[Openvpn-devel] [PATCH] openvpnserv: Cache last error before it is overridden

2021-03-22 Thread Simon Rozman via Openvpn-devel 
FormatMessage() sets the last error according to its own success. This
looses the original error code leading to mismatched error message and
error number when sprintfted together resulting in confusing event log
message.

Signed-off-by: Simon Rozman 
---
 src/openvpnserv/common.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c
index 48769be4..ebd08677 100644
--- a/src/openvpnserv/common.c
+++ b/src/openvpnserv/common.c
@@ -228,12 +228,14 @@ out:
 LPCTSTR
 GetLastErrorText()
 {
+DWORD error;
 static TCHAR buf[256];
 DWORD len;
 LPTSTR tmp = NULL;
 
+error = GetLastError();
 len = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | 
FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ARGUMENT_ARRAY,
-NULL, GetLastError(), LANG_NEUTRAL, (LPTSTR), 0, 
NULL);
+NULL, error, LANG_NEUTRAL, (LPTSTR), 0, NULL);
 
 if (len == 0 || (long) _countof(buf) < (long) len + 14)
 {
@@ -242,7 +244,7 @@ GetLastErrorText()
 else
 {
 tmp[_tcslen(tmp) - 2] = TEXT('\0'); /* remove CR/LF characters */
-openvpn_sntprintf(buf, _countof(buf), TEXT("%s (0x%x)"), tmp, 
GetLastError());
+openvpn_sntprintf(buf, _countof(buf), TEXT("%s (0x%x)"), tmp, error);
 }
 
 if (tmp)
-- 
2.30.0.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 4/5] tapctl: Resolve MSVC C4996 warnings

2021-03-22 Thread Simon Rozman via Openvpn-devel 
wcsncat() was declared unsafe in favour of wcsncat_s(). However, the
string concatenation follows the string length check, making wcsncat()
safe too. Code analysis is just not smart enough (yet) to detect this.

The code was refactored to use wcscat_s() MSVC is considering as "safe".

Signed-off-by: Simon Rozman 
---
 src/tapctl/tap.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index dd4a10a3..563c07f6 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -2,7 +2,7 @@
  *  tapctl -- Utility to manipulate TUN/TAP adapters on Windows
  *https://community.openvpn.net/openvpn/wiki/Tapctl
  *
- *  Copyright (C) 2018-2020 Simon Rozman 
+ *  Copyright (C) 2018-2021 Simon Rozman 
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
@@ -73,14 +73,15 @@ find_function(const WCHAR *libname, const char *funcname, 
HMODULE *m)
return NULL;
 }
 
-size_t len = _countof(libpath) - wcslen(libpath) - 1;
-if (len < wcslen(libname) + 1)
+/* +1 for the path seperator '\' */
+const size_t path_length = wcslen(libpath) + 1 + wcslen(libname);
+if (path_length >= _countof(libpath))
 {
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return NULL;
 }
-wcsncat(libpath, L"\\", len);
-wcsncat(libpath, libname, len-1);
+wcscat_s(libpath, _countof(libpath), L"\\");
+wcscat_s(libpath, _countof(libpath), libname);
 
 *m = LoadLibraryW(libpath);
 if (*m == NULL)
-- 
2.30.0.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 1/5] MSVC: Disable LZ4

2021-03-22 Thread Simon Rozman via Openvpn-devel 
Hi,

> > Commit 24596b25 ("build: Remove compat-lz4") removed lz4 compat layer,
> > but openvpn-build\msvc doesn't provide LZ4 library either.
> 
> What would be needed to actually *build* with LZ4 on MSVC?  That is,
> build it as prerequisite as LZO is built?
> 
> The idea wasn't to remove LZ4 from builds, just to remove the bundled
> LZ4 "because all platforms have it now, so we do not need to maintain
> our own copy".  But it seems that was a bit shortsighted wrt windows
> building...

Thank you and Arne for explaining this. I should have followed the discussion 
on the OpenVPN meetings. Unfortunately, my workload doesn't allow me to follow 
on anything these days. So, I am not in condition to prepare LZ4 building in 
openvpn-build/msvc either.

I can live with LZ4 disabled in my sandbox only.

Shall we drop this patch for now?

Regards, Simon

___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 4/5] tapctl: Resolve MSVC C4996 warnings

2021-03-21 Thread Simon Rozman via Openvpn-devel 
Hi,

> > -73,14 +73,13 @@ find_function(const WCHAR *libname, const char
> *funcname, HMODULE *m)
> > return NULL;
> >  }
> >
> > -size_t len = _countof(libpath) - wcslen(libpath) - 1;
> > -if (len < wcslen(libname) + 1)
> > +if (wcslen(libpath) + 1 /*\*/ + wcslen(libname) >=
> > + _countof(libpath))
> 
> This random inline comment feels extremely weird.

It's trying to describe the "+ 1" amounts for a backslash \ being strcat-ed in 
the process below.

Regards, Simon

___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/5] interactive.c: Resolve MSVC C4996 warning

2021-03-21 Thread Simon Rozman via Openvpn-devel 
It's about using a standard recommended alias for the wcsdup():

> warning C4996: 'wcsdup': The POSIX name for this item is deprecated.
> Instead, use the ISO C and C++ conformant name: _wcsdup. See online
> help for details.

And the documentation says:

> The Microsoft-implemented POSIX function names strdup and wcsdup are
> deprecated aliases for the _strdup and _wcsdup functions. By default,
> they generate Compiler warning (level 3) C4996. The names are
> deprecated because they don't follow the Standard C rules for
> implementation-specific names. However, the functions are still
> supported.
>
> We recommend you use _strdup and _wcsdup instead. Or, you can continue
> to use these function names, and disable the warning. For more
> information, see Turn off the warning and POSIX function names.

Reference: 
https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strdup-wcsdup
Signed-off-by: Simon Rozman 
---
 src/openvpnserv/interactive.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index 5d5cbfe6..b073a0d5 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -899,7 +899,7 @@ ExecCommand(const WCHAR *argv0, const WCHAR *cmdline, DWORD 
timeout)
 si.cb = sizeof(si);
 
 /* CreateProcess needs a modifiable cmdline: make a copy */
-cmdline_dup = wcsdup(cmdline);
+cmdline_dup = _wcsdup(cmdline);
 if (cmdline_dup && CreateProcessW(argv0, cmdline_dup, NULL, NULL, FALSE,
   proc_flags, NULL, NULL, , ) )
 {
@@ -1181,7 +1181,7 @@ SetDNSDomain(const wchar_t *if_name, const char *domain, 
undo_lists_t *lists)
/* Add to undo list if domain is non-empty */
if (err == 0 && wdomain[0] && lists)
{
-wchar_t *tmp_name = wcsdup(if_name);
+wchar_t *tmp_name = _wcsdup(if_name);
 if (!tmp_name || AddListItem(&(*lists)[undo_domain], tmp_name))
 {
 free(tmp_name);
@@ -1272,7 +1272,7 @@ HandleDNSConfigMessage(const dns_cfg_message_t *msg, 
undo_lists_t *lists)
 
 if (msg->addr_len > 0)
 {
-wchar_t *tmp_name = wcsdup(wide_name);
+wchar_t *tmp_name = _wcsdup(wide_name);
 if (!tmp_name || AddListItem(&(*lists)[undo_type], tmp_name))
 {
 free(tmp_name);
-- 
2.30.0.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/5] MSVC: Disable LZ4

2021-03-21 Thread Simon Rozman via Openvpn-devel 
Commit 24596b25 ("build: Remove compat-lz4") removed lz4 compat layer,
but openvpn-build\msvc doesn't provide LZ4 library either.

Signed-off-by: Simon Rozman 
---
 config-msvc.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config-msvc.h b/config-msvc.h
index e430ca96..53d97902 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -9,7 +9,6 @@
 #define ENABLE_FRAGMENT 1
 #define ENABLE_HTTP_PROXY 1
 #define ENABLE_LZO 1
-#define ENABLE_LZ4 1
 #define ENABLE_MANAGEMENT 1
 #define ENABLE_MULTIHOME 1
 #define ENABLE_PKCS11 1
-- 
2.30.0.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 4/5] tapctl: Resolve MSVC C4996 warnings

2021-03-21 Thread Simon Rozman via Openvpn-devel 
wcsncat() was declared unsafe in favour of wcsncat_s(). However, the
string concatenation follows the string length check, making wcsncat()
safe too. Code analysis is just not smart enough (yet) to detect this.

The code was refactored to use wcscat_s() MSVC is considering as "safe".

Signed-off-by: Simon Rozman 
---
 src/tapctl/tap.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index dd4a10a3..3f76c43a 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -2,7 +2,7 @@
  *  tapctl -- Utility to manipulate TUN/TAP adapters on Windows
  *https://community.openvpn.net/openvpn/wiki/Tapctl
  *
- *  Copyright (C) 2018-2020 Simon Rozman 
+ *  Copyright (C) 2018-2021 Simon Rozman 
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
@@ -73,14 +73,13 @@ find_function(const WCHAR *libname, const char *funcname, 
HMODULE *m)
return NULL;
 }
 
-size_t len = _countof(libpath) - wcslen(libpath) - 1;
-if (len < wcslen(libname) + 1)
+if (wcslen(libpath) + 1 /*\*/ + wcslen(libname) >= _countof(libpath))
 {
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return NULL;
 }
-wcsncat(libpath, L"\\", len);
-wcsncat(libpath, libname, len-1);
+wcscat_s(libpath, _countof(libpath), L"\\");
+wcscat_s(libpath, _countof(libpath), libname);
 
 *m = LoadLibraryW(libpath);
 if (*m == NULL)
-- 
2.30.0.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/5] tun.c: Remove dead code

2021-03-21 Thread Simon Rozman via Openvpn-devel 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 34 --
 1 file changed, 34 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 6c51a52d..6b7c8ef1 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -85,8 +85,6 @@ static void netsh_command(const struct argv *a, int n, int 
msglevel);
 
 static const char *netsh_get_id(const char *dev_node, struct gc_arena *gc);
 
-static DWORD get_adapter_index_flexible(const char *name);
-
 static bool
 do_address_service(const bool add, const short family, const struct tuntap *tt)
 {
@@ -4877,38 +4875,6 @@ get_adapter_index(const char *guid)
 return index;
 }
 
-static DWORD
-get_adapter_index_flexible(const char *name)  /* actual name or GUID */
-{
-struct gc_arena gc = gc_new();
-DWORD index;
-index = get_adapter_index_method_1(name);
-if (index == TUN_ADAPTER_INDEX_INVALID)
-{
-index = get_adapter_index_method_2(name);
-}
-if (index == TUN_ADAPTER_INDEX_INVALID)
-{
-const struct tap_reg *tap_reg = get_tap_reg();
-const struct panel_reg *panel_reg = get_panel_reg();
-const struct tap_reg *tr = get_adapter_by_name(name, tap_reg, 
panel_reg);
-if (tr)
-{
-index = get_adapter_index_method_1(tr->guid);
-if (index == TUN_ADAPTER_INDEX_INVALID)
-{
-index = get_adapter_index_method_2(tr->guid);
-}
-}
-}
-if (index == TUN_ADAPTER_INDEX_INVALID)
-{
-msg(M_INFO, "NOTE: could not get adapter index for name/GUID '%s'", 
name);
-}
-gc_free();
-return index;
-}
-
 /*
  * Return a string representing a PIP_ADDR_STRING
  */
-- 
2.30.0.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 5/5] iservice: Resolve MSVC C4996 warnings

2021-03-21 Thread Simon Rozman via Openvpn-devel 
Lots of string functions were declared unsafe in favor of ..._s()
counterparts. However, the code already is careful about the buffer
size. Code analysis is just not smart enough (yet) to detect this.

The code was refactored to use ..._s() variants MSVC is considering as
"safe".

Signed-off-by: Simon Rozman 
---
 src/openvpnserv/automatic.c   | 8 
 src/openvpnserv/common.c  | 4 ++--
 src/openvpnserv/interactive.c | 2 +-
 src/openvpnserv/service.c | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/openvpnserv/automatic.c b/src/openvpnserv/automatic.c
index 3f2ca345..0ba222a0 100644
--- a/src/openvpnserv/automatic.c
+++ b/src/openvpnserv/automatic.c
@@ -137,7 +137,7 @@ modext(LPTSTR dest, size_t size, LPCTSTR src, LPCTSTR 
newext)
 
 if (size > 0 && (_tcslen(src) + 1) <= size)
 {
-_tcscpy(dest, src);
+_tcscpy_s(dest, size, src);
 dest [size - 1] = TEXT('\0');
 i = _tcslen(dest);
 while (i-- > 0)
@@ -154,8 +154,8 @@ modext(LPTSTR dest, size_t size, LPCTSTR src, LPCTSTR 
newext)
 }
 if (_tcslen(dest) + _tcslen(newext) + 2 <= size)
 {
-_tcscat(dest, TEXT("."));
-_tcscat(dest, newext);
+_tcscat_s(dest, size, TEXT("."));
+_tcscat_s(dest, size, newext);
 return true;
 }
 dest[0] = TEXT('\0');
@@ -271,7 +271,7 @@ ServiceStartAutomatic(DWORD dwArgc, LPTSTR *lpszArgv)
 BOOL more_files;
 TCHAR find_string[MAX_PATH];
 
-openvpn_sntprintf(find_string, MAX_PATH, TEXT("%s\\*"), 
settings.config_dir);
+openvpn_sntprintf(find_string, _countof(find_string), TEXT("%s\\*"), 
settings.config_dir);
 
 find_handle = FindFirstFile(find_string, _obj);
 if (find_handle == INVALID_HANDLE_VALUE)
diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c
index 958643df..48769be4 100644
--- a/src/openvpnserv/common.c
+++ b/src/openvpnserv/common.c
@@ -37,7 +37,7 @@ openvpn_vsntprintf(LPTSTR str, size_t size, LPCTSTR format, 
va_list arglist)
 int len = -1;
 if (size > 0)
 {
-len = _vsntprintf(str, size, format, arglist);
+len = _vsntprintf_s(str, size, _TRUNCATE, format, arglist);
 str[size - 1] = 0;
 }
 return (len >= 0 && (size_t)len < size);
@@ -311,7 +311,7 @@ get_win_sys_path(void)
 
 if (!GetSystemDirectoryW(win_sys_path, _countof(win_sys_path)))
 {
-wcsncpy(win_sys_path, default_sys_path, _countof(win_sys_path));
+wcscpy_s(win_sys_path, _countof(win_sys_path), default_sys_path);
 win_sys_path[_countof(win_sys_path) - 1] = L'\0';
 }
 
