From 5a2e9a2587372aeb4b74fa1aadf53283ed7cae10 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Sat, 26 Jul 2008 07:27:03 +0000
Subject: Completely revamped the system for calling external programs and
 scripts:

* All external programs and scripts are now called by execve() on unix and
  CreateProcess on Windows.

* The system() function is no longer used.

* Argument lists for external programs and scripts are now built by the new
  argv_printf function which natively outputs to string arrays (i.e.
  char *argv[] lists), never truncates its output, and eliminates the security
  issues inherent in formatting and parsing command lines, and dealing with
  argument quoting.

* The --script-security directive has been added to offer policy controls on
  OpenVPN's execution of external programs and scripts.

Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 ssl.c | 40 +++++++++++++++++++---------------------
 1 file changed, 19 insertions(+), 21 deletions(-)

(limited to 'ssl.c')

diff --git a/ssl.c b/ssl.c
index 55a3830..9318b8a 100644
--- a/ssl.c
+++ b/ssl.c
@@ -544,6 +544,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
   struct tls_session *session;
   const struct tls_options *opt;
   const int max_depth = 8;
+  struct argv argv = argv_new ();
 
   /* get the tls_session pointer */
   ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -689,16 +690,13 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
   /* call --tls-verify plug-in(s) */
   if (plugin_defined (opt->plugins, OPENVPN_PLUGIN_TLS_VERIFY))
     {
-      char command[256];
-      struct buffer out;
       int ret;
 
-      buf_set_write (&out, (uint8_t*)command, sizeof (command));
-      buf_printf (&out, "%d %s",
-		  ctx->error_depth,
-		  subject);
+      argv_printf (&argv, "%d %s",
+		   ctx->error_depth,
+		   subject);
 
-      ret = plugin_call (opt->plugins, OPENVPN_PLUGIN_TLS_VERIFY, command, NULL, opt->es);
+      ret = plugin_call (opt->plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, opt->es);
 
       if (ret == OPENVPN_PLUGIN_FUNC_SUCCESS)
 	{
@@ -716,19 +714,16 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
   /* run --tls-verify script */
   if (opt->verify_command)
     {
-      char command[256];
-      struct buffer out;
       int ret;
 
       setenv_str (opt->es, "script_type", "tls-verify");
 
-      buf_set_write (&out, (uint8_t*)command, sizeof (command));
-      buf_printf (&out, "%s %d %s",
-		  opt->verify_command,
-		  ctx->error_depth,
-		  subject);
-      dmsg (D_TLS_DEBUG, "TLS: executing verify command: %s", command);
-      ret = openvpn_system (command, opt->es, S_SCRIPT);
+      argv_printf (&argv, "%s %d %s",
+		   opt->verify_command,
+		   ctx->error_depth,
+		   subject);
+      argv_msg_prefix (D_TLS_DEBUG, &argv, "TLS: executing verify command");
+      ret = openvpn_execve (&argv, opt->es, S_SCRIPT);
 
       if (system_ok (ret))
 	{
@@ -738,7 +733,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
       else
 	{
 	  if (!system_executed (ret))
-	    msg (M_ERR, "Verify command failed to execute: %s", command);
+	    argv_msg_prefix (M_ERR, &argv, "Verify command failed to execute");
 	  msg (D_HANDSHAKE, "VERIFY SCRIPT ERROR: depth=%d, %s",
 	       ctx->error_depth, subject);
 	  goto err;		/* Reject connection */
@@ -801,11 +796,13 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
 
   session->verified = true;
   free (subject);
+  argv_reset (&argv);
   return 1;			/* Accept connection */
 
  err:
   ERR_clear_error ();
   free (subject);
+  argv_reset (&argv);
   return 0;                     /* Reject connection */
 }
 
@@ -2901,7 +2898,7 @@ static bool
 verify_user_pass_script (struct tls_session *session, const struct user_pass *up)
 {
   struct gc_arena gc = gc_new ();
-  struct buffer cmd = alloc_buf_gc (256, &gc);
+  struct argv argv = argv_new ();
   const char *tmp_file = "";
   int retval;
   bool ret = false;
@@ -2940,16 +2937,16 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up
       setenv_untrusted (session);
 
       /* format command line */
-      buf_printf (&cmd, "%s %s", session->opt->auth_user_pass_verify_script, tmp_file);
+      argv_printf (&argv, "%s %s", session->opt->auth_user_pass_verify_script, tmp_file);
       
       /* call command */
-      retval = openvpn_system (BSTR (&cmd), session->opt->es, S_SCRIPT);
+      retval = openvpn_execve (&argv, session->opt->es, S_SCRIPT);
 
       /* test return status of command */
       if (system_ok (retval))
 	ret = true;
       else if (!system_executed (retval))
-	msg (D_TLS_ERRORS, "TLS Auth Error: user-pass-verify script failed to execute: %s", BSTR (&cmd));
+	argv_msg_prefix (D_TLS_ERRORS, &argv, "TLS Auth Error: user-pass-verify script failed to execute");
 	  
       if (!session->opt->auth_user_pass_verify_script_via_file)
 	setenv_del (session->opt->es, "password");
@@ -2963,6 +2960,7 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up
   if (strlen (tmp_file) > 0)
     delete_file (tmp_file);
 
+  argv_reset (&argv);
   gc_free (&gc);
   return ret;
 }
-- 
cgit