mirror of https://github.com/OpenVPN/openvpn-gui
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
327 lines
9.4 KiB
327 lines
9.4 KiB
/* |
|
* This file is a part of OpenVPN-GUI -- A Windows GUI for OpenVPN. |
|
* |
|
* Copyright (C) 2016 Selva Nair <selva.nair@gmail.com> |
|
* |
|
* This program is free software; you can redistribute it and/or modify |
|
* it under the terms of the GNU General Public License as published by |
|
* the Free Software Foundation; either version 2 of the License, or |
|
* (at your option) any later version. |
|
* |
|
* This program is distributed in the hope that it will be useful, |
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
* GNU General Public License for more details. |
|
* |
|
* You should have received a copy of the GNU General Public License |
|
* along with this program (see the file COPYING included with this |
|
* distribution); if not, write to the Free Software Foundation, Inc., |
|
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
*/ |
|
|
|
#ifdef HAVE_CONFIG_H |
|
#include <config.h> |
|
#endif |
|
|
|
#ifndef SECURITY_WIN32 |
|
#define SECURITY_WIN32 |
|
#endif |
|
|
|
#include <windows.h> |
|
#include <shellapi.h> |
|
#include <lm.h> |
|
#include <stdlib.h> |
|
#include <security.h> |
|
#include "main.h" |
|
#include "options.h" |
|
#include "service.h" |
|
#include "localization.h" |
|
#include "openvpn-gui-res.h" |
|
|
|
extern options_t o; |
|
|
|
#define MAX_UNAME_LEN (UNLEN + DNLEN + 2) /* UNLEN, DNLEN from lmcons.h +2 for '\' and NULL */ |
|
|
|
/* |
|
* Check whether current user is a member of specified groups |
|
*/ |
|
static BOOL |
|
CheckGroupMember(DWORD count, WCHAR *grp[]) |
|
{ |
|
LOCALGROUP_USERS_INFO_0 *groups = NULL; |
|
DWORD nread, nmax, err; |
|
WCHAR username[MAX_UNAME_LEN]; |
|
DWORD size; |
|
DWORD i, j; |
|
BOOL ret = FALSE; |
|
|
|
size = _countof (username); |
|
/* get username in domain\user format */ |
|
if (!GetUserNameExW (NameSamCompatible, username, &size)) |
|
return FALSE; |
|
#ifdef DEBUG |
|
PrintDebug(L"Username: \"%s\"", username); |
|
#endif |
|
|
|
/* Get an array of groups the user is member of */ |
|
err = NetUserGetLocalGroups (NULL, username, 0, LG_INCLUDE_INDIRECT, |
|
(LPBYTE *) &groups, MAX_PREFERRED_LENGTH, &nread, &nmax); |
|
if (err && err != ERROR_MORE_DATA) |
|
goto out; |
|
|
|
/* Check if user's groups include any of the admin groups */ |
|
for (i = 0; i < nread; i++) |
|
{ |
|
#ifdef DEBUG |
|
PrintDebug(L"user in group %d: %s", i, groups[i].lgrui0_name); |
|
#endif |
|
for (j = 0; j < count; j++) |
|
{ |
|
if (wcscmp (groups[i].lgrui0_name, grp[j]) == 0) |
|
{ |
|
ret = TRUE; |
|
break; |
|
} |
|
} |
|
if (ret) |
|
break; |
|
} |
|
#ifdef DEBUG |
|
PrintDebug(L"User is%s in an authorized group", ret? L"" : L" not"); |
|
#endif |
|
|
|
out: |
|
if (groups) |
|
NetApiBufferFree (groups); |
|
|
|
return ret; |
|
} |
|
|
|
/* |
|
* Run a command as admin using shell execute and return the exit code. |
|
* If the command fails to execute, the return value is (DWORD) -1. |
|
*/ |
|
static DWORD |
|
RunAsAdmin(const WCHAR *cmd, const WCHAR *params) |
|
{ |
|
SHELLEXECUTEINFO shinfo; |
|
DWORD status = -1; |
|
|
|
CLEAR (shinfo); |
|
shinfo.cbSize = sizeof(shinfo); |
