From patchwork Mon Sep 15 13:03:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4418 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6ad9:b0:671:5a2c:6455 with SMTP id v25csp1259483maw; Mon, 15 Sep 2025 06:04:00 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWNsjEg2zhHN4o+lOP5V3iH0q9oVuyBtNwNudTLuaNTYEwRT99N2gu34z4ZzWEfxu0Kv9LSeYy+C94=@openvpn.net X-Google-Smtp-Source: AGHT+IHBS/hzuoaiAoS6pkVFhfs1XHr8iHMha3BtiRbfUknBouRKKl/ehppAaFLnPzrSdhMGeL4n X-Received: by 2002:a05:6871:4191:b0:32b:883e:d55b with SMTP id 586e51a60fabf-32e54f8b4a1mr7024200fac.17.1757941440520; Mon, 15 Sep 2025 06:04:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1757941440; cv=none; d=google.com; s=arc-20240605; b=iORWfzEdTbaJrLisggFIE2i5f5RBrWU2qF/ApAYk3HBsW6w6qEa76HCw/HjJA8x47+ sVkdHy7aKGj45P39a54FHgPPP6nRIVMwiBF2f0tDah55h9Xgus5PCEcrCbpB9kHSq+A4 0BPwig3RIRXj/Ifwt+mogbQzFJKZJvpgPcZel9xjP/sy7dOy679kvyDrWWiz4ReOkDwb RpU4hgpT1fPgZnwRb2Ae8CcNTxnZ/u1PADIC+/4bCvusIzPPling/nk+PS9lkzMSiwmV fH8DY/RGTQJbSRTbydQk0ytPCimVcDdN3Xd6YYb+9//dqzdybDv19tgPOGX/wfIXFb1d YLcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=2DuoIJ5WHW4KSvqbaAD/dKdS0SbALraCUa3Z1frkAi0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=ZemJjYIRX5+iygmnA8L/OBehl/tHqa6PAG8h+UZargN6UkMaFqGA4+gO+GQnORtyNC ingmX5obRJNJGfWsgbXIRY4AYkY/a9ueIt8USht0P6gYVYCyeM9ahhtWLVU0TszyNI61 aXfg1jnHjWZvUQdXp6hReZb83/myb68VvgLx7I7kcQ9unzfu6OdJZKt9WvZvqVLmGMa7 q9+yDVP0p7yxTPxe34+wBGOsunjPE66xO4vXJVtRsnzxtkL/bkyS5LXxaP0qCGBVuK+O KVMdfyDfVUA64a7jOfdLpr4GBtG7BFxhN8yIHxJYN5/9KlvI0NZcDappd01PBQpcanpG ocnA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Rxw+5VK0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jKEvUXMj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Ox9tduss; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-33094b7e4b3si1344952fac.175.2025.09.15.06.04.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Sep 2025 06:04:00 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Rxw+5VK0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jKEvUXMj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Ox9tduss; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=2DuoIJ5WHW4KSvqbaAD/dKdS0SbALraCUa3Z1frkAi0=; b=Rxw+5VK0MD4akpw8hEWK6bj2AR omPPiovZ8ldTUh/kQmM7jidaFjmr512vZpW6DecciDcTkJYDOiIUDbegwo5qi5Yq9Ah4Rm/XcBa6w T26s155vSDNUulokAL8OJjOKzm1vp+cImAAx5IRJfp99Cv7bOny2hDsfNLmfuDNy5qNA=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uy8s6-00031X-CR; Mon, 15 Sep 2025 13:03:55 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uy8s4-00031H-CZ for openvpn-devel@lists.sourceforge.net; Mon, 15 Sep 2025 13:03:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gByYr74Ldkn6FqCqBmiXM5uxlpM52BZwXu2OQt7l83k=; b=jKEvUXMjYkLepDN3vZaTm+XhvJ BKaEt+mGiXTWBwBt6Tbg1vfKxkVEoPoATnhDeV8kD4v/0k8Xb2RJig4QfQSevHQ3CS8p5Am1p6uUN n4ZxxU5DowuxHGBiot3CHkwGEeF/kHjgSPaFjIQ55zyw6GY9o01BTgUL9oHxFuIABhRc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gByYr74Ldkn6FqCqBmiXM5uxlpM52BZwXu2OQt7l83k=; b=Ox9tduss1h3MCuiPTsEgP3RJvP kwior9EBcj0JPlGYm+yczRK6i5JXnhhH8NhyRO7nxEca33RhgNi+Ze5x5oSYFTT1A6bHeCwtWlceM 1UGv4LMy2qd73nWfP/eVA5rxcDYrG9uwp7ppCLDbosSwVAs5vUoMfR9evNNTLcHtdqO8=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uy8s3-0000HF-Vc for openvpn-devel@lists.sourceforge.net; Mon, 15 Sep 2025 13:03:52 