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index b073a0d5..ed83d2a3 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -1067,7 +1067,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t 
*proto, const wchar_t *if_nam
 
 if (IsWindows7OrGreater())
 {
-wcsncat(cmdline, L" validate=no", ncmdline - wcslen(cmdline) - 1);
+wcscat_s(cmdline, ncmdline, L" validate=no");
 }
 err = ExecCommand(argv0, cmdline, timeout);
 
diff --git a/src/openvpnserv/service.c b/src/openvpnserv/service.c
index 8efe25f9..8101f83d 100644
--- a/src/openvpnserv/service.c
+++ b/src/openvpnserv/service.c
@@ -61,14 +61,14 @@ CmdInstallServices()
 TCHAR path[512];
 int i, ret = _service_max;
 
-if (GetModuleFileName(NULL, path + 1, 510) == 0)
+if (GetModuleFileName(NULL, path + 1, _countof(path) - 2) == 0)
 {
 _tprintf(TEXT("Unable to install service - %s\n"), GetLastErrorText());
 return 1;
 }
 
 path[0] = TEXT('\"');
-_tcscat(path, TEXT("\""));
+_tcscat_s(path, _countof(path), TEXT("\""));
 
 svc_ctl_mgr = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT | 
SC_MANAGER_CREATE_SERVICE);
 if (svc_ctl_mgr == NULL)
-- 
2.30.0.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] openvpnmsica: Skip legacy TAP-Windows6 adapters from evaluation

2020-09-24 Thread Simon Rozman via Openvpn-devel 
Legacy TAP-Windows6 adapters (marked as IF_TYPE_ETHERNET_CSMACD 0x6)
fail to upgrade to the new driver on Windows 7: Device cannot start
(Code 10).

Ignoring those adapters on Windows 7 triggers creation of a new TAP
adapter on setup eliminating the need for user intervention.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 13 
 src/tapctl/tap.c| 37 +
 src/tapctl/tap.h|  3 +++
 3 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index f203f736..dd6ecd74 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -303,10 +303,18 @@ find_adapters(
 }
 }
 
+OSVERSIONINFOEX osvi = { sizeof(OSVERSIONINFOEX), 
HIBYTE(_WIN32_WINNT_WIN8), LOBYTE(_WIN32_WINNT_WIN8) };
+DWORDLONG const dwlConditionMask = 
VerSetConditionMask(VerSetConditionMask(0, VER_MAJORVERSION, 
VER_GREATER_EQUAL), VER_MINORVERSION, VER_GREATER_EQUAL);
+BOOL bSkipLegacyAdapters = !VerifyVersionInfo(, VER_MAJORVERSION | 
VER_MINORVERSION, dwlConditionMask);
+
 /* Count adapters. */
 size_t adapter_count = 0;
 for (struct tap_adapter_node *pAdapter = pAdapterList; pAdapter; pAdapter 
= pAdapter->pNext)
 {
+if (bSkipLegacyAdapters && pAdapter->dwIfType != IF_TYPE_PROP_VIRTUAL)
+{
+continue;
+}
 adapter_count++;
 }
 
@@ -331,6 +339,11 @@ find_adapters(
 
 for (struct tap_adapter_node *pAdapter = pAdapterList; pAdapter; pAdapter 
= pAdapter->pNext)
 {
+if (bSkipLegacyAdapters && pAdapter->dwIfType != IF_TYPE_PROP_VIRTUAL)
+{
+continue;
+}
+
 /* Convert adapter GUID to UTF-16 string. (LPOLESTR defaults to 
LPWSTR) */
 LPOLESTR szAdapterId = NULL;
 StringFromIID((REFIID)>guid, );
diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index dd4a10a3..0dfc7555 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -29,6 +29,7 @@
 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -551,6 +552,8 @@ get_reg_string(
  *
  * @param pguidAdapter  A pointer to GUID that receives network adapter ID.
  *
+ * @param pdwIfType A pointer to DWORD that receives interface type.
+ *
  * @return ERROR_SUCCESS on success; Win32 error code otherwise
  **/
 static DWORD
@@ -558,7 +561,8 @@ get_net_adapter_guid(
 _In_ HDEVINFO hDeviceInfoSet,
 _In_ PSP_DEVINFO_DATA pDeviceInfoData,
 _In_ int iNumAttempts,
-_Out_ LPGUID pguidAdapter)
+_Out_ LPGUID pguidAdapter,
+_Out_opt_ LPDWORD pdwIfType)
 {
 DWORD dwResult = ERROR_BAD_ARGUMENTS;
 
@@ -613,6 +617,23 @@ get_net_adapter_guid(
 
 dwResult = SUCCEEDED(CLSIDFromString(szCfgGuidString, 
(LPCLSID)pguidAdapter)) ? ERROR_SUCCESS : ERROR_INVALID_DATA;
 free(szCfgGuidString);
+
+if (pdwIfType)
+{
+DWORD dwValueType = REG_NONE, dwSize = sizeof(*pdwIfType);
+dwResult = RegQueryValueEx(
+hKey,
+TEXT("*IfType"),
+NULL,
+,
+(BYTE *)pdwIfType,
+);
+if (dwResult != ERROR_SUCCESS || dwValueType != REG_DWORD || 
dwSize != sizeof(*pdwIfType))
+{
+*pdwIfType = IF_TYPE_OTHER;
+}
+}
+
 break;
 }
 
@@ -839,7 +860,7 @@ tap_create_adapter(
 }
 
 /* Get network adapter ID from registry. Retry for max 30sec. */
-dwResult = get_net_adapter_guid(hDevInfoList, _data, 30, 
pguidAdapter);
+dwResult = get_net_adapter_guid(hDevInfoList, _data, 30, 
pguidAdapter, NULL);
 
 cleanup_remove_device:
 if (dwResult != ERROR_SUCCESS)
@@ -981,7 +1002,7 @@ execute_on_first_adapter(
 
 /* Get adapter GUID. */
 GUID guidAdapter;
-dwResult = get_net_adapter_guid(hDevInfoList, _data, 1, 
);
+dwResult = get_net_adapter_guid(hDevInfoList, _data, 1, 
, NULL);
 if (dwResult != ERROR_SUCCESS)
 {
 /* Something is wrong with this device. Skip it. */
@@ -1259,7 +1280,8 @@ tap_list_adapters(
 
 /* Get adapter GUID. */
 GUID guidAdapter;
-dwResult = get_net_adapter_guid(hDevInfoList, _data, 1, 
);
+DWORD dwIfType;
+dwResult = get_net_adapter_guid(hDevInfoList, _data, 1, 
, );
 if (dwResult != ERROR_SUCCESS)
 {
 /* Something is wrong with this device. Skip it. */
@@ -1321,6 +1343,7 @@ tap_list_adapters(
 memcpy(node->szzHardwareIDs, szzDeviceHardwareIDs, hwid_size);
 node->szName = (LPTSTR)((LPBYTE)node->szzHardwareIDs + hwid_size);
 memcpy(node->szName, szName, name_size);
+node->dwIfType = dwIfType;
 node->pNext = NULL;
 if (pAdapterTail)
 {
@@ -1332,6 +1355,12 @@ tap_l

[Openvpn-devel] [PATCH 2/3] netsh: Clear existing IPv6 DNS servers before configuring new ones

2020-09-24 Thread Simon Rozman via Openvpn-devel 
When there are no IPv6 DNS published, the adapter state is not
sanitized and might contain IPv6 DNS server from a previous session.

netsh_ifconfig_options() clears DNS servers for IPv4 already.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 8fd3229f..b1cd7a1b 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -5281,7 +5281,6 @@ ip_addr_member_of(const in_addr_t addr, const 
IP_ADDR_STRING *ias)
  * Set the ipv6 dns servers on the specified interface.
  * The list of dns servers currently set on the interface
  * are cleared first.
- * No action is taken if number of addresses (addr_len) < 1.
  */
 static void
 netsh_set_dns6_servers(const struct in6_addr *addr_list,
@@ -5291,6 +5290,13 @@ netsh_set_dns6_servers(const struct in6_addr *addr_list,
 struct gc_arena gc = gc_new();
 struct argv argv = argv_new();
 
+/* delete existing DNS settings from TAP interface */
+argv_printf(, "%s%s interface ipv6 delete dns %lu all",
+get_win_sys_path(),
+NETSH_PATH_SUFFIX,
+adapter_index);
+netsh_command(, 2, M_FATAL);
+
 for (int i = 0; i < addr_len; ++i)
 {
 const char *fmt = (i == 0) ?
-- 
2.28.0.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] openvpnmsica: Simplify find_adapters() to void return

2020-09-24 Thread Simon Rozman via Openvpn-devel 
As the find_adapters() failure is not critical and FindSystemInfo()
should continue regardless, the find_adapters() has been simplified not
to return result code. It still logs any error thou.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index f203f736..de1cf65c 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -248,7 +248,7 @@ cleanup_OpenSCManager:
 }
 
 
-static UINT
+static void
 find_adapters(
 _In_ MSIHANDLE hInstall,
 _In_z_ LPCTSTR szzHardwareIDs,
@@ -262,12 +262,12 @@ find_adapters(
 uiResult = tap_list_adapters(NULL, szzHardwareIDs, );
 if (uiResult != ERROR_SUCCESS)
 {
-return uiResult;
+return;
 }
 else if (pAdapterList == NULL)
 {
 /* No adapters - no fun. */
-return ERROR_SUCCESS;
+return;
 }
 
 /* Get IPv4/v6 info for all network adapters. Actually, we're interested 
in link status only: up/down? */
@@ -394,7 +394,6 @@ cleanup_pAdapterAdresses:
 free(pAdapterAdresses);
 cleanup_pAdapterList:
 tap_free_adapter_list(pAdapterList);
-return uiResult;
 }
 
 
-- 
2.28.0.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/3] netsh: Specify interfaces by index rather than name

2020-09-24 Thread Simon Rozman via Openvpn-devel 
This is more efficient and less error prone.

Signed-off-by: Simon Rozman 
---
 src/openvpn/route.c | 26 +++---
 src/openvpn/tun.c   | 88 +
 2 files changed, 53 insertions(+), 61 deletions(-)

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index bd6b968b..d75aa5f4 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1987,25 +1987,24 @@ add_route_ipv6(struct route_ipv6 *r6, const struct 
tuntap *tt,
 }
 else
 {
-struct buffer out = alloc_buf_gc(64, );
+DWORD adapter_index;
 if (r6->adapter_index)  /* vpn server special route */
 {
-buf_printf(, "interface=%lu", r6->adapter_index );
+adapter_index = r6->adapter_index;
 gateway_needed = true;
 }
 else
 {
-buf_printf(, "interface=%lu", tt->adapter_index );
+adapter_index = tt->adapter_index;
 }
-device = buf_bptr();
 
-/* netsh interface ipv6 add route 2001:db8::/32 MyTunDevice */
-argv_printf(, "%s%s interface ipv6 add route %s/%d %s",
+/* netsh interface ipv6 add route 2001:db8::/32 42 */
+argv_printf(, "%s%s interface ipv6 add route %s/%d %lu",
 get_win_sys_path(),
 NETSH_PATH_SUFFIX,
 network,
 r6->netbits,
-device);
+adapter_index);
 
 /* next-hop depends on TUN or TAP mode:
  * - in TAP mode, we use the "real" next-hop
@@ -2431,25 +2430,24 @@ delete_route_ipv6(const struct route_ipv6 *r6, const 
struct tuntap *tt,
 }
 else
 {
-struct buffer out = alloc_buf_gc(64, );
+DWORD adapter_index;
 if (r6->adapter_index)  /* vpn server special route */
 {
-buf_printf(, "interface=%lu", r6->adapter_index );
+adapter_index = r6->adapter_index;
 gateway_needed = true;
 }
 else
 {
-buf_printf(, "interface=%lu", tt->adapter_index );
+adapter_index = tt->adapter_index;
 }
-device = buf_bptr();
 
-/* netsh interface ipv6 delete route 2001:db8::/32 MyTunDevice */
-argv_printf(, "%s%s interface ipv6 delete route %s/%d %s",
+/* netsh interface ipv6 delete route 2001:db8::/32 42 */
+argv_printf(, "%s%s interface ipv6 delete route %s/%d %lu",
 get_win_sys_path(),
 NETSH_PATH_SUFFIX,
 network,
 r6->netbits,
-device);
+adapter_index);
 
 /* next-hop depends on TUN or TAP mode:
  * - in TAP mode, we use the "real" next-hop
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index faa02504..8fd3229f 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -68,7 +68,7 @@ const static GUID GUID_DEVINTERFACE_NET = { 0xcac88484, 
0x7515, 0x4c03, { 0x82,
 #define NI_OPTIONS (1<<2)
 
 static void netsh_ifconfig(const struct tuntap_options *to,
-   const char *flex_name,
+   DWORD adapter_index,
const in_addr_t ip,
const in_addr_t netmask,
const unsigned int flags);
@@ -79,7 +79,7 @@ static void windows_set_mtu(const int iface_index,
 
 static void netsh_set_dns6_servers(const struct in6_addr *addr_list,
const int addr_len,
-   const char *flex_name);
+   DWORD adapter_index);
 
 static void netsh_command(const struct argv *a, int n, int msglevel);
 
@@ -1103,10 +1103,9 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 }
 else
 {
-/* example: netsh interface ipv6 set address interface=42
+/* example: netsh interface ipv6 set address 42
  *  2001:608:8003::d/bits store=active
  */
-char iface[64];
 
 /* in TUN mode, we only simulate a subnet, so the interface
  * is configured with /128 + a route to fe80::8.  In TAP mode,
@@ -1114,10 +1113,8 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, 
int tun_mtu,
  */
 int netbits = (tt->type == DEV_TYPE_TUN) ? 128 : tt->netbits_ipv6;
 
-openvpn_snprintf(iface, sizeof(iface), "interface=%lu",
- tt->adapter_index);
-argv_printf(, "%s%s interface ipv6 set address %s %s/%d 
store=active",
-get_win_sys_path(), NETSH_PATH_SUFFIX, iface,
+argv_printf(, "%s%s interface ipv6 set address %lu %s/%d 
store=active",
+get_win_sys_path

[Openvpn-devel] [PATCH 3/3] netsh: Delete WINS servers on TUN close

2020-09-24 Thread Simon Rozman via Openvpn-devel 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index b1cd7a1b..80ae6958 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6706,6 +6706,16 @@ netsh_delete_address_dns(const struct tuntap *tt, bool 
ipv6, struct gc_arena *gc
 netsh_command(, 1, M_WARN);
 }
 
+if (!ipv6 && tt->options.wins_len > 0)
+{
+argv_printf(,
+"%s%s interface ipv4 delete winsservers %lu all",
+get_win_sys_path(),
+NETSH_PATH_SUFFIX,
+tt->adapter_index);
+netsh_command(, 1, M_WARN);
+}
+
 if (ipv6 && tt->type == DEV_TYPE_TUN)
 {
 delete_route_connected_v6_net(tt);
-- 
2.28.0.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] openvpnmsica: make adapter renaming non-fatal

2020-09-03 Thread Simon Rozman via Openvpn-devel 
 msg(M_NONFATAL | M_ERRNO, "%s: Error renaming adapter",
> __FUNCTION__);
> +msg(msg_flag, "%s: Error renaming adapter", __FUNCTION__);
>  goto cleanup_hKey;
>  }
> 
> diff --git a/src/tapctl/tap.h b/src/tapctl/tap.h
> index 102de32d..1f531cf2 100644
> --- a/src/tapctl/tap.h
> +++ b/src/tapctl/tap.h
> @@ -117,13 +117,17 @@ tap_enable_adapter(
>   * @param pguidAdapter  A pointer to GUID that contains network adapter
> ID.
>   *
>   * @param szNameNew adapter name - must be unique
> + *
> + * @param bSilent   If true, MSI installer won't display message
> box and
> + *  only print error to log.
>   *
>   * @return ERROR_SUCCESS on success; Win32 error code otherwise
>   **/
>  DWORD
>  tap_set_adapter_name(
>  _In_ LPCGUID pguidAdapter,
> -_In_ LPCTSTR szName);
> +_In_ LPCTSTR szName,
> +_In_ BOOL bSilent);
> 
> 
>  /**
> --
> 2.17.1
> 
> 
> 
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

I have reviewed the code, compiled it, built MSI, tested it.

Although I could not create a phantom TUN adapter to reproduce the issue. 
Renaming "Ethernet" adapter to "OpenVPN TAP-Windows6" and trying to install MSI 
next displayed an error in evaluation phase that a foreign adapter with the 
same name already exists - which is expected.

This patch is about solving the situation when:
1. There are no apparent TAP-Windows6 or Wintun adapters present => 
installation decides to create one.
2. Once adapter is created, the renaming to the desired name fails (as if the 
name is already taken).

I agree with everybody that having a consistently named adapter after initial 
setup is nice, but not that essential to make the installation fail. So...

Acked-by: Simon Rozman 

Regards,
Simon



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] openvpnmsica: remove adapter renaming

2020-09-02 Thread Simon Rozman via Openvpn-devel 
Hi,

Adapter name already is configurable in openvpn-build/windows-msi/msi.wxs: 
https://github.com/Amebis/openvpn-build/blob/5f5ba807de2bad50d01a5b08dfc6fad98ee41213/windows-msi/msi.wxs#L1300

Regards, Simon

From: Selva Nair 
Sent: Wednesday, September 2, 2020 3:12 PM
To: Lev Stipakov 
Cc: Lev Stipakov ; openvpn-devel 

Subject: Re: [Openvpn-devel] [PATCH] openvpnmsica: remove adapter renaming

Hi,

I would suggest to keep this renaming but make it not fatal. A descriptive name 
is nice to have and we could even make the name configurable at some point in 
future.

Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] tap.c: fix adapter renaming

2020-07-06 Thread Simon Rozman via Openvpn-devel 
Hi,

> +// stripped version of ExecCommand in interactive.c static DWORD

C++ style comment.

> +// rename adapter via netsh call

C++ style comment.

> +const TCHAR* szFmt = _T("netsh interface set interface name=\"%s\"
> newname=\"%s\"");
> +size_t ncmdline = _tcslen(szFmt) + _tcslen(szOldName) +
> _tcslen(szName) + 1;
> +WCHAR* szCmdLine = malloc(ncmdline * sizeof(TCHAR));
> +_stprintf_s(szCmdLine, ncmdline, szFmt, szOldName, szName);

For the record:
1. `netsh interface set interface` does not accept adapter index. Therefore, 
the interface to rename must be selected by name. I'd prefer more explicit 
selection like adapter GUID or interface index, but selecting by name seems the 
only way here. Interface indexes are a thing of the TCP/IP, so it kind of makes 
sense lower layers are not operating with them. Ack.

2. I've tested `netsh interface set interface` to ignore case when selecting 
adapter. Ack.

3. I've tested `netsh interface set interface` to work when renaming adapter 
back to the original name. Ack.

Reviewed the code, compiled, debugged, tested.

Acked-by: Simon Rozman 

Regards,
Simon


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 11/12] openvpnmsica: Merge FindTUNTAPAdapters into FindSystemInfo

2020-03-30 Thread Simon Rozman 
Hi Lev,

I'm struggling with family duties now that schools are closed. This makes it 
hard to find any time for computers.

Nevertheless, should find_adapters() fail for some reason, it is not critical 
to bail out of FindSystemInfo() custom action.

The find_adapters() itself already displays a resumable error message (MSI also 
writes it to the log) on all of the error return paths:
- tap_list_adapters() calls msg(M_NONFATAL...) on error returns
- other returns have msg(M_NONFATAL...)

Mind that msg() is using MSI error messaging 
[https://github.com/rozmansi/openvpn/blob/feature/msi/src/openvpnmsica/dllmain.c#L108].
 MsiProcessMessage(s->hInstall, INSTALLMESSAGE_ERROR, hRecordProg); will popup 
an error dialog in interactive MSI sessions, and write error message to the log 
in interactive and non-interactive sessions.

To summarize: the return value of find_adapters() call is ignored on purpose.

Regards,
Simon

-Original Message-
From: Lev Stipakov 
Date: Tuesday, 24 March 2020 at 13:07
To: Simon Rozman 
Cc: "openvpn-devel@lists.sourceforge.net" 
Subject: Re: [Openvpn-devel] [PATCH 11/12] openvpnmsica: Merge 
FindTUNTAPAdapters into FindSystemInfo

Hi,

Compiled with msvc, smoke-tested with rundll32.

One thing:

> +set_openvpnserv_state(hInstall);
> +find_adapters(
> +hInstall,
> +TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID),
> +TEXT("TAPWINDOWS6ADAPTERS"),
> +TEXT("ACTIVETAPWINDOWS6ADAPTERS"));

Both methods return error codes which we ignore.



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 2/2] tun.c: revise the IPv4 ifconfig flow on Windows

2020-03-14 Thread Simon Rozman 
When provisioning IP configuration, we shall not ask what kind of
adapter this is. Rather, we should ask what method of provisioning we
are configured to use.

It is options.c's job to rule out invalid combinations.

- do_ifconfig_ipv4(): unify the workflow with its IPv6 counterpart
  No need to distinguish Wintun and TAP-Windows6 here. This also fixes
  an issue with --windows-driver wintun overriding --ip-win32 manual,
  the later being perfectly fine choice for Wintun too.

- open_tun(), tuntap_post_open(), tuntap_set_ip_addr(): unify Wintun and
  TAP-Windows6 workflow. This allows allows --ip-win32 ipapi now.

- close_tun() the cleanup has been revised to match the ifconfig
  workflow in reverse.

Signed-off-by: Simon Rozman 
---
 src/openvpn/options.c |   5 +-
 src/openvpn/tun.c | 130 ++
 2 files changed, 70 insertions(+), 65 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index e79a1215..f1fc91e9 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3007,8 +3007,9 @@ options_postprocess_mutate_invariant(struct options 
*options)
 }
 
 #ifdef _WIN32
-/* when using wintun, kernel doesn't send DHCP requests, so use netsh to 
set IP address and netmask */
-if (options->windows_driver == WINDOWS_DRIVER_WINTUN)
+/* when using wintun, kernel doesn't send DHCP requests, so don't use it */
+if (options->windows_driver == WINDOWS_DRIVER_WINTUN
+&& (options->tuntap_options.ip_win32_type == IPW32_SET_DHCP_MASQ || 
options->tuntap_options.ip_win32_type == IPW32_SET_ADAPTIVE))
 {
 options->tuntap_options.ip_win32_type = IPW32_SET_NETSH;
 }
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 42193d97..1afa7f07 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1381,34 +1381,29 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 env_set_destroy(aix_es);
 }
 #elif defined (_WIN32)
-{
-ASSERT(ifname != NULL);
-
-if (tt->options.msg_channel && tt->windows_driver == 
WINDOWS_DRIVER_WINTUN)
-{
-do_address_service(true, AF_INET, tt);
-do_dns_service(true, AF_INET, tt);
-}
-else
-{
-switch (tt->options.ip_win32_type)
-{
-case IPW32_SET_MANUAL:
-msg(M_INFO,
-" NOTE:  Please manually set the IP/netmask of 
'%s' to %s/%s (if it is not already set)",
-ifname, ifconfig_local,
-print_in_addr_t(tt->adapter_netmask, 0, ));
-break;
+ASSERT(ifname != NULL);
 
-case IPW32_SET_NETSH:
-netsh_ifconfig(>options, ifname, tt->local,
-   tt->adapter_netmask, 
NI_IP_NETMASK|NI_OPTIONS);
-
-break;
-}
-}
+if (tt->options.ip_win32_type == IPW32_SET_MANUAL)
+{
+msg(M_INFO,
+" NOTE:  Please manually set the IP/netmask of '%s' to 
%s/%s (if it is not already set)",
+ifname, ifconfig_local,
+print_in_addr_t(tt->adapter_netmask, 0, ));
+}
+else if (tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ || 
tt->options.ip_win32_type == IPW32_SET_ADAPTIVE)
+{
+/* Let the DHCP configure the interface. */
+}
+else if (tt->options.msg_channel)
+{
+do_address_service(true, AF_INET, tt);
+do_dns_service(true, AF_INET, tt);
+}
+else if (tt->options.ip_win32_type == IPW32_SET_NETSH)
+{
+netsh_ifconfig(>options, ifname, tt->local,
+   tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS);
 }
-
 #else  /* if defined(TARGET_LINUX) */
 msg(M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on 
this operating system.  You should ifconfig your TUN/TAP device manually or use 
an --up script.");
 #endif /* if defined(TARGET_LINUX) */
@@ -5821,7 +5816,8 @@ tuntap_set_ip_addr(struct tuntap *tt,
 const DWORD index = tt->adapter_index;
 
 /* flush arp cache */
-if (index != TUN_ADAPTER_INDEX_INVALID)
+if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6
+&& index != TUN_ADAPTER_INDEX_INVALID)
 {
 DWORD status = -1;
 
@@ -6357,36 +6353,39 @@ tuntap_post_open(struct tuntap *tt, const char 
*device_guid)
 bool dhcp_masq = false;
 bool dhcp_masq_post = false;
 
-/* get driver version info */
-tuntap_get_version_info(tt);
+if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6)
+{
+/* get driver version info */
+tuntap_get_version_info(tt);
 
-/* get driver MTU */
-tuntap_get_mtu(tt);
+/* get driver MTU */
+tuntap_get_mtu(tt);
 
-/*
- * Preliminaries for setting TAP-Win

Re: [Openvpn-devel] [PATCH 2/2] tun.c: revise the IPv4 ifconfig flow on Windows

2020-03-12 Thread Simon Rozman 
Hi,

> A few questions:
> 
> >   This also fixes an issue with --windows-driver wintun overriding
> >  --ip-win32 manual, the later being perfectly fine choice for Wintun
> too.
> 
> We do still have code which forces netsh for wintun:
> 
> if (options->windows_driver == WINDOWS_DRIVER_WINTUN)
> {
> options->tuntap_options.ip_win32_type = IPW32_SET_NETSH;
> }
> 
> Shouldn't we update options.c and ensure that only allowed ip_win32 for
> wintun are manual, netsh and ipapi?

True. I'm sure I got this in the original commit back then. Found it... When 
rebasing onto the current master, it conflicted and I dropped that change 
rather than fixing it. Wrong choice, sorry.

> > - open_tun() & tuntap_post_open(): unify Wintun and TAP-Windows6
> workflow.
> 
> With that change, we flush ARP cache also for wintun. Is this needed?¸

Nope, FlushIpNetTable() is definitely not needed on wintun adapters. I shall 
modify the ARP-flushing condition to include "&& tt->windows_driver == 
WINDOWS_DRIVER_TAP_WINDOWS6" and update the commit message.

> Also, while testing this I found (and fixed) a bug
> (https://patchwork.openvpn.net/patch/1039/),
> I think that fix should go first - your patch exposes bug (prints
> device_guid value) for wintun case.

I agree. Your patch should be applied first.

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] tun.c: fix "use after free" error

2020-03-12 Thread Simon Rozman 
Nice catch, Lev. The patch indeed fixes an UAC.

Compiled and tested it with MSVC.

