-N9 for openvpn-devel@lists.sourceforge.net; Mon, 15 Sep 2025 06:20:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7WEbH2W5Gec+RTuZ/bbQSxHwK7+ENJsnggv2h1/Ojao=; b=LZ832eDmYq3vb/dHhHHr0Gnfqu z+sw/fc24M2xVPIMnmbbFohc2jnd1/b1w4uJbjGZ+AqD8852dkDzroPhpP7AhQbSpUSKv52eL1Ej8 G30lLtUL6oP8hof6EoT6hxlYoGMO/alaErCKYYuNG/cq7ZosZ5bjSzeyipYbHfcqdg+A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=7WEbH2W5Gec+RTuZ/bbQSxHwK7+ENJsnggv2h1/Ojao=; b=SXVxnXwIOrbHtzupjG7XoggVdu tmkWvwoUUm4P2Dyb29kIDG5tmoWz6lZajDecCGexo5Rb8k/xatWb8RxVO6d928l7mWzeTEWkrKde0 KnMgbsJDZEWuSNlwV3kDEzxgHYGt3Ylph8ZkhzZhsUV9YwaTtxRJgRHqa3s3zcXFS0Yw=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uy2ZZ-0001vV-Hc for openvpn-devel@lists.sourceforge.net; Mon, 15 Sep 2025 06:20:22 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58F6KE98002570 for ; Mon, 15 Sep 2025 08:20:14 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58F6KES9002569 for openvpn-devel@lists.sourceforge.net; Mon, 15 Sep 2025 08:20:14 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 15 Sep 2025 08:20:06 +0200 Message-ID: <20250915062013.2555-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov Since wmic has been recently deprecated and is absent on new systems, replace setting DNS domain "old-style" with powershell. Some changes to the service implementation: Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uy2ZZ-0001vV-Hc Subject: [Openvpn-devel] [PATCH v2] win: replace wmic invocation with powershell X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1843309813378979713?= X-GMAIL-MSGID: =?utf-8?q?1843309813378979713?= From: Lev Stipakov Since wmic has been recently deprecated and is absent on new systems, replace setting DNS domain "old-style" with powershell. Some changes to the service implementation: - remove action parameter and hardcode Set-DnsClient since this is the only used action - remove support of multiple domains, since we only pass a single domain (tuntap_options.domain) GitHub: https://github.com/OpenVPN/openvpn/issues/642 Change-Id: Iff2f4ea677fe2d88659d7814dab0f792f5004fb3 Signed-off-by: Lev Stipakov Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to release/2.6. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1183 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 92e71a3..7c8a351 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -383,7 +383,7 @@ } static void -do_dns_domain_wmic(bool add, const struct tuntap *tt) +do_dns_domain_pwsh(bool add, const struct tuntap *tt) { if (!tt->options.domain) { @@ -391,9 +391,14 @@ } struct argv argv = argv_new(); - argv_printf(&argv, "%s%s nicconfig where (InterfaceIndex=%ld) call SetDNSDomain '%s'", - get_win_sys_path(), WMIC_PATH_SUFFIX, tt->adapter_index, add ? tt->options.domain : ""); - exec_command("WMIC", &argv, 1, M_WARN); + argv_printf(&argv, + "%s%s -NoProfile -NonInteractive -Command Set-DnsClient -InterfaceIndex %lu -ConnectionSpecificSuffix '%s'", + get_win_sys_path(), + POWERSHELL_PATH_SUFFIX, + tt->adapter_index, + add ? tt->options.domain : "" + ); + exec_command("PowerShell", &argv, 1, M_WARN); argv_free(&argv); } @@ -1269,7 +1274,7 @@ if (!tt->did_ifconfig_setup) { - do_dns_domain_wmic(true, tt); + do_dns_domain_pwsh(true, tt); } } #else /* platforms we have no IPv6 code for */ @@ -1625,7 +1630,7 @@ tt->adapter_netmask, NI_IP_NETMASK | NI_OPTIONS); } - do_dns_domain_wmic(true, tt); + do_dns_domain_pwsh(true, tt); } @@ -7024,7 +7029,7 @@ { if (!tt->did_ifconfig_setup) { - do_dns_domain_wmic(false, tt); + do_dns_domain_pwsh(false, tt); } netsh_delete_address_dns(tt, true, &gc); @@ -7050,7 +7055,7 @@ } else { - do_dns_domain_wmic(false, tt); + do_dns_domain_pwsh(false, tt); if (tt->options.ip_win32_type == IPW32_SET_NETSH) { diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index 1b87fa3..67e6169 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -38,7 +38,7 @@ #define WIN_ROUTE_PATH_SUFFIX "\\system32\\route.exe" #define WIN_IPCONFIG_PATH_SUFFIX "\\system32\\ipconfig.exe" #define WIN_NET_PATH_SUFFIX "\\system32\\net.exe" -#define WMIC_PATH_SUFFIX "\\system32\\wbem\\wmic.exe" +#define POWERSHELL_PATH_SUFFIX "\\system32\\WindowsPowerShell\\v1.0\\powershell.exe" /* * Win32-specific OpenVPN code, targeted at the mingw diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index a25d26f..ca58596 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -1150,45 +1150,31 @@ } /** - * Run command: wmic nicconfig (InterfaceIndex=$if_index) call $action ($data) + * Run command: powershell -NoProfile -NonInteractive -Command Set-DnsClient -InterfaceIndex %ld -ConnectionSpecificSuffix '%s' * @param if_index "index of interface" - * @param action e.g., "SetDNSDomain" * @param data data if required for action * - a single word for SetDNSDomain, empty or NULL to delete - * - comma separated values for a list */ static DWORD -wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index, - const wchar_t *data) +pwsh_setdns_cmd(const NET_IFINDEX if_index, const wchar_t *data) { DWORD err = 0; wchar_t argv0[MAX_PATH]; wchar_t *cmdline = NULL; int timeout = 10000; /* in msec */ - openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"wbem\\wmic.exe"); + openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"WindowsPowerShell\\v1.0\\powershell.exe"); - const wchar_t *fmt; - /* comma separated list must be enclosed in parenthesis */ - if (data && wcschr(data, L',')) - { - fmt = L"wmic nicconfig where (InterfaceIndex=%ld) call %ls (%ls)"; - } - else - { - fmt = L"wmic nicconfig where (InterfaceIndex=%ld) call %ls \"%ls\""; - } + const wchar_t *fmt = L"-NoProfile -NonInteractive -Command Set-DnsClient -InterfaceIndex %lu -ConnectionSpecificSuffix '%s'"; - size_t ncmdline = wcslen(fmt) + 20 + wcslen(action) /* max 20 for ifindex */ - + (data ? wcslen(data) + 1 : 1); + size_t ncmdline = wcslen(fmt) + 20 + /* max 20 for ifindex */ (data ? wcslen(data) + 1 : 1); cmdline = malloc(ncmdline*sizeof(wchar_t)); if (!cmdline) { return ERROR_OUTOFMEMORY; } - openvpn_swprintf(cmdline, ncmdline, fmt, if_index, action, - data ? data : L""); + openvpn_swprintf(cmdline, ncmdline, fmt, if_index, data ? data : L""); err = ExecCommand(argv0, cmdline, timeout); free(cmdline); @@ -1248,7 +1234,7 @@ free(RemoveListItem(&(*lists)[undo_domain], CmpWString, (void *)if_name)); } - err = wmic_nicconfig_cmd(L"SetDNSDomain", if_index, wdomain); + err = pwsh_setdns_cmd(if_index, wdomain); /* Add to undo list if domain is non-empty */ if (err == 0 && wdomain[0] && lists)