Re: [Openvpn-devel] [PATCH v2] openvpnserv: enable interactive service to open tun

Thu, 27 Jun 2019 03:09:10 -0700 

Hi,

This only handles dev-node is unspecified. We need the same for
> the case where dev-node specified above this.
>

I never used that, so this has slipped from my attention. Will do.


> We service multiple OpenVPN processes, so a global variable is no good.
>
> Some alternatives:
> (i) Use GetNamedPipeClientProcessId() each time
> (ii) save the processId in undo_lists (this list is local to the service
> thread)
>

GetNamedPipeClientProcessId() returns service process id, since we open
client pipe from service code and pass
handle to openvpn process:

    svc_pipe = CreateFile(ovpn_pipe_name, GENERIC_READ | GENERIC_WRITE, 0,
                          &inheritable, OPEN_EXISTING, 0, NULL);
    openvpn_sntprintf(cmdline, cmdline_size, L"openvpn %s --msg-channel
%lu",
                      sud.options, svc_pipe);

I looked more closely at the code and turns out that instead of global
variable you can just pass process id to HandleMessage():

    CreateProcessAsUserW(pri_token, exe_path, cmdline, &ovpn_sa, NULL, TRUE,
                              settings.priority | CREATE_NO_WINDOW |
CREATE_UNICODE_ENVIRONMENT,
                              user_env, sud.directory, &startup_info,
&proc_info);
    while (TRUE)
    {
        DWORD bytes = PeekNamedPipeAsync(ovpn_pipe, 1, &exit_event);
        HandleMessage(ovpn_pipe, proc_info.hProcess, bytes, 1, &exit_event,
&undo_lists);
    }



> I think we must ensure device_path is null terminated as its received
> over the pipe from a user process. Our utf8to16() just assumes it is.
> There are a few other places where we've this defect but that has to
> be handled in a separate patch.
>

Yep, meanwhile I'll just make sure that it is null terminated for this
specific case:

msg.open_tun.device_path[sizeof(msg.open_tun.device_path) - 1] = '\0';
res.error_number = HandleOpenTunDeviceMessage(&msg.open_tun, ovpn_proc,
&res.handle);


> Need err = GetLastError(); here. Otherwise we're returning success as
> the error code with an invalid handle.
>

Yep.

Selva
>

Thanks for review, V3 is coming.

-- 
-Lev

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to