Acked-by: Simon Rozman 

Regards, Simon

> -Original Message-
> From: Lev Stipakov 
> Sent: Thursday, March 12, 2020 7:08 AM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH] tun.c: fix "use after free" error
> 
> From: Lev Stipakov 
> 
> Commit 509c45f has factored out code blocks of open_tun() into separate
> functions and introduced "use after free" bug:
> 
> Variable "device_guid" is allocated inside tun_open_device() function
> and used outside of it. Allocation happens with local gc_arena, which is
> freed at the end of tun_open_device(), making futher access to
> "device_guid" invalid.
> 
> Fix by ensuring that gc_arena scope covers all access to "device_guid".
> 
> Signed-off-by: Lev Stipakov 
> ---
>  src/openvpn/tun.c | 20 ++--
>  1 file changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index
> 42193d97..c976055e 100644
> --- a/src/openvpn/tun.c
> +++ b/src/openvpn/tun.c
> @@ -6226,12 +6226,11 @@ tun_try_open_device(struct tuntap *tt, const
> char *device_guid, const struct dev  }
> 
>  static void
> -tun_open_device(struct tuntap *tt, const char *dev_node, const char
> **device_guid)
> +tun_open_device(struct tuntap *tt, const char *dev_node, const char
> +**device_guid, struct gc_arena *gc)
>  {
> -struct gc_arena gc = gc_new();
> -const struct tap_reg *tap_reg = get_tap_reg();
> -const struct panel_reg *panel_reg = get_panel_reg();
> -const struct device_instance_id_interface
> *device_instance_id_interface = get_device_instance_id_interface();
> +const struct tap_reg *tap_reg = get_tap_reg(gc);
> +const struct panel_reg *panel_reg = get_panel_reg(gc);
> +const struct device_instance_id_interface
> + *device_instance_id_interface = get_device_instance_id_interface(gc);
>  char actual_buffer[256];
> 
>  at_least_one_tap_win(tap_reg);
> @@ -6244,7 +6243,7 @@ tun_open_device(struct tuntap *tt, const char
> *dev_node, const char **device_gui
>  enum windows_driver_type windows_driver =
> WINDOWS_DRIVER_UNSPECIFIED;
> 
>  /* Get the device GUID for the device specified with --dev-
> node. */
> -*device_guid = get_device_guid(dev_node, actual_buffer,
> sizeof(actual_buffer), _driver, tap_reg, panel_reg, );
> +*device_guid = get_device_guid(dev_node, actual_buffer,
> + sizeof(actual_buffer), _driver, tap_reg, panel_reg, gc);
> 
>  if (!*device_guid)
>  {
> @@ -6276,7 +6275,7 @@ tun_open_device(struct tuntap *tt, const char
> *dev_node, const char **device_gui
> tap_reg,
> panel_reg,
> _driver,
> -   );
> +   gc);
> 
>  if (!*device_guid)
>  {
> @@ -6304,8 +6303,6 @@ next:
> 
>  msg(M_INFO, "%s device [%s] opened", print_windows_driver(tt-
> >windows_driver), tt->actual_name);
>  tt->adapter_index = get_adapter_index(*device_guid);
> -
> -gc_free();
>  }
> 
>  static void
> @@ -6411,13 +6408,16 @@ open_tun(const char *dev, const char *dev_type,
> const char *dev_node, struct tun
>  msg(M_FATAL|M_NOPREFIX, "Unknown virtual device type: '%s'",
> dev);
>  }
> 
> -tun_open_device(tt, dev_node, _guid);
> +struct gc_arena gc = gc_new(); /* used also for device_guid
> allocation */
> +tun_open_device(tt, dev_node, _guid, );
> 
>  if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6)
>  {
>  tuntap_post_open(tt, device_guid);
>  }
> 
> +gc_free();
> +
>  /*netcmd_semaphore_release ();*/
>  }
> 
> --
> 2.17.1
> 
> 
> 
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 12/12] tapctl: Support multiple hardware IDs

2020-03-10 Thread Simon Rozman 
TAP-Windows6 adapters created with tapinstall/devcon.exe have hardware
ID "tap0901", where TAP-Windows6 adapters created with tapctl.exe have
hardware ID "root\\tap0901".

The enumeration of the network adapters have been extended to detect
adapters using a list of acceptable hardware IDs.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 43 ++---
 src/tapctl/main.c   | 24 +++---
 src/tapctl/tap.c| 21 
 src/tapctl/tap.h|  8 +++---
 4 files changed, 58 insertions(+), 38 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 28cf16b5..31e90bd2 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -251,7 +251,7 @@ cleanup_OpenSCManager:
 static UINT
 find_adapters(
 _In_ MSIHANDLE hInstall,
-_In_z_ LPCTSTR szHardwareId,
+_In_z_ LPCTSTR szzHardwareIDs,
 _In_z_ LPCTSTR szAdaptersPropertyName,
 _In_z_ LPCTSTR szActiveAdaptersPropertyName)
 {
@@ -259,7 +259,7 @@ find_adapters(
 
 /* Get network adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-uiResult = tap_list_adapters(NULL, szHardwareId, );
+uiResult = tap_list_adapters(NULL, szzHardwareIDs, );
 if (uiResult != ERROR_SUCCESS)
 {
 return uiResult;
@@ -414,12 +414,12 @@ FindSystemInfo(_In_ MSIHANDLE hInstall)
 set_openvpnserv_state(hInstall);
 find_adapters(
 hInstall,
-TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID),
+TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID) TEXT("\0") 
TEXT(TAP_WIN_COMPONENT_ID) TEXT("\0"),
 TEXT("TAPWINDOWS6ADAPTERS"),
 TEXT("ACTIVETAPWINDOWS6ADAPTERS"));
 find_adapters(
 hInstall,
-TEXT("Wintun"),
+TEXT("Wintun") TEXT("\0"),
 TEXT("WINTUNADAPTERS"),
 TEXT("ACTIVEWINTUNADAPTERS"));
 
@@ -652,7 +652,7 @@ cleanup_pAdapterList:
  *
  * @param szDisplayName  Adapter display name
  *
- * @param szHardwareId  Adapter hardware ID
+ * @param szzHardwareIDs  String of strings with acceptable adapter hardware 
IDs
  *
  * @param iTicksPointer to an integer that represents amount of work 
(on progress
  *  indicator) the UninstallTUNTAPAdapters will take. This 
function increments
@@ -666,12 +666,12 @@ schedule_adapter_delete(
 _Inout_opt_ struct msica_arg_seq *seqCommit,
 _Inout_opt_ struct msica_arg_seq *seqRollback,
 _In_z_ LPCTSTR szDisplayName,
-_In_z_ LPCTSTR szHardwareId,
+_In_z_ LPCTSTR szzHardwareIDs,
 _Inout_ int *iTicks)
 {
 /* Get adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-DWORD dwResult = tap_list_adapters(NULL, szHardwareId, );
+DWORD dwResult = tap_list_adapters(NULL, szzHardwareIDs, );
 if (dwResult != ERROR_SUCCESS)
 {
 return dwResult;
@@ -858,11 +858,16 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 szDisplayNameEx = szDisplayNameEx != NULL ? szDisplayNameEx + 1 : 
szDisplayName;
 
 /* Get adapter hardware ID (`HardwareId` is field #5). */
-LPTSTR szHardwareId = NULL;
-uiResult = msi_get_record_string(hRecord, 5, );
-if (uiResult != ERROR_SUCCESS)
+TCHAR szzHardwareIDs[0x100] = { 0 };
 {
-goto cleanup_szDisplayName;
+LPTSTR szHwId = NULL;
+uiResult = msi_get_record_string(hRecord, 5, );
+if (uiResult != ERROR_SUCCESS)
+{
+goto cleanup_szDisplayName;
+}
+memcpy_s(szzHardwareIDs, sizeof(szzHardwareIDs) - 2*sizeof(TCHAR) 
/*requires double zero termination*/, szHwId, _tcslen(szHwId)*sizeof(TCHAR));
+free(szHwId);
 }
 
 if (iAction > INSTALLSTATE_BROKEN)
@@ -876,7 +881,7 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 uiResult = msi_get_record_string(hRecord, 3, );
 if (uiResult != ERROR_SUCCESS)
 {
-goto cleanup_szHardwareId;
+goto cleanup_szDisplayName;
 }
 #ifdef __GNUC__
 /*
@@ -890,13 +895,13 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 {
 case MSICONDITION_FALSE:
 free(szValue);
-goto cleanup_szHardwareId;
+goto cleanup_szDisplayName;
 
 case MSICONDITION_ERROR:
 uiResult = ERROR_INVALID_FIELD;
 msg(M_NONFATAL | M_ERRNO, "%s: 
MsiEvaluateCondition(\"%" PRIsLPTSTR "\") failed", __FUNCTION__, szValue);
 free(szValue);
-goto cleanup_szHardwareId;
+

[Openvpn-devel] [PATCH 1/2] tun.c: reorder IPv6 ifconfig on Windows

2020-03-10 Thread Simon Rozman 
The IPv6 interface network route should be setup as soon as possible
after the interface address is set. Actually, all routes should be added
before DNS servers are configured. This would allow Windows to validate
DNS servers properly instead of shutting the validation off.

The cleanup order has been changed to match reverse order of ifconfig.
An additional check was added to skip the cleanup when --ip-win32 is set
to manual.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 51 +--
 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 1f848d24..42193d97 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1016,6 +1016,7 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 else if (tt->options.msg_channel)
 {
 do_address_service(true, AF_INET6, tt);
+add_route_connected_v6_net(tt, es);
 do_dns_service(true, AF_INET6, tt);
 }
 else
@@ -1031,15 +1032,10 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 get_win_sys_path(), NETSH_PATH_SUFFIX, iface,
 ifconfig_ipv6_local);
 netsh_command(, 4, M_FATAL);
+add_route_connected_v6_net(tt, es);
 /* set ipv6 dns servers if any are specified */
 netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, ifname);
 }
-
-/* explicit route needed */
-if (tt->options.ip_win32_type != IPW32_SET_MANUAL)
-{
-add_route_connected_v6_net(tt, es);
-}
 #else /* platforms we have no IPv6 code for */
 msg(M_FATAL, "Sorry, but I don't know how to do IPv6 'ifconfig' commands 
on this operating system.  You should ifconfig your TUN/TAP device manually or 
use an --up script.");
 #endif /* outer "if defined(TARGET_xxx)" conditional */
@@ -6467,6 +6463,24 @@ netsh_delete_address_dns(const struct tuntap *tt, bool 
ipv6, struct gc_arena *gc
 const char *ifconfig_ip_local;
 struct argv argv = argv_new();
 
+/* delete ipvX dns servers if any were set */
+int len = ipv6 ? tt->options.dns6_len : tt->options.dns_len;
+if (len > 0)
+{
+argv_printf(,
+"%s%s interface %s delete dns %s all",
+get_win_sys_path(),
+NETSH_PATH_SUFFIX,
+ipv6 ? "ipv6" : "ipv4",
+tt->actual_name);
+netsh_command(, 1, M_WARN);
+}
+
+if (ipv6)
+{
+delete_route_connected_v6_net(tt, NULL);
+}
+
 /* "store=active" is needed in Windows 8(.1) to delete the
  * address we added (pointed out by Cedric Tabary).
  */
@@ -6487,21 +6501,8 @@ netsh_delete_address_dns(const struct tuntap *tt, bool 
ipv6, struct gc_arena *gc
 ipv6 ? "ipv6" : "ipv4",
 tt->actual_name,
 ifconfig_ip_local);
-
 netsh_command(, 1, M_WARN);
 
-/* delete ipvX dns servers if any were set */
-int len = ipv6 ? tt->options.dns6_len : tt->options.dns_len;
-if (len > 0)
-{
-argv_printf(,
-"%s%s interface %s delete dns %s all",
-get_win_sys_path(),
-NETSH_PATH_SUFFIX,
-ipv6 ? "ipv6" : "ipv4",
-tt->actual_name);
-netsh_command(, 1, M_WARN);
-}
 argv_free();
 }
 
@@ -6514,16 +6515,18 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx)
 
 if (tt->did_ifconfig_ipv6_setup)
 {
-/* remove route pointing to interface */
-delete_route_connected_v6_net(tt, NULL);
-
-if (tt->options.msg_channel)
+if (tt->options.ip_win32_type == IPW32_SET_MANUAL)
+{
+/* We didn't do ifconfig. */
+}
+else if (tt->options.msg_channel)
 {
-do_address_service(false, AF_INET6, tt);
 if (tt->options.dns6_len > 0)
 {
 do_dns_service(false, AF_INET6, tt);
 }
+delete_route_connected_v6_net(tt, NULL);
+do_address_service(false, AF_INET6, tt);
 }
 else
 {
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/2] tun.c: revise the IPv4 ifconfig flow on Windows

2020-03-10 Thread Simon Rozman 
When provisioning IP configuration, we shall not ask what kind of
adapter this is. Rather, we should ask what method of provisioning we
are configured to use.

It is options.c's job to rule out invalid combinations.

- do_ifconfig_ipv4(): unify the workflow with its IPv6 counterpart
  No need to distinguish Wintun and TAP-Windows6 here. This also fixes
  an issue with --windows-driver wintun overriding --ip-win32 manual,
  the later being perfectly fine choice for Wintun too.

- open_tun() & tuntap_post_open(): unify Wintun and TAP-Windows6
  workflow. This allows allows --ip-win32 ipapi now.

