From patchwork Thu Apr 6 07:15:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 3186 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:5492:b0:b2:b40d:92f9 with SMTP id ab18csp458622dyc; Thu, 6 Apr 2023 00:17:04 -0700 (PDT) X-Google-Smtp-Source: AKy350Yjh4qAM6js8+txdrOg/jVFWDtoUn0v4hfSQeeboGwHvxOcMrcoeJXr76RFUPIGgJ0TEkxs X-Received: by 2002:a17:903:283:b0:1a2:a284:d3bf with SMTP id j3-20020a170903028300b001a2a284d3bfmr9349800plr.17.1680765424492; Thu, 06 Apr 2023 00:17:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680765424; cv=none; d=google.com; s=arc-20160816; b=zqPjUyz1tMzY6rIX0jUo74+syfI2s5AeEQKWf2mnoXMcp816bQXZvPrsnEHQYOg7kY DT6cFgyEbsYSsZk6Wv3jikwbqOaRQFtqN1BiFUTVahIrE2k14gaSnEXoALx4DgGPgrcG BapOYO9bA1VdrrSEtNOjiiWVdEbjoz/HQFXsrC9qhZ1C+U+Bc+jP4BF7yPU4JfcFW+rS dJQL8bLZdfD42ZcSZCWZB1R52wGcxCxLBG06FSuKSn/PTHPrVm5UdWvzNZkLbCDpzOOo EE8HWUV89VFGK8tiYBfklfZzwudgGdGC+v5LYDaZG0yusYU1RNxwb2SMKyUy5LgjmGmK MxKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=86sK/JiA7U7Fhhof4xKtVbA7OlLs//zT01YI6MjdnIA=; b=Vml+s7bP2E+b16rScOsdE7DUGEgRaCyYheIFGQ9EGo4fL9ioowmdahHiiCuSnB9TAX ivGj2vaXVIX49t2RVS6kie6KMcjkwuP3mMiDvrsoz8ZsRIK2wit+6beiGPWx/6VsBLak HSeiqSGeDmTetyPq7TyumCzo3WKMIzBPYkuqGl+2emEwyYqaQWbYPCNeNPFMDUPozREm Jkn5XGaYAbpy1mi3cjspBp7BxbseDyRXp1+7EFs4tQgFF/AWFf4JzbYDs8ZYz1xj7p8M VDXJCELXYrOzPyYeaNS6/Q5toqROuJc4lqT6VcfgYCc4bCWZhxiOhQguJT8zd1o94bmo ciKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PVTe7Lea; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=i7hvY6YF; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RA9wIpee; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id h128-20020a636c86000000b00514477c4416si585617pgc.801.2023.04.06.00.17.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Apr 2023 00:17:04 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PVTe7Lea; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=i7hvY6YF; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RA9wIpee; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pkJqv-0001o5-NB; Thu, 06 Apr 2023 07:16:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pkJqt-0001nz-NR for openvpn-devel@lists.sourceforge.net; Thu, 06 Apr 2023 07:16:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CN8k8AXgy7xAwof/6h8Tt8XVJtp303nuNhtiQbc2ACg=; b=PVTe7Leap0P+m+wSeALu/33WWa xH5BbhkS4rAFU5ltsC6ZOzPEBIQ5tjXDZtNfUSay40VxTnaaYhGJ6vM1/JASLvzZlrxYva1AE3jm5 HwXKZaDOYLqM09Ft01G8CQsUU9F45++RLoH3vgD0h1kh0R+g6VTewqOCr6zTLQ53+8ZY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CN8k8AXgy7xAwof/6h8Tt8XVJtp303nuNhtiQbc2ACg=; b=i7hvY6YFzCyG72v3CXfFJ1Xts7 pN5CNaLAQWueKqc4xeEAGXB+Swp833Enmki7QvoLLMVTPpQJh2kV81PuLaD4r4eMq+tXoXvKEsRQD 1dMGzE+FNX2mFJ8nVw0UGo/+YkBIeREJ3M8imHwgf0X+0Uliak3kYZh7u11DiNnDnI3w=; Received: from mail-lf1-f51.google.com ([209.85.167.51]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pkJqp-00Ge4P-Bk for openvpn-devel@lists.sourceforge.net; Thu, 06 Apr 2023 07:16:10 +0000 Received: by mail-lf1-f51.google.com with SMTP id h25so49658122lfv.6 for ; Thu, 06 Apr 2023 00:16:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680765360; x=1683357360; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CN8k8AXgy7xAwof/6h8Tt8XVJtp303nuNhtiQbc2ACg=; b=RA9wIpee/vHueZOFmDzePJNEOhJaBWUexYuaU2Grc+VJ5cylv2rnuw2rC25LgeoYqS ctmFxBWr7mKrDa0diHstgtyqD53zUm3oSc9mz7H+YDunWfH/IjDxXKF6OpPSOA5Ftz4k rtOlOJjga1KeGzxt1mBKqU3KZ6N5KDjlRw6SX1QMo8c4XqwyYmmliUuPMlFRr/SvAH3U yrhtn3IfDqejzHCT2sr6gH1CQ+4lW1k3YgA6nGpUY/E9HaIs+gCueWgc0zuHW5JQRE3L P9BNatHNBCyJLfeOCvTRup8vb3BLGGpjKiXNaGtS8gclYnF+bTAFCrR9/hSLkZqgJb7N hSDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680765360; x=1683357360; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CN8k8AXgy7xAwof/6h8Tt8XVJtp303nuNhtiQbc2ACg=; b=Z6ozzzNRDnXBYJXihAbRLkEwEfoFdBAEm/iXL2rnQRe3rNGKmblk8ZA2nxktBxKVgW 1iediedvSOWBCCO5xM7p8evVbcepiwrhbj2DuJGiz2IuCDrKQSe1HMxzwa5kl59NArvI PgCmwqd5Inrc/W1VAO2goaoK1D5O/f/aRt0+ZzpAGhrm08UDn08bo8ZuJD+A5JhNOrTM xDntqI59kNCZ6x1PmO/B4XxCXQyJB98Sw56r+z9rP9i03jny82vYhPa5Sz0a+8M4yQfm fehQjDQONuJTzGVT2NgjDBsfIMXc1Bu3X7Q3vJNmwvEDqW+RmSigWl9ZM9Ym1FIXQf0a oiwQ== X-Gm-Message-State: AAQBX9eTfUuud7jiep/rHEnspctMe0mmSrPIaEdODOpeynkk0dCAj7PJ uY6I2k2uB2sGsu29uM9BF5LLSV9TRP9/aV+v X-Received: by 2002:ac2:5147:0:b0:4dd:a57e:9960 with SMTP id q7-20020ac25147000000b004dda57e9960mr2082606lfd.5.1680765359930; Thu, 06 Apr 2023 00:15:59 -0700 (PDT) Received: from localhost.localdomain (nat4.panoulu.net. [185.38.2.4]) by smtp.gmail.com with ESMTPSA id v7-20020ac25587000000b004e9d2af99c0sm144571lfg.71.2023.04.06.00.15.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Apr 2023 00:15:59 -0700 (PDT) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Thu, 6 Apr 2023 10:15:46 +0300 Message-Id: <20230406071546.1056-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.23.0.windows.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov We set DNS domain either via interactve service or DHCP. When interactive service is not used, for example, when profiles are started by OpenVPNService, this option is not working for DCO and wintun. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.167.51 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.167.51 listed in wl.mailspike.net] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1pkJqp-00Ge4P-Bk Subject: [Openvpn-devel] [PATCH v2] Support of DNS domain for DHCP-less drivers X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1762231854516090393?= X-GMAIL-MSGID: =?utf-8?q?1762410285717491324?= From: Lev Stipakov We set DNS domain either via interactve service or DHCP. When interactive service is not used, for example, when profiles are started by OpenVPNService, this option is not working for DCO and wintun. This implements setting DNS domain via WMIC command, similar to implementation in interactive service. This is done when: - interactive service is not used - DHCP is not used (ip-win32 is either NETSH or IPAPI, or IPv4 address is not pushed) Fixes https://github.com/OpenVPN/openvpn/issues/306 Change-Id: Ic72a4ecd0414c0d7bf013415f52640fd122cb739 Signed-off-by: Lev Stipakov Acked-by: Selva Nair --- v2: - remove tuntap_maybe_dhcp() check in ipv6 setup/teardown, because we still need wmic call in this case - remove the whole tuntap_maybe_dhcp() function, because let's do refactoring separately - rename wmic_do_dns_domain() to do_dns_domain_wmic() to be consistent with do_dns_domain_service() src/openvpn/tun.c | 68 ++++++++++++++++++++++++++++++++++++--------- src/openvpn/win32.h | 1 + 2 files changed, 56 insertions(+), 13 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 2ebe4809..2320e8b1 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -84,6 +84,8 @@ static void netsh_set_dns6_servers(const struct in6_addr *addr_list, static void netsh_command(const struct argv *a, int n, int msglevel); +static void exec_command(const char *prefix, const struct argv *a, int n, int msglevel); + static const char *netsh_get_id(const char *dev_node, struct gc_arena *gc); static bool @@ -324,6 +326,22 @@ out: return ret; } +static void +do_dns_domain_wmic(bool add, const struct