Re: [Openvpn-devel] [PATCH] tun.c: enable using wintun driver under SYSTEM

Fri, 21 Aug 2020 14:43:00 -0700 

Hi,

On Wed, Aug 19, 2020 at 3:08 AM Lev Stipakov <lstipa...@gmail.com> wrote:

> From: Lev Stipakov <l...@openvpn.net>
>
> Commit 6d19775a468 has removed SYSTEM elevation hack,
> but introduced regression - inability to use wintun without interactive
> service.
>
> Proceed with ring buffers registration even if iservice is unavailable and
> display
> relevant error message.
>
> Trac #1318
>
> Signed-off-by: Lev Stipakov <l...@openvpn.net>
> ---
>  src/openvpn/tun.c | 30 +++++++++++++++++++++++++-----
>  1 file changed, 25 insertions(+), 5 deletions(-)
>
> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
> index 30454454..62557364 100644
> --- a/src/openvpn/tun.c
> +++ b/src/openvpn/tun.c
> @@ -6158,12 +6158,32 @@ wintun_register_ring_buffer(struct tuntap *tt,
> const char *device_guid)
>      }
>      else
>      {
> -        msg(M_FATAL, "ERROR:  Wintun requires SYSTEM privileges and
> therefore "
> -                     "should be used with interactive service. If you
> want to "
> -                     "use openvpn from command line, you need to do
> SYSTEM "
> -                     "elevation yourself (for example with psexec).");
> -    }
> +        if (!register_ring_buffers(tt->hand,
> +                                   tt->wintun_send_ring,
> +                                   tt->wintun_receive_ring,
> +                                   tt->rw_handle.read,
> +                                   tt->rw_handle.write))
> +        {
> +            switch (GetLastError())
> +            {
> +                case ERROR_ACCESS_DENIED:
> +                    msg(M_FATAL, "ERROR:  Wintun requires SYSTEM
> privileges and therefore "
> +                                 "should be used with interactive
> service. If you want to "
> +                                 "use openvpn from command line, you need
> to do SYSTEM "
> +                                 "elevation yourself (for example with
> psexec).");
> +                    break;
> +
> +                case ERROR_ALREADY_INITIALIZED:
> +                    msg(M_NONFATAL, "Adapter %s is already in use",
> device_guid);
> +                    break;
>
> +                default:
> +                    msg(M_NONFATAL | M_ERRNO, "Failed to register ring
> buffers");
> +            }
> +            ret = false;
> +        }
> +
> +    }
>      return ret;
>  }
>

Looks good and running as SYSTEM works now as expected. Tested on 64 bit
Windows 10.

Acked-by: selva.n...@gmail.com

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to