- close_tun() the cleanup has been revised to match the ifconfig
  workflow in reverse.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 127 --
 1 file changed, 65 insertions(+), 62 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 42193d97..f7224093 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1381,34 +1381,29 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 env_set_destroy(aix_es);
 }
 #elif defined (_WIN32)
-{
-ASSERT(ifname != NULL);
-
-if (tt->options.msg_channel && tt->windows_driver == 
WINDOWS_DRIVER_WINTUN)
-{
-do_address_service(true, AF_INET, tt);
-do_dns_service(true, AF_INET, tt);
-}
-else
-{
-switch (tt->options.ip_win32_type)
-{
-case IPW32_SET_MANUAL:
-msg(M_INFO,
-" NOTE:  Please manually set the IP/netmask of 
'%s' to %s/%s (if it is not already set)",
-ifname, ifconfig_local,
-print_in_addr_t(tt->adapter_netmask, 0, ));
-break;
+ASSERT(ifname != NULL);
 
-case IPW32_SET_NETSH:
-netsh_ifconfig(>options, ifname, tt->local,
-   tt->adapter_netmask, 
NI_IP_NETMASK|NI_OPTIONS);
-
-break;
-}
-}
+if (tt->options.ip_win32_type == IPW32_SET_MANUAL)
+{
+msg(M_INFO,
+" NOTE:  Please manually set the IP/netmask of '%s' to 
%s/%s (if it is not already set)",
+ifname, ifconfig_local,
+print_in_addr_t(tt->adapter_netmask, 0, ));
+}
+else if (tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ || 
tt->options.ip_win32_type == IPW32_SET_ADAPTIVE)
+{
+/* Let the DHCP configure the interface. */
+}
+else if (tt->options.msg_channel)
+{
+do_address_service(true, AF_INET, tt);
+do_dns_service(true, AF_INET, tt);
+}
+else if (tt->options.ip_win32_type == IPW32_SET_NETSH)
+{
+netsh_ifconfig(>options, ifname, tt->local,
+   tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS);
 }
-
 #else  /* if defined(TARGET_LINUX) */
 msg(M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on 
this operating system.  You should ifconfig your TUN/TAP device manually or use 
an --up script.");
 #endif /* if defined(TARGET_LINUX) */
@@ -6357,36 +6352,39 @@ tuntap_post_open(struct tuntap *tt, const char 
*device_guid)
 bool dhcp_masq = false;
 bool dhcp_masq_post = false;
 
-/* get driver version info */
-tuntap_get_version_info(tt);
+if (tt->windows_driver == WINDOWS_DRIVER_TAP_WINDOWS6)
+{
+/* get driver version info */
+tuntap_get_version_info(tt);
 
-/* get driver MTU */
-tuntap_get_mtu(tt);
+/* get driver MTU */
+tuntap_get_mtu(tt);
 
-/*
- * Preliminaries for setting TAP-Windows adapter TCP/IP
- * properties via --ip-win32 dynamic or --ip-win32 adaptive.
- */
-if (tt->did_ifconfig_setup)
-{
-tuntap_set_ip_props(tt, _masq, _masq_post);
-}
+/*
+ * Preliminaries for setting TAP-Windows adapter TCP/IP
+ * properties via --ip-win32 dynamic or --ip-win32 adaptive.
+ */
+if (tt->did_ifconfig_setup)
+{
+tuntap_set_ip_props(tt, _masq, _masq_post);
+}
 
-/* set point-to-point mode if TUN device */
-if (tt->type == DEV_TYPE_TUN)
-{
-tuntap_set_ptp(tt);
-}
+/* set point-to-point mode if TUN device */
+if (tt->type == DEV_TYPE_TUN)
+{
+tuntap_set_ptp(tt);
+}
 
-/* should we tell the TAP-Windows driver to masquerade as a DHCP server as 
a means
- * of setting the adapter address? */
-if (dhcp_masq)
-{
-tuntap_dhcp_mask(tt, device_guid);
-}
+/* should we tell the TAP-Windows driver to masquerade as a DHCP 
server as a means
+ * of setting the adapter address? */
+if (dhcp_masq)
+{
+tuntap_dhcp_mask(tt, device_guid);
+

Re: [Openvpn-devel] [PATCH] wintun: upgrade error message in case of ring registration failure

2020-03-09 Thread Simon Rozman 
Hi,

 

I believe M_ERRNO should handle this…

 

After the register_ring_buffers() exits, the Win32 error code is left in 
GetLastError().

msg(M_ERRNO) picks it from there and formats a human-readable message.

 

Regards, Simon

 

From: Lev Stipakov  
Sent: Wednesday, February 5, 2020 8:38 PM
To: Simon Rozman 
Cc: openvpn-devel 
Subject: Re: [Openvpn-devel] [PATCH] wintun: upgrade error message in case of 
ring registration failure

 

Hi,

 

-msg(M_NONFATAL, "Failed to register ring buffers: %lu", 
GetLastError());

 

+switch (GetLastError())

 

+default:
+msg(M_NONFATAL | M_ERRNO, "Failed to register ring 
buffers");

 

I think it would make sense to print the error code / error message (with 
strerror_win32) in the "default" case.



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 11/12] openvpnmsica: Merge FindTUNTAPAdapters into FindSystemInfo

2020-03-09 Thread Simon Rozman 
1. We don't need two custom actions to evaluate the system state, do we?

2. FindTUNTAPAdapters was actually broken. It enumerated all existing
   network adapters, rather than just the ones we are interested in:
   TAP-Windows6 and Wintun.

3. TUNTAPADAPTER and ACTIVETUNTAPADAPTERS were split into
   TAPWINDOWS6ADAPTERS, ACTIVETAPWINDOWS6ADAPTERS, WINTUNADAPTERS and
   ACTIVEWINTUNADAPTERS to allow finer control.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 235 
 src/openvpnmsica/openvpnmsica.h |  26 ++--
 2 files changed, 125 insertions(+), 136 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index ae9b007f..28cf16b5 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -248,49 +248,26 @@ cleanup_OpenSCManager:
 }
 
 
-UINT __stdcall
-FindSystemInfo(_In_ MSIHANDLE hInstall)
-{
-#ifdef _MSC_VER
-#pragma comment(linker, DLLEXP_EXPORT)
-#endif
-
-debug_popup(TEXT(__FUNCTION__));
-
-BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
-
-OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
-
-set_openvpnserv_state(hInstall);
-
-if (bIsCoInitialized)
-{
-CoUninitialize();
-}
-return ERROR_SUCCESS;
-}
-
-
-UINT __stdcall
-FindTUNTAPAdapters(_In_ MSIHANDLE hInstall)
+static UINT
+find_adapters(
+_In_ MSIHANDLE hInstall,
+_In_z_ LPCTSTR szHardwareId,
+_In_z_ LPCTSTR szAdaptersPropertyName,
+_In_z_ LPCTSTR szActiveAdaptersPropertyName)
 {
-#ifdef _MSC_VER
-#pragma comment(linker, DLLEXP_EXPORT)
-#endif
-
-debug_popup(TEXT(__FUNCTION__));
-
 UINT uiResult;
-BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
-
-OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
 
-/* Get existing network adapters. */
+/* Get network adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-uiResult = tap_list_adapters(NULL, NULL, );
+uiResult = tap_list_adapters(NULL, szHardwareId, );
 if (uiResult != ERROR_SUCCESS)
 {
-goto cleanup_CoInitialize;
+return uiResult;
+}
+else if (pAdapterList == NULL)
+{
+/* No adapters - no fun. */
+return ERROR_SUCCESS;
 }
 
 /* Get IPv4/v6 info for all network adapters. Actually, we're interested 
in link status only: up/down? */
@@ -302,7 +279,7 @@ FindTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 if (pAdapterAdresses == NULL)
 {
 msg(M_NONFATAL, "%s: malloc(%u) failed", __FUNCTION__, 
ulAdapterAdressesSize);
-uiResult = ERROR_OUTOFMEMORY; goto cleanup_tap_list_adapters;
+uiResult = ERROR_OUTOFMEMORY; goto cleanup_pAdapterList;
 }
 
 ULONG ulResult = GetAdaptersAddresses(
@@ -322,117 +299,135 @@ FindTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 {
 SetLastError(ulResult); /* MSDN does not mention 
GetAdaptersAddresses() to set GetLastError(). But we do have an error code. Set 
last error manually. */
 msg(M_NONFATAL | M_ERRNO, "%s: GetAdaptersAddresses() failed", 
__FUNCTION__);
-uiResult = ulResult; goto cleanup_tap_list_adapters;
+uiResult = ulResult; goto cleanup_pAdapterList;
 }
 }
 
-if (pAdapterList != NULL)
+/* Count adapters. */
+size_t adapter_count = 0;
+for (struct tap_adapter_node *pAdapter = pAdapterList; pAdapter; pAdapter 
= pAdapter->pNext)
 {
-/* Count adapters. */
-size_t adapter_count = 0;
-for (struct tap_adapter_node *pAdapter = pAdapterList; pAdapter; 
pAdapter = pAdapter->pNext)
-{
-adapter_count++;
-}
+adapter_count++;
+}
 
-/* Prepare semicolon delimited list of TAP adapter ID(s) and active 
TAP adapter ID(s). */
-LPTSTR
-szAdapters = (LPTSTR)malloc(adapter_count * (38 /*GUID*/ + 1 
/*separator/terminator*/) * sizeof(TCHAR)),
-szAdaptersTail = szAdapters;
-if (szAdapters == NULL)
-{
-msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, adapter_count 
* (38 /*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR));
-uiResult = ERROR_OUTOFMEMORY; goto cleanup_pAdapterAdresses;
-}
+/* Prepare semicolon delimited list of TAP adapter ID(s) and active TAP 
adapter ID(s). */
+LPTSTR
+szAdapters = (LPTSTR)malloc(adapter_count * (38 /*GUID*/ + 1 
/*separator/terminator*/) * sizeof(TCHAR)),
+szAdaptersTail = szAdapters;
+if (szAdapters == NULL)
+{
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, adapter_count * 
(38 /*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR));
+uiResult = ERROR_OUTOFMEMORY; goto cleanup_pAdapterAdresses;
+}
+
+LPTSTR
+szAdaptersActive = (LPTSTR)malloc(adapter_count * (38 /*GUID*/ + 1 
/*separator/terminator*/) * sizeof(TCHAR)),
+

[Openvpn-devel] [PATCH 08/12] openvpnmsica: "TAP" => "TUN/TAP"

2020-03-09 Thread Simon Rozman 
The function and property names that are common to TAP and TUN from
TAP-Windows6 and TUN from Wintun were renamed not to make the now
mainstream TUN sad.

I would have go with just the "adapter". But, wouldn't that cause
confusion when user sees "Deleting adapters" when uninstalling the
OpenVPN?

Internal variable names were simplified thou to omit the TUN/TAP
referencing.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 156 
 src/openvpnmsica/openvpnmsica.h |   8 +-
 2 files changed, 82 insertions(+), 82 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 1438d3f7..4223b680 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -272,7 +272,7 @@ FindSystemInfo(_In_ MSIHANDLE hInstall)
 
 
 UINT __stdcall
-FindTAPAdapters(_In_ MSIHANDLE hInstall)
+FindTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 {
 #ifdef _MSC_VER
 #pragma comment(linker, DLLEXP_EXPORT)
@@ -337,21 +337,21 @@ FindTAPAdapters(_In_ MSIHANDLE hInstall)
 
 /* Prepare semicolon delimited list of TAP adapter ID(s) and active 
TAP adapter ID(s). */
 LPTSTR
-szTAPAdapters = (LPTSTR)malloc(adapter_count * (38 /*GUID*/ + 
1 /*separator/terminator*/) * sizeof(TCHAR)),
-szTAPAdaptersTail = szTAPAdapters;
-if (szTAPAdapters == NULL)
+szAdapters = (LPTSTR)malloc(adapter_count * (38 /*GUID*/ + 1 
/*separator/terminator*/) * sizeof(TCHAR)),
+szAdaptersTail = szAdapters;
+if (szAdapters == NULL)
 {
 msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, adapter_count 
* (38 /*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR));
 uiResult = ERROR_OUTOFMEMORY; goto cleanup_pAdapterAdresses;
 }
 
 LPTSTR
-szTAPAdaptersActive = (LPTSTR)malloc(adapter_count * (38 
/*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR)),
-szTAPAdaptersActiveTail = szTAPAdaptersActive;
-if (szTAPAdaptersActive == NULL)
+szAdaptersActive = (LPTSTR)malloc(adapter_count * (38 /*GUID*/ 
+ 1 /*separator/terminator*/) * sizeof(TCHAR)),
+szAdaptersActiveTail = szAdaptersActive;
+if (szAdaptersActive == NULL)
 {
 msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, adapter_count 
* (38 /*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR));
-uiResult = ERROR_OUTOFMEMORY; goto cleanup_szTAPAdapters;
+uiResult = ERROR_OUTOFMEMORY; goto cleanup_szAdapters;
 }
 
 for (struct tap_adapter_node *pAdapter = pAdapterList; pAdapter; 
pAdapter = pAdapter->pNext)
@@ -361,12 +361,12 @@ FindTAPAdapters(_In_ MSIHANDLE hInstall)
 StringFromIID((REFIID)>guid, );
 
 /* Append to the list of TAP adapter ID(s). */
-if (szTAPAdapters < szTAPAdaptersTail)
+if (szAdapters < szAdaptersTail)
 {
-*(szTAPAdaptersTail++) = TEXT(';');
+*(szAdaptersTail++) = TEXT(';');
 }
-memcpy(szTAPAdaptersTail, szAdapterId, 38 * sizeof(TCHAR));
-szTAPAdaptersTail += 38;
+memcpy(szAdaptersTail, szAdapterId, 38 * sizeof(TCHAR));
+szAdaptersTail += 38;
 
 /* If this adapter is active (connected), add it to the list of 
active TAP adapter ID(s). */
 for (PIP_ADAPTER_ADDRESSES p = pAdapterAdresses; p; p = p->Next)
@@ -380,43 +380,43 @@ FindTAPAdapters(_In_ MSIHANDLE hInstall)
 if (p->OperStatus == IfOperStatusUp)
 {
 /* This TAP adapter is active (connected). */
-if (szTAPAdaptersActive < szTAPAdaptersActiveTail)
+if (szAdaptersActive < szAdaptersActiveTail)
 {
-*(szTAPAdaptersActiveTail++) = TEXT(';');
+*(szAdaptersActiveTail++) = TEXT(';');
 }
-memcpy(szTAPAdaptersActiveTail, szAdapterId, 38 * 
sizeof(TCHAR));
-szTAPAdaptersActiveTail += 38;
+memcpy(szAdaptersActiveTail, szAdapterId, 38 * 
sizeof(TCHAR));
+szAdaptersActiveTail += 38;
 }
 break;
 }
 }
 CoTaskMemFree(szAdapterId);
 }
-szTAPAdaptersTail  [0] = 0;
-szTAPAdaptersActiveTail[0] = 0;
+szAdaptersTail  [0] = 0;
+szAdaptersActiveTail[0] = 0;
 
-/* Set Installer TAPADAPTERS property. */
-uiResult = MsiSetProperty(hInstall, TEXT("TAPADAPTERS"), 
szTAPAdapters);
+/* Set Installer TUNTAPADAPTERS property. */
+uiResult = MsiSetProperty(hInstall, TEXT("TUNTAPADAPTERS"), 
szAda

[Openvpn-devel] [PATCH 12/12] tapctl: Support multiple hardware IDs

2020-03-09 Thread Simon Rozman 
TAP-Windows6 adapters created with tapinstall/devcon.exe have hardware
ID "tap0901", where TAP-Windows6 adapters created with tapctl.exe have
hardware ID "root\\tap0901".

