Do not use interactive service if running as admin

Connecting to a named pipe server while running with admin rights is not secure in some windows versions. As the interactive service is not required to set routes while running as admin, this looks like a safe compromise. Fix based on feedback from Heiko Hund - Move IsUserAdmin() check before opening the service pipe Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-02-04 23:19:59 -05:00 · 2016-02-04 23:19:59 -05:00 · 791aea49e6
parent de6e411abd
commit 791aea49e6
3 changed files with 30 additions and 2 deletions
--- a/misc.c
+++ b/misc.c
@ -190,3 +190,28 @@ ForceForegroundWindow(HWND hWnd)

    return ret;
 }
+
+/*
+ * Check user has admin rights
+ * Taken from https://msdn.microsoft.com/en-us/library/windows/desktop/aa376389(v=vs.85).aspx
+ * Returns true if the calling process token has the local Administrators group enabled
+ * in its SID.  Assumes the caller is not impersonating and has access to open its own 
+ * process token.
+ */
+BOOL IsUserAdmin(VOID)
+{
+    BOOL b;
+    SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
+    PSID AdministratorsGroup;
+
+    b = AllocateAndInitializeSid (&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
+                                  DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
+                                  &AdministratorsGroup);
+    if(b)
+    {
+        CheckTokenMembership(NULL, AdministratorsGroup, &b);
+        FreeSid(AdministratorsGroup);
+    }
+
+    return(b);
+}
--- a/misc.h
+++ b/misc.h
@ -30,4 +30,6 @@ BOOL streq(LPCSTR, LPCSTR);
 BOOL wcsbegins(LPCWSTR, LPCWSTR);

 BOOL ForceForegroundWindow(HWND);
+
+BOOL IsUserAdmin(VOID);
 #endif
--- a/openvpn.c
+++ b/openvpn.c
@ -692,10 +692,11 @@ StartOpenVPN(connection_t *c)
        (o.proxy_source != config ? _T("--management-query-proxy ") : _T("")));

    /* Try to open the service pipe */
-    service = CreateFile(_T("\\\\.\\pipe\\openvpn\\service"),
+    if (!IsUserAdmin())
+      service = CreateFile(_T("\\\\.\\pipe\\openvpn\\service"),
                GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);

-    if (service != INVALID_HANDLE_VALUE)
+    if (service && service != INVALID_HANDLE_VALUE)
    {
        DWORD size = _tcslen(c->config_dir) + _tcslen(options) + sizeof(c->manage.password) + 3;
        TCHAR startup_info[1024];