|
shinfo.fMask = SEE_MASK_NOCLOSEPROCESS; |
|
shinfo.hwnd = NULL; |
|
shinfo.lpVerb = L"runas"; |
|
shinfo.lpFile = cmd; |
|
shinfo.lpDirectory = NULL; |
|
shinfo.nShow = SW_HIDE; |
|
shinfo.lpParameters = params; |
|
|
|
if (ShellExecuteEx(&shinfo) && shinfo.hProcess) |
|
{ |
|
WaitForSingleObject(shinfo.hProcess, INFINITE); |
|
GetExitCodeProcess(shinfo.hProcess, &status); |
|
CloseHandle(shinfo.hProcess); |
|
} |
|
return status; |
|
} |
|
|
|
/* |
|
* The Administrators group may be localized or renamed by admins. |
|
* Get the local name of the group using the SID. |
|
*/ |
|
static BOOL |
|
GetBuiltinAdminGroupName (WCHAR *name, DWORD nlen) |
|
{ |
|
BOOL b = FALSE; |
|
PSID admin_sid = NULL; |
|
DWORD sid_size = SECURITY_MAX_SID_SIZE; |
|
SID_NAME_USE su; |
|
|
|
WCHAR domain[MAX_NAME]; |
|
DWORD dlen = _countof(domain); |
|
|
|
admin_sid = malloc(sid_size); |
|
if (!admin_sid) |
|
return FALSE; |
|
|
|
b = CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, |
|
&sid_size); |
|
if(b) |
|
{ |
|
b = LookupAccountSidW(NULL, admin_sid, name, &nlen, domain, &dlen, &su); |
|
} |
|
#ifdef DEBUG |
|
PrintDebug (L"builtin admin group name = %s", name); |
|
#endif |
|
|
|
free (admin_sid); |
|
|
|
return b; |
|
} |
|
/* |
|
* Add current user to the specified group. Uses RunAsAdmin to elevate. |
|
* Reject if the group name contains certain illegal characters. |
|
*/ |
|
static BOOL |
|
AddUserToGroup (const WCHAR *group) |
|
{ |
|
WCHAR username[MAX_UNAME_LEN]; |
|
WCHAR cmd[MAX_PATH] = L"C:\\windows\\system32\\cmd.exe"; |
|
WCHAR netcmd[MAX_PATH] = L"C:\\windows\\system32\\net.exe"; |
|
WCHAR syspath[MAX_PATH]; |
|
WCHAR *params = NULL; |
|
|
|
/* command: cmd.exe, params: /c net.exe group /add & net.exe group user /add */ |
|
const WCHAR *fmt = L"/c %s localgroup \"%s\" /add & %s localgroup \"%s\" \"%s\" /add"; |
|
DWORD size; |
|
DWORD status; |
|
BOOL retval = FALSE; |
|
WCHAR reject[] = L"\"\?\\/[]:;|=,+*<>\'&"; |
|
|
|
/* |
|
* The only unknown content in the command line is the variable group. Ensure it |
|
* does not contain any '"' character. Here we reject all characters not allowed |
|
* in group names and special characters such as '&' as well. |
|
*/ |
|
if (wcspbrk(group, reject) != NULL) |
|
{ |
|
#ifdef DEBUG |
|
PrintDebug (L"AddUSerToGroup: illegal characters in group name: '%s'.", group); |
|
#endif |
|
return retval; |
|
} |
|
|
|
size = _countof(username); |
|
if (!GetUserNameExW (NameSamCompatible, username, &size)) |
|
return retval; |
|
|
|
size = _countof(syspath); |
|
if (GetSystemDirectory (syspath, size)) |
|
{ |
|
syspath[size-1] = L'\0'; |
|
size = _countof(cmd); |
|
_snwprintf(cmd, size, L"%s\\%s", syspath, L"cmd.exe"); |
|
cmd[size-1] = L'\0'; |
|
size = _countof(netcmd); |
|
_snwprintf(netcmd, size, L"%s\\%s", syspath, L"net.exe"); |
|
netcmd[size-1] = L'\0'; |
|
} |
|
size = (wcslen(fmt) + wcslen(username) + 2*wcslen(group) + 2*wcslen(netcmd)+ 1); |
|
if ((params = malloc (size*sizeof(WCHAR))) == NULL) |
|
return retval; |
|
|
|
_snwprintf(params, size, fmt, netcmd, group, netcmd, group, username); |
|
params[size-1] = L'\0'; |
|
|
|
status = RunAsAdmin (cmd, params); |
|
if (status == 0) |
|
retval = TRUE; |
|
|
|
#ifdef DEBUG |
