Hi, On Thu, Jun 27, 2019 at 8:08 AM Lev Stipakov <lstipa...@gmail.com> wrote: > > From: Lev Stipakov <l...@openvpn.net> > > This patch enables interactive service to open tun device. > This is mostly needed by Wintun, which could be opened > only by privileged process. > > When interactive service is used, instead of calling > CreateFile() directly by openvpn process we pass tun device path > into service process. There we open device, duplicate handle > and pass it back to openvpn process. > > Signed-off-by: Lev Stipakov <l...@openvpn.net> > --- > v3: > - ensure that device path passed by client is null-terminated > - support for multiple openvpn processes > - return proper error code when device handle is invalid
This works but there are two general concerns: (i) The new message is named message_open_tun, but it allows opening any file using the service. This is not secure. We need to restrict it to open tun/tap device nodes only. (ii) Should we allow all users to open tap6 adapters irrespective of any other access restrictions that may be present? I'm conflicted about this as, on closer look, access control in tap-windows6 appears broken. > @@ -117,4 +119,14 @@ typedef struct { > interface_t iface; > } enable_dhcp_message_t; > +typedef struct { > + message_header_t header; > + char device_path[256]; > +} open_tun_device_message_t; > + > +typedef struct { > + message_header_t header; > + HANDLE handle; > + int error_number; > +} open_tun_device_result_message_t; Defining this struct with error_number followed by handle would be better (makes its head match in memory with ack_message_t). That makes it possible to read a normal ack into it and resolve the error number. Can happen if openvpn.exe is upgraded but service stays at an old version -- such a service will respond with ack and error_number=ERROR_MESSAGE_TYPE. Selva _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel