Hi,
On Thu, Jun 27, 2019 at 8:08 AM Lev Stipakov <lstipa...@gmail.com> wrote:
>
> From: Lev Stipakov <l...@openvpn.net>
>
> This patch enables interactive service to open tun device.
> This is mostly needed by Wintun, which could be opened
> only by privileged process.
>
> When interactive service is used, instead of calling
> CreateFile() directly by openvpn process we pass tun device path
> into service process. There we open device, duplicate handle
> and pass it back to openvpn process.
>
> Signed-off-by: Lev Stipakov <l...@openvpn.net>
> ---
> v3:
> - ensure that device path passed by client is null-terminated
> - support for multiple openvpn processes
> - return proper error code when device handle is invalid
This works but there are two general concerns:
(i) The new message is named message_open_tun, but it allows opening
any file using the service. This is not secure. We need to restrict it
to open tun/tap device nodes only.
(ii) Should we allow all users to open tap6 adapters irrespective of
any other access restrictions that may be present? I'm conflicted
about this as, on closer look, access control in tap-windows6 appears
broken.
> @@ -117,4 +119,14 @@ typedef struct {
> interface_t iface;
> } enable_dhcp_message_t;
> +typedef struct {
> + message_header_t header;
> + char device_path[256];
> +} open_tun_device_message_t;
> +
> +typedef struct {
> + message_header_t header;
> + HANDLE handle;
> + int error_number;
> +} open_tun_device_result_message_t;
Defining this struct with error_number followed by handle would be
better (makes its head match in memory with ack_message_t). That makes
it possible to read a normal ack into it and resolve the error number.
Can happen if openvpn.exe is upgraded but service stays at an old
version -- such a service will respond with ack and
error_number=ERROR_MESSAGE_TYPE.
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
