That --allow-nonadmin functionality was included into commit 3c7f2f553 from
yeah 2005. Here is code from tap-win32/tapdrv.c from the same commit:
+#if ENABLE_NONADMIN
+ /* Read AllowNonAdmin setting from registry */
+ {
+ NDIS_STRING key = NDIS_STRING_CONST("AllowNonAdmin");
+ NdisReadConfiguration (&status, &parm, configHandle,
+ &key, NdisParameterInteger);
+ if (status == NDIS_STATUS_SUCCESS)
+ {
+ if (parm->ParameterType == NdisParameterInteger)
+ {
+ if (parm->ParameterData.IntegerData)
+ {
+ enable_non_admin = TRUE;
+ }
+ }
+ }
+ }
+#endif
As you see, the current version posted by Selva is missing
if (parm->ParameterData.IntegerData)
part.
So it seems for me that this feature has been degraded somewhere between
2005 and 2019.
la 29. kesäk. 2019 klo 17.34 Lev Stipakov ([email protected]) kirjoitti:
> Hi,
>
> So Lev's patch proposes to do service calls for wintun *and* tap6, and
>> do so "always"? Or only if the registry key says so?
>>
>
> Yep, patch always opens wintun and tap6 via service no matter what
> registry key says.
>
> > For some reason that registry key appears to be doing nothing in
>> > current versions of tap-windows6. I know this is confusing...
>>
>> This sounds like a bug...
>>
>
> Indeed that registry key is confusing. If we fix it in tap6, won't we
> break existing setups, which open tap6
> from unprivileged process and do not use --allow-nonadmin?
>
> --
> -Lev
>
--
-Lev
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