|
if (status == (DWORD) -1) |
|
PrintDebug(L"RunAsAdmin: failed to execute the command [%s %s] : error = 0x%x", |
|
cmd, params, GetLastError()); |
|
else if (status) |
|
PrintDebug(L"RunAsAdmin: command [%s %s] returned exit_code = %lu", |
|
cmd, params, status); |
|
#endif |
|
|
|
free (params); |
|
return retval; |
|
} |
|
|
|
/* |
|
* Check whether the config location is authorized for startup through |
|
* interactive service. Either the user be a member of the specified groups, |
|
* or the config_dir be inside the global_config_dir |
|
*/ |
|
static BOOL |
|
CheckConfigPath (const WCHAR *config_dir, DWORD ngrp, WCHAR *admin_group[]) |
|
{ |
|
BOOL ret = FALSE; |
|
int size = wcslen(o.global_config_dir); |
|
|
|
/* if interactive service is not running, no access control: return TRUE */ |
|
if (!CheckIServiceStatus(FALSE)) |
|
ret = TRUE; |
|
|
|
/* if config is from the global location allow it */ |
|
else if ( wcsncmp(config_dir, o.global_config_dir, size) == 0 && |
|
wcsstr(config_dir + size, L"..") == NULL |
|
) |
|
ret = TRUE; |
|
|
|
/* check user is in an authorized group */ |
|
else |
|
{ |
|
if (CheckGroupMember(ngrp, admin_group)) |
|
ret = TRUE; |
|
} |
|
|
|
return ret; |
|
} |
|
|
|
/* |
|
* If config_dir for a connection is not in an authorized location, |
|
* show a dialog to add the user to the ovpn_admin_group. |
|
*/ |
|
BOOL |
|
AuthorizeConfig(const connection_t *c) |
|
{ |
|
DWORD res; |
|
BOOL retval = FALSE; |
|
WCHAR *admin_group[2]; |
|
WCHAR sysadmin_group[MAX_NAME]; |
|
|
|
if (GetBuiltinAdminGroupName(sysadmin_group, _countof(sysadmin_group))) |
|
admin_group[0] = sysadmin_group; |
|
else |
|
admin_group[0] = L"Administrators"; |
|
|
|
/* assuming TCHAR == WCHAR as we do not support non-unicode build */ |
|
admin_group[1] = o.ovpn_admin_group; |
|
|
|
#ifdef DEBUG |
|
PrintDebug (L"admin groups: %s, %s", admin_group[0], admin_group[1]); |
|
#endif |
|
|
|
if (CheckConfigPath(c->config_dir, 2, admin_group)) |
|
return TRUE; |
|
/* do not attempt to add user to sysadmin_group or a no-name group */ |
|
else if ( wcscmp(sysadmin_group, o.ovpn_admin_group) == 0 || |
|
wcslen(o.ovpn_admin_group) == 0 || |
|
!o.netcmd_semaphore ) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CONFIG_NOT_AUTHORIZED, c->config_name, sysadmin_group); |
|
return FALSE; |
|
} |
|
|
|
if (WaitForSingleObject (o.netcmd_semaphore, 0) != WAIT_OBJECT_0) |
|
{ |
|
/* Could not lock semaphore -- auth dialog already running? */ |
|
ShowLocalizedMsg(IDS_NFO_CONFIG_AUTH_PENDING, c->config_name, admin_group[1]); |
|
return FALSE; |
|
} |
|
|
|
/* semaphore locked -- relase before return */ |
|
|
|
res = ShowLocalizedMsgEx(MB_YESNO|MB_ICONWARNING, TEXT(PACKAGE_NAME), |
|
IDS_ERR_CONFIG_TRY_AUTHORIZE, c->config_name, |
|
o.ovpn_admin_group); |
|
if (res == IDYES) |
|
{ |
|
AddUserToGroup (o.ovpn_admin_group); |
|
/* |
|
* Check the success of above by testing the config path again. |
|
*/ |
|
if (CheckConfigPath(c->config_dir, 2, admin_group)) |
|
retval = TRUE; |
|
else |
|
ShowLocalizedMsg(IDS_ERR_ADD_USER_TO_ADMIN_GROUP, o.ovpn_admin_group); |
|
SetForegroundWindow (o.hWnd); |
|
} |
|
ReleaseSemaphore (o.netcmd_semaphore, 1, NULL); |
|
|
|
return retval; |
|
}
|
|
|