tuntap *tt) +{ + if (!tt->options.domain) + { + return; + } + + struct argv argv = argv_new(); + argv_printf(&argv, "%s%s nicconfig where (InterfaceIndex=%ld) call SetDNSDomain %s", + get_win_sys_path(), WMIC_PATH_SUFFIX, tt->adapter_index, add ? tt->options.domain : ""); + exec_command("WMIC", &argv, 1, M_WARN); + + argv_free(&argv); +} + #endif /* ifdef _WIN32 */ #ifdef TARGET_SOLARIS @@ -1190,6 +1208,11 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, /* set ipv6 dns servers if any are specified */ netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, tt->adapter_index); windows_set_mtu(tt->adapter_index, AF_INET6, tun_mtu); + + if (!tt->did_ifconfig_setup) + { + do_dns_domain_wmic(true, tt); + } } #else /* platforms we have no IPv6 code for */ msg(M_FATAL, "Sorry, but I don't know how to do IPv6 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script."); @@ -1535,11 +1558,18 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, do_dns_service(true, AF_INET, tt); do_dns_domain_service(true, tt); } - else if (tt->options.ip_win32_type == IPW32_SET_NETSH) + else { - netsh_ifconfig(&tt->options, tt->adapter_index, tt->local, - tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS); + if (tt->options.ip_win32_type == IPW32_SET_NETSH) + { + netsh_ifconfig(&tt->options, tt->adapter_index, tt->local, + tt->adapter_netmask, NI_IP_NETMASK | NI_OPTIONS); + } + + do_dns_domain_wmic(true, tt); } + + if (tt->options.msg_channel) { do_set_mtu_service(tt, AF_INET, tun_mtu); @@ -5238,12 +5268,8 @@ dhcp_renew(const struct tuntap *tt) } } -/* - * netsh functions - */ - static void -netsh_command(const struct argv *a, int n, int msglevel) +exec_command(const char *prefix, const struct argv *a, int n, int msglevel) { int i; for (i = 0; i < n; ++i) @@ -5251,8 +5277,8 @@ netsh_command(const struct argv *a, int n, int msglevel) bool status; management_sleep(0); netcmd_semaphore_lock(); - argv_msg_prefix(M_INFO, a, "NETSH"); - status = openvpn_execve_check(a, NULL, 0, "ERROR: netsh command failed"); + argv_msg_prefix(M_INFO, a, prefix); + status = openvpn_execve_check(a, NULL, 0, "ERROR: command failed"); netcmd_semaphore_release(); if (status) { @@ -5260,7 +5286,13 @@ netsh_command(const struct argv *a, int n, int msglevel) } management_sleep(4); } - msg(msglevel, "NETSH: command failed"); + msg(msglevel, "%s: command failed", prefix); +} + +static void +netsh_command(const struct argv *a, int n, int msglevel) +{ + exec_command("NETSH", a, n, msglevel); } void @@ -6927,6 +6959,11 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) } else { + if (!tt->did_ifconfig_setup) + { + do_dns_domain_wmic(false, tt); + } + netsh_delete_address_dns(tt, true, &gc); } } @@ -6947,9 +6984,14 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx) do_dns_service(false, AF_INET, tt); do_address_service(false, AF_INET, tt); } - else if (tt->options.ip_win32_type == IPW32_SET_NETSH) + else { - netsh_delete_address_dns(tt, false, &gc); + do_dns_domain_wmic(false, tt); + + if (tt->options.ip_win32_type == IPW32_SET_NETSH) + { + netsh_delete_address_dns(tt, false, &gc); + } } } diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index 72ffb012..36059662 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -38,6 +38,7 @@ #define WIN_ROUTE_PATH_SUFFIX "\\system32\\route.exe" #define WIN_IPCONFIG_PATH_SUFFIX "\\system32\\ipconfig.exe" #define WIN_NET_PATH_SUFFIX "\\system32\\net.exe" +#define WMIC_PATH_SUFFIX "\\system32\\wbem\\wmic.exe" /* * Win32-specific OpenVPN code, targeted at the mingw