The enumeration of the network adapters have been extended to detect
adapters using a list of acceptable hardware IDs.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 43 ++---
 src/tapctl/main.c   |  8 +++---
 src/tapctl/tap.c| 21 
 src/tapctl/tap.h|  8 +++---
 4 files changed, 48 insertions(+), 32 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 28cf16b5..31e90bd2 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -251,7 +251,7 @@ cleanup_OpenSCManager:
 static UINT
 find_adapters(
 _In_ MSIHANDLE hInstall,
-_In_z_ LPCTSTR szHardwareId,
+_In_z_ LPCTSTR szzHardwareIDs,
 _In_z_ LPCTSTR szAdaptersPropertyName,
 _In_z_ LPCTSTR szActiveAdaptersPropertyName)
 {
@@ -259,7 +259,7 @@ find_adapters(
 
 /* Get network adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-uiResult = tap_list_adapters(NULL, szHardwareId, );
+uiResult = tap_list_adapters(NULL, szzHardwareIDs, );
 if (uiResult != ERROR_SUCCESS)
 {
 return uiResult;
@@ -414,12 +414,12 @@ FindSystemInfo(_In_ MSIHANDLE hInstall)
 set_openvpnserv_state(hInstall);
 find_adapters(
 hInstall,
-TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID),
+TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID) TEXT("\0") 
TEXT(TAP_WIN_COMPONENT_ID) TEXT("\0"),
 TEXT("TAPWINDOWS6ADAPTERS"),
 TEXT("ACTIVETAPWINDOWS6ADAPTERS"));
 find_adapters(
 hInstall,
-TEXT("Wintun"),
+TEXT("Wintun") TEXT("\0"),
 TEXT("WINTUNADAPTERS"),
 TEXT("ACTIVEWINTUNADAPTERS"));
 
@@ -652,7 +652,7 @@ cleanup_pAdapterList:
  *
  * @param szDisplayName  Adapter display name
  *
- * @param szHardwareId  Adapter hardware ID
+ * @param szzHardwareIDs  String of strings with acceptable adapter hardware 
IDs
  *
  * @param iTicksPointer to an integer that represents amount of work 
(on progress
  *  indicator) the UninstallTUNTAPAdapters will take. This 
function increments
@@ -666,12 +666,12 @@ schedule_adapter_delete(
 _Inout_opt_ struct msica_arg_seq *seqCommit,
 _Inout_opt_ struct msica_arg_seq *seqRollback,
 _In_z_ LPCTSTR szDisplayName,
-_In_z_ LPCTSTR szHardwareId,
+_In_z_ LPCTSTR szzHardwareIDs,
 _Inout_ int *iTicks)
 {
 /* Get adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-DWORD dwResult = tap_list_adapters(NULL, szHardwareId, );
+DWORD dwResult = tap_list_adapters(NULL, szzHardwareIDs, );
 if (dwResult != ERROR_SUCCESS)
 {
 return dwResult;
@@ -858,11 +858,16 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 szDisplayNameEx = szDisplayNameEx != NULL ? szDisplayNameEx + 1 : 
szDisplayName;
 
 /* Get adapter hardware ID (`HardwareId` is field #5). */
-LPTSTR szHardwareId = NULL;
-uiResult = msi_get_record_string(hRecord, 5, );
-if (uiResult != ERROR_SUCCESS)
+TCHAR szzHardwareIDs[0x100] = { 0 };
 {
-goto cleanup_szDisplayName;
+LPTSTR szHwId = NULL;
+uiResult = msi_get_record_string(hRecord, 5, );
+if (uiResult != ERROR_SUCCESS)
+{
+goto cleanup_szDisplayName;
+}
+memcpy_s(szzHardwareIDs, sizeof(szzHardwareIDs) - 2*sizeof(TCHAR) 
/*requires double zero termination*/, szHwId, _tcslen(szHwId)*sizeof(TCHAR));
+free(szHwId);
 }
 
 if (iAction > INSTALLSTATE_BROKEN)
@@ -876,7 +881,7 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 uiResult = msi_get_record_string(hRecord, 3, );
 if (uiResult != ERROR_SUCCESS)
 {
-goto cleanup_szHardwareId;
+goto cleanup_szDisplayName;
 }
 #ifdef __GNUC__
 /*
@@ -890,13 +895,13 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 {
 case MSICONDITION_FALSE:
 free(szValue);
-goto cleanup_szHardwareId;
+goto cleanup_szDisplayName;
 
 case MSICONDITION_ERROR:
 uiResult = ERROR_INVALID_FIELD;
 msg(M_NONFATAL | M_ERRNO, "%s: 
MsiEvaluateCondition(\"%" PRIsLPTSTR "\") failed", __FUNCTION__, szValue);
 free(szValue);
-goto cleanup_szHardwareId;
+

[Openvpn-devel] [PATCH 06/12] openvpnmsica: Simplify static function names

2020-03-09 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 63 +++--
 1 file changed, 37 insertions(+), 26 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 4c186b13..749dce56 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -72,7 +72,7 @@
  * @return ERROR_SUCCESS on success; An error code otherwise
  */
 static UINT
-openvpnmsica_setup_sequence(
+setup_sequence(
 _In_ MSIHANDLE hInstall,
 _In_z_ LPCTSTR szProperty,
 _In_ struct msica_arg_seq *seq)
@@ -101,7 +101,7 @@ openvpnmsica_setup_sequence(
  *title.
  */
 static void
-_openvpnmsica_debug_popup(_In_z_ LPCTSTR szFunctionName)
+_debug_popup(_In_z_ LPCTSTR szFunctionName)
 {
 TCHAR szTitle[0x100], szMessage[0x100+MAX_PATH], szProcessPath[MAX_PATH];
 
@@ -129,9 +129,9 @@ _openvpnmsica_debug_popup(_In_z_ LPCTSTR szFunctionName)
 MessageBox(NULL, szMessage, szTitle, MB_OK);
 }
 
-#define openvpnmsica_debug_popup(f) _openvpnmsica_debug_popup(f)
+#define debug_popup(f) _debug_popup(f)
 #else  /* ifdef _DEBUG */
-#define openvpnmsica_debug_popup(f)
+#define debug_popup(f)
 #endif /* ifdef _DEBUG */
 
 
@@ -146,7 +146,7 @@ _openvpnmsica_debug_popup(_In_z_ LPCTSTR szFunctionName)
  * See: 
https://msdn.microsoft.com/en-us/library/windows/desktop/aa368072.aspx
  */
 static UINT
-openvpnmsica_set_openvpnserv_state(_In_ MSIHANDLE hInstall)
+set_openvpnserv_state(_In_ MSIHANDLE hInstall)
 {
 UINT uiResult;
 
@@ -255,13 +255,13 @@ FindSystemInfo(_In_ MSIHANDLE hInstall)
 #pragma comment(linker, DLLEXP_EXPORT)
 #endif
 
-openvpnmsica_debug_popup(TEXT(__FUNCTION__));
+debug_popup(TEXT(__FUNCTION__));
 
 BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
 
 OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
 
-openvpnmsica_set_openvpnserv_state(hInstall);
+set_openvpnserv_state(hInstall);
 
 if (bIsCoInitialized)
 {
@@ -278,7 +278,7 @@ FindTAPInterfaces(_In_ MSIHANDLE hInstall)
 #pragma comment(linker, DLLEXP_EXPORT)
 #endif
 
-openvpnmsica_debug_popup(TEXT(__FUNCTION__));
+debug_popup(TEXT(__FUNCTION__));
 
 UINT uiResult;
 BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
@@ -444,7 +444,7 @@ CloseOpenVPNGUI(_In_ MSIHANDLE hInstall)
 #endif
 UNREFERENCED_PARAMETER(hInstall); /* This CA is does not interact with MSI 
session (report errors, access properties, tables, etc.). */
 
-openvpnmsica_debug_popup(TEXT(__FUNCTION__));
+debug_popup(TEXT(__FUNCTION__));
 
 /* Find OpenVPN GUI window. */
 HWND hWnd = FindWindow(TEXT("OpenVPN-GUI"), NULL);
@@ -466,7 +466,7 @@ StartOpenVPNGUI(_In_ MSIHANDLE hInstall)
 #pragma comment(linker, DLLEXP_EXPORT)
 #endif
 
-openvpnmsica_debug_popup(TEXT(__FUNCTION__));
+debug_popup(TEXT(__FUNCTION__));
 
 UINT uiResult;
 BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
@@ -564,7 +564,11 @@ cleanup_CoInitialize:
  * @return ERROR_SUCCESS on success; An error code otherwise
  */
 static DWORD
-openvpnmsica_schedule_interface_create(_Inout_ struct msica_arg_seq *seq, 
_Inout_opt_ struct msica_arg_seq *seqRollback, _In_z_ LPCTSTR szDisplayName, 
_Inout_ int *iTicks)
+schedule_interface_create(
+_Inout_ struct msica_arg_seq *seq,
+_Inout_opt_ struct msica_arg_seq *seqRollback,
+_In_z_ LPCTSTR szDisplayName,
+_Inout_ int *iTicks)
 {
 /* Get all available network interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
@@ -658,7 +662,12 @@ cleanup_pInterfaceList:
  * @return ERROR_SUCCESS on success; An error code otherwise
  */
 static DWORD
-openvpnmsica_schedule_interface_delete(_Inout_ struct msica_arg_seq *seq, 
_Inout_opt_ struct msica_arg_seq *seqCommit, _Inout_opt_ struct msica_arg_seq 
*seqRollback, _In_z_ LPCTSTR szDisplayName, _Inout_ int *iTicks)
+schedule_interface_delete(
+_Inout_ struct msica_arg_seq *seq,
+_Inout_opt_ struct msica_arg_seq *seqCommit,
+_Inout_opt_ struct msica_arg_seq *seqRollback,
+_In_z_ LPCTSTR szDisplayName,
+_Inout_ int *iTicks)
 {
 /* Get available TUN/TAP interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
@@ -725,7 +734,7 @@ EvaluateTAPInterfaces(_In_ MSIHANDLE hInstall)
 #pragma comment(linker, DLLEXP_EXPORT)
 #endif
 
-openvpnmsica_debug_popup(TEXT(__FUNCTION__));
+debug_popup(TEXT(__FUNCTION__));
 
 UINT uiResult;
 BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
@@ -887,7 +896,7 @@ EvaluateTAPInterfaces(_In_ MSIHANDLE hInstall)
 free(szValue);
 
 /* Component is or should be installed. Schedule interface 
creation. */
-if (openvpnmsica_schedule_interface_create(
+if (schedule_interface_create(
 ,
 bRollbackEnabled ?  : 
NULL,
 szDisplayNameEx,
@@ -904,7 +913,7 @@ EvaluateTAPInterfaces(_In_ MSIHANDL

[Openvpn-devel] [PATCH 07/12] openvpnmsica, tapctl: "interface" => "adapter"

2020-03-09 Thread Simon Rozman 
Interface is not equal to adapter. A quote from Microsoft documentation:

> There is a one-to-one correspondence between the interfaces and
> adapters on a given computer. An interface is an IP-level abstraction,
> whereas an adapter is a datalink-level abstraction.