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58FD3jvR002922 for ; Mon, 15 Sep 2025 15:03:45 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58FD3jHq002921 for openvpn-devel@lists.sourceforge.net; Mon, 15 Sep 2025 15:03:45 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 15 Sep 2025 15:03:38 +0200 Message-ID: <20250915130344.2906-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov Since wmic has been recently deprecated and is absent on new systems, replace setting DNS domain "old-style" with powershell. This is based on 2.6 patch which replaces wmic with powershell Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uy8s3-0000HF-Vc Subject: [Openvpn-devel] [PATCH v1] win: replace wmic invocation with powershell X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1843335203782960817?= X-GMAIL-MSGID: =?utf-8?q?1843335203782960817?= From: Lev Stipakov Since wmic has been recently deprecated and is absent on new systems, replace setting DNS domain "old-style" with powershell. This is based on 2.6 patch which replaces wmic with powershell d383d6e "win: replace wmic invocation with powershell" except that here we only touch openvpn process code. There is no wmic calls in 2.7 service. Github: fixes OpenVPN/openvpn#642 Change-Id: Ibb126e9ca4548aeb8b60df226e37c9b414698247 Signed-off-by: Lev Stipakov Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1187 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 29f74a2..ee0733a 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -405,7 +405,7 @@ } static void -do_dns_domain_wmic(bool add, const struct tuntap *tt) +do_dns_domain_pwsh(bool add, const struct tuntap *tt) { if (!tt->options.domain) { @@ -413,10 +413,13 @@ } struct argv argv = argv_new(); - argv_printf(&argv, "%s%s nicconfig where (InterfaceIndex=%ld) call SetDNSDomain '%s'", - get_win_sys_path(), WMIC_PATH_SUFFIX, tt->adapter_index, + argv_printf(&argv, + "%s%s -NoProfile -NonInteractive -Command Set-DnsClient -InterfaceIndex %lu -ConnectionSpecificSuffix '%s'", + get_win_sys_path(), + POWERSHELL_PATH_SUFFIX, + tt->adapter_index, add ? tt->options.domain : ""); - exec_command("WMIC", &argv, 1, M_WARN); + exec_command("PowerShell", &argv, 1, M_WARN); argv_free(&argv); } @@ -1208,7 +1211,7 @@ if (!tt->did_ifconfig_setup) { - do_dns_domain_wmic(true, tt); + do_dns_domain_pwsh(true, tt); } } #else /* platforms we have no IPv6 code for */ @@ -1527,7 +1530,7 @@ NI_IP_NETMASK | NI_OPTIONS); } - do_dns_domain_wmic(true, tt); + do_dns_domain_pwsh(true, tt); } @@ -6547,7 +6550,7 @@ { if (!tt->did_ifconfig_setup) { - do_dns_domain_wmic(false, tt); + do_dns_domain_pwsh(false, tt); } netsh_delete_address_dns(tt, true, &gc); @@ -6574,7 +6577,7 @@ } else { - do_dns_domain_wmic(false, tt); + do_dns_domain_pwsh(false, tt); if (tt->options.ip_win32_type == IPW32_SET_NETSH) { diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index dbfa5bc..ff3145a 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -40,7 +40,7 @@ #define WIN_ROUTE_PATH_SUFFIX "\\system32\\route.exe" #define WIN_IPCONFIG_PATH_SUFFIX "\\system32\\ipconfig.exe" #define WIN_NET_PATH_SUFFIX "\\system32\\net.exe" -#define WMIC_PATH_SUFFIX "\\system32\\wbem\\wmic.exe" +#define POWERSHELL_PATH_SUFFIX "\\system32\\WindowsPowerShell\\v1.0\\powershell.exe" /* * Win32-specific OpenVPN code, targeted at the mingw