As tapctl and openvpnmsica are all about managing network adapters on
Windows computers, the terminology has been updated.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 366 
 src/openvpnmsica/openvpnmsica.h |  13 +-
 src/tapctl/main.c   | 150 ++---
 src/tapctl/tap.c| 182 
 src/tapctl/tap.h|  82 +++
 src/tapctl/tapctl_resources.rc  |   4 +-
 6 files changed, 399 insertions(+), 398 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 749dce56..1438d3f7 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -57,7 +57,7 @@
  * Local constants
  */
 
-#define MSICA_INTERFACE_TICK_SIZE (16*1024) /** Amount of tick space to 
reserve for one TAP/TUN interface creation/deletition. */
+#define MSICA_ADAPTER_TICK_SIZE (16*1024) /** Amount of tick space to reserve 
for one TAP/TUN adapter creation/deletition. */
 
 
 /**
@@ -272,7 +272,7 @@ FindSystemInfo(_In_ MSIHANDLE hInstall)
 
 
 UINT __stdcall
-FindTAPInterfaces(_In_ MSIHANDLE hInstall)
+FindTAPAdapters(_In_ MSIHANDLE hInstall)
 {
 #ifdef _MSC_VER
 #pragma comment(linker, DLLEXP_EXPORT)
@@ -285,15 +285,15 @@ FindTAPInterfaces(_In_ MSIHANDLE hInstall)
 
 OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
 
-/* Get all TUN/TAP network interfaces. */
-struct tap_interface_node *pInterfaceList = NULL;
-uiResult = tap_list_interfaces(NULL, NULL, , FALSE);
+/* Get all TUN/TAP network adapters. */
+struct tap_adapter_node *pAdapterList = NULL;
+uiResult = tap_list_adapters(NULL, NULL, , FALSE);
 if (uiResult != ERROR_SUCCESS)
 {
 goto cleanup_CoInitialize;
 }
 
-/* Get IPv4/v6 info for all network interfaces. Actually, we're interested 
in link status only: up/down? */
+/* Get IPv4/v6 info for all network adapters. Actually, we're interested 
in link status only: up/down? */
 PIP_ADAPTER_ADDRESSES pAdapterAdresses = NULL;
 ULONG ulAdapterAdressesSize = 16*1024;
 for (size_t iteration = 0; iteration < 2; iteration++)
@@ -302,7 +302,7 @@ FindTAPInterfaces(_In_ MSIHANDLE hInstall)
 if (pAdapterAdresses == NULL)
 {
 msg(M_NONFATAL, "%s: malloc(%u) failed", __FUNCTION__, 
ulAdapterAdressesSize);
-uiResult = ERROR_OUTOFMEMORY; goto cleanup_tap_list_interfaces;
+uiResult = ERROR_OUTOFMEMORY; goto cleanup_tap_list_adapters;
 }
 
 ULONG ulResult = GetAdaptersAddresses(
@@ -322,101 +322,101 @@ FindTAPInterfaces(_In_ MSIHANDLE hInstall)
 {
 SetLastError(ulResult); /* MSDN does not mention 
GetAdaptersAddresses() to set GetLastError(). But we do have an error code. Set 
last error manually. */
 msg(M_NONFATAL | M_ERRNO, "%s: GetAdaptersAddresses() failed", 
__FUNCTION__);
-uiResult = ulResult; goto cleanup_tap_list_interfaces;
+uiResult = ulResult; goto cleanup_tap_list_adapters;
 }
 }
 
-if (pInterfaceList != NULL)
+if (pAdapterList != NULL)
 {
-/* Count interfaces. */
-size_t interface_count = 0;
-for (struct tap_interface_node *pInterface = pInterfaceList; 
pInterface; pInterface = pInterface->pNext)
+/* Count adapters. */
+size_t adapter_count = 0;
+for (struct tap_adapter_node *pAdapter = pAdapterList; pAdapter; 
pAdapter = pAdapter->pNext)
 {
-interface_count++;
+adapter_count++;
 }
 
-/* Prepare semicolon delimited list of TAP interface ID(s) and active 
TAP interface ID(s). */
+/* Prepare semicolon delimited list of TAP adapter ID(s) and active 
TAP adapter ID(s). */
 LPTSTR
-szTAPInterfaces = (LPTSTR)malloc(interface_count * (38 
/*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR)),
-szTAPInterfacesTail = szTAPInterfaces;
-if (szTAPInterfaces == NULL)
+szTAPAdapters = (LPTSTR)malloc(adapter_count * (38 /*GUID*/ + 
1 /*separator/terminator*/) * sizeof(TCHAR)),
+szTAPAdaptersTail = szTAPAdapters;
+if (szTAPAdapters == NULL)
 {
-msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, 
interface_count * (38 /*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR));
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, adapter_count 
* (38 /*GUID*/ + 1 /*separator/terminator*/) * sizeof(TCHAR));
 uiResult = ERROR_OUTOFMEMORY; goto cleanup_pAdapterAdresses;
 }
 
 LPTSTR
-szTAPInterfacesActive = (LPT

[Openvpn-devel] [PATCH 01/12] openvpnmsica: Remove required Windows driver certification detection

2020-03-09 Thread Simon Rozman 
The MSI packages are switching to TAP-Windows6 and Wintun MSM modules to
install the TAP/TUN driver. The MSM modules have built-in Windows
version detection already.

This commit is now-dead-code clean up with uncrustification.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 129 +---
 1 file changed, 3 insertions(+), 126 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 16381ea1..4236330a 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -203,128 +203,6 @@ _openvpnmsica_debug_popup(_In_z_ LPCTSTR szFunctionName)
 #endif /* ifdef _DEBUG */
 
 
-/**
- * Detects Windows version and sets DRIVERCERTIFICATION property to "", 
"whql", or "attsgn"
- * accordingly.
- *
- * @param hInstall  Handle to the installation provided to the DLL custom 
action
- *
- * @return ERROR_SUCCESS on success; An error code otherwise
- * See: 
https://msdn.microsoft.com/en-us/library/windows/desktop/aa368072.aspx
- */
-static UINT
-openvpnmsica_set_driver_certification(_In_ MSIHANDLE hInstall)
-{
-UINT uiResult;
-
-/* Get Windows version. */
-#ifdef _MSC_VER
-#pragma warning(push)
-#pragma warning(disable: 4996) /* 'GetVersionExW': was declared deprecated. */
-#endif
-OSVERSIONINFOEX ver_info = { .dwOSVersionInfoSize = 
sizeof(OSVERSIONINFOEX) };
-if (!GetVersionEx((LPOSVERSIONINFO)_info))
-{
-uiResult = GetLastError();
-msg(M_NONFATAL | M_ERRNO, "%s: GetVersionEx() failed", __FUNCTION__);
-return uiResult;
-}
-#ifdef _MSC_VER
-#pragma warning(pop)
-#endif
-
-/* The Windows version is usually spoofed, check using RtlGetVersion(). */
-TCHAR szDllPath[0x1000];
-ExpandEnvironmentStrings(TEXT("%SystemRoot%\\System32\\ntdll.dll"), 
szDllPath,
-#ifdef UNICODE
- _countof(szDllPath)
-#else
- _countof(szDllPath) - 1
-#endif
- );
-HMODULE hNtDllModule = LoadLibrary(szDllPath);
-if (hNtDllModule)
-{
-typedef NTSTATUS (WINAPI* fnRtlGetVersion)(PRTL_OSVERSIONINFOW);
-fnRtlGetVersion RtlGetVersion = 
(fnRtlGetVersion)GetProcAddress(hNtDllModule, "RtlGetVersion");
-if (RtlGetVersion)
-{
-RTL_OSVERSIONINFOW rtl_ver_info = { .dwOSVersionInfoSize = 
sizeof(RTL_OSVERSIONINFOW) };
-if (RtlGetVersion(_ver_info) == 0)
-{
-if (
-rtl_ver_info.dwMajorVersion >  ver_info.dwMajorVersion
-|| rtl_ver_info.dwMajorVersion == ver_info.dwMajorVersion 
&& rtl_ver_info.dwMinorVersion >  ver_info.dwMinorVersion
-|| rtl_ver_info.dwMajorVersion == ver_info.dwMajorVersion 
&& rtl_ver_info.dwMinorVersion == ver_info.dwMinorVersion && 
rtl_ver_info.dwBuildNumber > ver_info.dwBuildNumber)
-{
-/* We got RtlGetVersion() and it reported newer version 
than GetVersionEx(). */
-ver_info.dwMajorVersion = rtl_ver_info.dwMajorVersion;
-ver_info.dwMinorVersion = rtl_ver_info.dwMinorVersion;
-ver_info.dwBuildNumber  = rtl_ver_info.dwBuildNumber;
-ver_info.dwPlatformId   = rtl_ver_info.dwPlatformId;
-}
-}
-}
-
-FreeLibrary(hNtDllModule);
-}
-
-/* We don't trust RtlGetVersion() either. Check the version resource of 
kernel32.dll. */
-ExpandEnvironmentStrings(TEXT("%SystemRoot%\\System32\\kernel32.dll"), 
szDllPath,
-#ifdef UNICODE
- _countof(szDllPath)
-#else
- _countof(szDllPath) - 1
-#endif
- );
-
-DWORD dwHandle;
-DWORD dwVerInfoSize = GetFileVersionInfoSize(szDllPath, );
-if (dwVerInfoSize)
-{
-LPVOID pVersionInfo = malloc(dwVerInfoSize);
-if (pVersionInfo)
-{
-/* Read version info. */
-if (GetFileVersionInfo(szDllPath, dwHandle, dwVerInfoSize, 
pVersionInfo))
-{
-/* Get the value for the root block. */
-UINT uiSize = 0;
-VS_FIXEDFILEINFO *pVSFixedFileInfo = NULL;
-if (VerQueryValue(pVersionInfo, TEXT("\\"), , 
) && uiSize && pVSFixedFileInfo)
-{
-if (HIWORD(pVSFixedFileInfo->dwProductVersionMS) >  
ver_info.dwMajorVersion
-|| HIWORD(pVSFixedFileInfo->dwProductVersionMS) == 
ver_info.dwMajorVersion && LOWORD(pVSFixedFileInfo->dwProductVersionMS) >  
ver_info.dwMinorVersion
-|| HIWORD(pVSFixedFileInfo->dwProductVersionMS) == 
ver_info.dwMajorVersion && LOWORD(pVSFixedFileInfo->dwProductVersionMS) == 
ver_info.dw

[Openvpn-devel] [PATCH 04/12] tapctl: Add functions for enabling/disabling adapters

2020-03-09 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/tapctl/tap.c | 287 ---
 src/tapctl/tap.h |  28 +
 2 files changed, 275 insertions(+), 40 deletions(-)

diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index b8249919..576f6740 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -47,6 +47,28 @@ const static TCHAR szInterfaceRegKeyPathTemplate[] = 
TEXT("SYSTEM\\CurrentContro
 #define INTERFACE_REGKEY_PATH_MAX 
(_countof(TEXT("SYSTEM\\CurrentControlSet\\Control\\Network\\")) - 1 + 38 + 
_countof(TEXT("\\")) - 1 + 38 + _countof(TEXT("\\Connection")))
 
 
+/**
+ * Function that performs a specific task on a device
+ *
+ * @param hDeviceInfoSet  A handle to a device information set that contains a 
device
+ *  information element that represents the device.
+ *
+ * @param pDeviceInfoData  A pointer to an SP_DEVINFO_DATA structure that 
specifies the
+ *  device information element in hDeviceInfoSet.
+ *
+ * @param pbRebootRequired  A pointer to a BOOL flag. If the device requires a 
system restart,
+ *  this flag is set to TRUE. Otherwise, the flag is left 
unmodified. This
+ *  allows the flag to be globally initialized to FALSE 
and reused for multiple
+ *  interface manipulations.
+ *
+ * @return ERROR_SUCCESS on success; Win32 error code otherwise
+ **/
+typedef DWORD (*devop_func_t)(
+_In_ HDEVINFO hDeviceInfoSet,
+_In_ PSP_DEVINFO_DATA pDeviceInfoData,
+_Inout_ LPBOOL pbRebootRequired);
+
+
 /**
  * Checks device install parameters if a system reboot is required.
  *
@@ -94,6 +116,186 @@ check_reboot(
 }
 
 
+/**
+ * Deletes the device.
+ *
+ * @param hDeviceInfoSet  A handle to a device information set that contains a 
device
+ *  information element that represents the device.
+ *
+ * @param pDeviceInfoData  A pointer to an SP_DEVINFO_DATA structure that 
specifies the
+ *  device information element in hDeviceInfoSet.
+ *
+ * @param pbRebootRequired  A pointer to a BOOL flag. If the device requires a 
system restart,
+ *  this flag is set to TRUE. Otherwise, the flag is left 
unmodified. This
+ *  allows the flag to be globally initialized to FALSE 
and reused for multiple
+ *  interface manipulations.
+ *
+ * @return ERROR_SUCCESS on success; Win32 error code otherwise
+ **/
+static DWORD
+delete_device(
+_In_ HDEVINFO hDeviceInfoSet,
+_In_ PSP_DEVINFO_DATA pDeviceInfoData,
+_Inout_ LPBOOL pbRebootRequired)
+{
+SP_REMOVEDEVICE_PARAMS params =
+{
+.ClassInstallHeader =
+{
+.cbSize = sizeof(SP_CLASSINSTALL_HEADER),
+.InstallFunction = DIF_REMOVE,
+},
+.Scope = DI_REMOVEDEVICE_GLOBAL,
+.HwProfile = 0,
+};
+
+/* Set class installer parameters for DIF_REMOVE. */
+if (!SetupDiSetClassInstallParams(
+hDeviceInfoSet,
+pDeviceInfoData,
+,
+sizeof(SP_REMOVEDEVICE_PARAMS)))
+{
+DWORD dwResult = GetLastError();
+msg(M_NONFATAL | M_ERRNO, "%s: SetupDiSetClassInstallParams failed", 
__FUNCTION__);
+return dwResult;
+}
+
+/* Call appropriate class installer. */
+if (!SetupDiCallClassInstaller(
+DIF_REMOVE,
+hDeviceInfoSet,
+pDeviceInfoData))
+{
+DWORD dwResult = GetLastError();
+msg(M_NONFATAL | M_ERRNO, "%s: SetupDiCallClassInstaller(DIF_REMOVE) 
failed", __FUNCTION__);
+return dwResult;
+}
+
+/* Check if a system reboot is required. */
+check_reboot(hDeviceInfoSet, pDeviceInfoData, pbRebootRequired);
+return ERROR_SUCCESS;
+}
+
+
+/**
+ * Changes the device state.
+ *
+ * @param hDeviceInfoSet  A handle to a device information set that contains a 
device
+ *  information element that represents the device.
+ *
+ * @param pDeviceInfoData  A pointer to an SP_DEVINFO_DATA structure that 
specifies the
+ *  device information element in hDeviceInfoSet.
+ *
+ * @param bEnable   TRUE to enable the device; FALSE to disable.
+ *
+ * @param pbRebootRequired  A pointer to a BOOL flag. If the device requires a 
system restart,
+ *  this flag is set to TRUE. Otherwise, the flag is left 
unmodified. This
+ *  allows the flag to be globally initialized to FALSE 
and reused for multiple
+ *  interface manipulations.
+ *
+ * @return ERROR_SUCCESS on success; Win32 error code otherwise
+ **/
+static DWORD
+change_device_state(
+_In_ HDEVINFO hDeviceInfoSet,
+_In_ PSP_DEVINFO_DATA pDeviceInfoData,
+_In_ BOOL bEnable,
+_Inout_ LPBOOL pbRebootRequired)
+{
+SP_PROPCHANGE_PARAMS params =
+{
+.ClassInstallHeader =
+

[Openvpn-devel] [PATCH 05/12] openvpnmsica: Revise MSI custom actions interop

2020-03-09 Thread Simon Rozman 
Sequence scripts in temporary files has been discontinued in favor of
much simpler sequence strings passed to individual custom actions.

Pros: no temporary files; less code
Cons: the evaluation phase must make a complete plan what to perform in
each deferred custom action

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/Makefile.am  |4 +-
 src/openvpnmsica/msica_arg.c  |  139 +++
 src/openvpnmsica/msica_arg.h  |  112 ++
 src/openvpnmsica/msica_op.c   | 1043 -
 src/openvpnmsica/msica_op.h   |  430 ---
 src/openvpnmsica/openvpnmsica.c   |  713 ++-
 src/openvpnmsica/openvpnmsica.vcxproj |4 +-
 src/openvpnmsica/openvpnmsica.vcxproj.filters |4 +-
 src/tapctl/basic.h|   19 +-
 src/tapctl/tap.c  |1 +
 10 files changed, 678 insertions(+), 1791 deletions(-)
 create mode 100644 src/openvpnmsica/msica_arg.c
 create mode 100644 src/openvpnmsica/msica_arg.h
 delete mode 100644 src/openvpnmsica/msica_op.c
 delete mode 100644 src/openvpnmsica/msica_op.h

diff --git a/src/openvpnmsica/Makefile.am b/src/openvpnmsica/Makefile.am
index db8502b8..9d18854a 100644
--- a/src/openvpnmsica/Makefile.am
+++ b/src/openvpnmsica/Makefile.am
@@ -2,7 +2,7 @@
 #  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
 #
 #  Copyright (C) 2002-2018 OpenVPN Inc 
-#  Copyright (C) 2018-2019 Simon Rozman 
+#  Copyright (C) 2018-2020 Simon Rozman 
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License version 2
@@ -48,7 +48,7 @@ endif
 libopenvpnmsica_la_SOURCES = \
dllmain.c \
msiex.c msiex.h \
-   msica_op.c msica_op.h \
+   msica_arg.c msica_arg.h \
openvpnmsica.c openvpnmsica.h \
$(top_srcdir)/src/tapctl/basic.h \
$(top_srcdir)/src/tapctl/error.c $(top_srcdir)/src/tapctl/error.h \
diff --git a/src/openvpnmsica/msica_arg.c b/src/openvpnmsica/msica_arg.c
new file mode 100644
index ..0014537a
--- /dev/null
+++ b/src/openvpnmsica/msica_arg.c
@@ -0,0 +1,139 @@
+/*
+ *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
+ *
+ *  Copyright (C) 2018-2020 Simon Rozman 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include 
+#elif defined(_MSC_VER)
+#include 
+#endif
+
+#include "msica_arg.h"
+#include "../tapctl/error.h"
+#include "../tapctl/tap.h"
+
+#include 
+#include 
+
+
+void
+msica_arg_seq_init(_Inout_ struct msica_arg_seq *seq)
+{
+seq->head = NULL;
+seq->tail = NULL;
+}
+
+
+void
+msica_arg_seq_free(_Inout_ struct msica_arg_seq *seq)
+{
+while (seq->head)
+{
+struct msica_arg *p = seq->head;
+seq->head = seq->head->next;
+free(p);
+}
+seq->tail = NULL;
+}
+
+
+void
+msica_arg_seq_add_head(
+_Inout_ struct msica_arg_seq *seq,
+_In_z_ LPCTSTR argument)
+{
+size_t argument_size = (_tcslen(argument) + 1) * sizeof(TCHAR);
+struct msica_arg *p = malloc(sizeof(struct msica_arg) + argument_size);
+if (p == NULL)
+{
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, sizeof(struct 
msica_arg) + argument_size);
+}
+memcpy(p->val, argument, argument_size);
+p->next = seq->head;
+seq->head = p;
+if (seq->tail == NULL)
+{
+seq->tail = p;
+}
+}
+
+
+void
+msica_arg_seq_add_tail(
+_Inout_ struct msica_arg_seq *seq,
+_Inout_ LPCTSTR argument)
+{
+size_t argument_size = (_tcslen(argument) + 1) * sizeof(TCHAR);
+struct msica_arg *p = malloc(sizeof(struct msica_arg) + argument_size);
+if (p == NULL)
+{
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, sizeof(struct 
msica_arg) + argument_size);
+}
+memcpy(p->val, argument, argument_size);
+p->next = NULL;
+*(seq->tail ? >tail->next : >head) = p;
+seq->tail = p;
+}
+
+
+LPTSTR
+msica_arg_seq_join(_In_ const struct msica_arg_seq *seq)
+{
+/* Count required space. */
+size_t size = 2 /*x + zero-t

[Openvpn-devel] [PATCH 10/12] openvpnmsica, tapctl: Revise default hardware ID management

2020-03-09 Thread Simon Rozman 
tap_create_adapter() and tap_list_adapter() no longer default to
"root\tap0901". Defining a default hardware ID value is at the
responsibility of upper layers that process user desires.

Since the tap_list_adapter() no longer defaults the hardware ID to
anything, its behavior was simplified to return all existing
adapters when a NULL hardware ID is specified.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c |  16 ++--
 src/tapctl/main.c   |  14 ++--
 src/tapctl/tap.c| 134 
 src/tapctl/tap.h|  17 ++--
 4 files changed, 86 insertions(+), 95 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index cfbda8da..ae9b007f 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -285,9 +285,9 @@ FindTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 
 OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
 
-/* Get all TUN/TAP network adapters. */
+/* Get existing network adapters. */
 struct tap_adapter_node *pAdapterList = NULL;
-uiResult = tap_list_adapters(NULL, NULL, , FALSE);
+uiResult = tap_list_adapters(NULL, NULL, );
 if (uiResult != ERROR_SUCCESS)
 {
 goto cleanup_CoInitialize;
@@ -573,9 +573,9 @@ schedule_adapter_create(
 _In_z_ LPCTSTR szHardwareId,
 _Inout_ int *iTicks)
 {
-/* Get all available network adapters. */
+/* Get existing network adapters. */
 struct tap_adapter_node *pAdapterList = NULL;
-DWORD dwResult = tap_list_adapters(NULL, NULL, , TRUE);
+DWORD dwResult = tap_list_adapters(NULL, NULL, );
 if (dwResult != ERROR_SUCCESS)
 {
 return dwResult;
@@ -674,9 +674,9 @@ schedule_adapter_delete(
 _In_z_ LPCTSTR szHardwareId,
 _Inout_ int *iTicks)
 {
-/* Get available adapters with given hardware ID. */
+/* Get adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-DWORD dwResult = tap_list_adapters(NULL, szHardwareId, , 
FALSE);
+DWORD dwResult = tap_list_adapters(NULL, szHardwareId, );
 if (dwResult != ERROR_SUCCESS)
 {
 return dwResult;
@@ -1125,9 +1125,9 @@ ProcessDeferredAction(_In_ MSIHANDLE hInstall)
 }
 }
 
-/* Get all available adapters. */
+/* Get existing adapters. */
 struct tap_adapter_node *pAdapterList = NULL;
-dwResult = tap_list_adapters(NULL, NULL, , TRUE);
+dwResult = tap_list_adapters(NULL, NULL, );
 if (dwResult == ERROR_SUCCESS)
 {
 /* Does the adapter exist? */
diff --git a/src/tapctl/main.c b/src/tapctl/main.c
index 1cc86424..fdeda7bf 100644
--- a/src/tapctl/main.c
+++ b/src/tapctl/main.c
@@ -177,7 +177,7 @@ _tmain(int argc, LPCTSTR argv[])
 else if (_tcsicmp(argv[1], TEXT("create")) == 0)
 {
 LPCTSTR szName = NULL;
-LPCTSTR szHwId = NULL;
+LPCTSTR szHwId = TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID);
 
 /* Parse options. */
 for (int i = 2; i < argc; i++)
@@ -214,9 +214,9 @@ _tmain(int argc, LPCTSTR argv[])
 
 if (szName)
 {
-/* Get the list of all available adapters. */
+/* Get existing network adapters. */
 struct tap_adapter_node *pAdapterList = NULL;
-dwResult = tap_list_adapters(NULL, szHwId, , TRUE);
+dwResult = tap_list_adapters(NULL, NULL, );
 if (dwResult != ERROR_SUCCESS)
 {
 _ftprintf(stderr, TEXT("Enumerating adapters failed (error 
0x%x).\n"), dwResult);
@@ -271,7 +271,7 @@ create_delete_adapter:
 }
 else if (_tcsicmp(argv[1], TEXT("list")) == 0)
 {
-LPCTSTR szHwId = NULL;
+LPCTSTR szHwId = TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID);
 
 /* Parse options. */
 for (int i = 2; i < argc; i++)
@@ -286,9 +286,9 @@ create_delete_adapter:
 }
 }
 
-/* Output list of TUN/TAP adapters. */
+/* Output list of adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-DWORD dwResult = tap_list_adapters(NULL, szHwId, , FALSE);
+DWORD dwResult = tap_list_adapters(NULL, szHwId, );
 if (dwResult != ERROR_SUCCESS)
 {
 _ftprintf(stderr, TEXT("Enumerating TUN/TAP adapters failed (error 
0x%x).\n"), dwResult);
@@ -319,7 +319,7 @@ create_delete_adapter:
 {
 /* The argument failed to covert to GUID. Treat it as the adapter 
name. */
 struct tap_adapter_node *pAdapterList = NULL;
-DWORD dwResult = tap_list_adapters(NULL, NULL, , 
FALSE);
+DWORD dwResult = tap_list_adapters(NULL, NULL, );
 if (dwResult != ERROR_SUCCESS)
 {
 _ftprintf(stderr, TEXT("Enumerating TUN/TAP adapters faile

[Openvpn-devel] [PATCH 02/12] openvpnmsica: Fix TAPInterface.DisplayName field interpretation

2020-03-09 Thread Simon Rozman 
The DisplayName field type is Filename in the MSI database. This means
it must be authored as "8.3" filename, or "8.3|long filename".

This issue does not appear until interface names grow longer than 8
characters, or contain characters invalid in 8.3 filename notation.

Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 4236330a..e1f0b77d 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -2,7 +2,7 @@
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
  *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
- *  Copyright (C) 2018 Simon Rozman 
+ *  Copyright (C) 2018-2020 Simon Rozman 
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
@@ -752,6 +752,9 @@ EvaluateTAPInterfaces(_In_ MSIHANDLE hInstall)
 {
 goto cleanup_hRecord;
 }
+/* `DisplayName` field type is 
[Filename](https://docs.microsoft.com/en-us/windows/win32/msi/filename), which 
is either "8.3|long name" or "8.3". */
+LPTSTR szDisplayNameEx = _tcschr(szDisplayName, TEXT('|'));
+szDisplayNameEx = szDisplayNameEx != NULL ? szDisplayNameEx + 1 : 
szDisplayName;
 
 if (iAction > INSTALLSTATE_BROKEN)
 {
@@ -796,7 +799,7 @@ EvaluateTAPInterfaces(_In_ MSIHANDLE hInstall)
 msica_op_tap_interface_create,
 MSICA_INTERFACE_TICK_SIZE,
 NULL,
-szDisplayName));
+szDisplayNameEx));
 }
 else
 {
@@ -807,7 +810,7 @@ EvaluateTAPInterfaces(_In_ MSIHANDLE hInstall)
 msica_op_tap_interface_delete_by_name,
 MSICA_INTERFACE_TICK_SIZE,
 NULL,
-szDisplayName));
+szDisplayNameEx));
 }
 
 /* The amount of tick space to add for each interface to progress 
indicator. */
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 09/12] openvpnmsica: Extend to support arbitrary HWID network adapters

2020-03-09 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpnmsica/openvpnmsica.c | 73 ++---
 1 file changed, 49 insertions(+), 24 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 4223b680..cfbda8da 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -555,7 +555,9 @@ cleanup_CoInitialize:
  * @param seqRollback   The argument sequence to pass to 
InstallTUNTAPAdaptersRollback custom
  *  action. NULL when rollback is disabled.
  *
- * @param szDisplayName  Adapter display name.
+ * @param szDisplayName  Adapter display name
+ *
+ * @param szHardwareId  Adapter hardware ID
  *
  * @param iTicksPointer to an integer that represents amount of work 
(on progress
  *  indicator) the InstallTUNTAPAdapters will take. This 
function increments it
@@ -568,6 +570,7 @@ schedule_adapter_create(
 _Inout_ struct msica_arg_seq *seq,
 _Inout_opt_ struct msica_arg_seq *seqRollback,
 _In_z_ LPCTSTR szDisplayName,
+_In_z_ LPCTSTR szHardwareId,
 _Inout_ int *iTicks)
 {
 /* Get all available network adapters. */
@@ -584,13 +587,14 @@ schedule_adapter_create(
 if (pAdapterOther == NULL)
 {
 /* No adapter with a same name found. */
-TCHAR szArgument[10 /*create=""|deleteN=""*/ + MAX_PATH 
/*szDisplayName*/ + 1 /*terminator*/];
+TCHAR szArgument[10 /*create=""|deleteN=""*/ + MAX_PATH 
/*szDisplayName*/ + 1 /*|*/ + MAX_PATH /*szHardwareId*/ + 1 /*terminator*/];
 
 /* InstallTUNTAPAdapters will create the adapter. */
 _stprintf_s(
 szArgument, _countof(szArgument),
-TEXT("create=\"%.*s\""),
-MAX_PATH, szDisplayName);
+TEXT("create=\"%.*s|%.*s\""),
+MAX_PATH, szDisplayName,
+MAX_PATH, szHardwareId);
 msica_arg_seq_add_tail(seq, szArgument);
 
 if (seqRollback)
@@ -613,16 +617,14 @@ schedule_adapter_create(
 {
 if (hwid[0] == 0)
 {
-/* This is not a TAP adapter. */
+/* This adapter has a different hardware ID. */
 msg(M_NONFATAL, "%s: Adapter with name \"%" PRIsLPTSTR "\" 
already exists", __FUNCTION__, pAdapterOther->szName);
 dwResult = ERROR_ALREADY_EXISTS;
 goto cleanup_pAdapterList;
 }
-else if (
-_tcsicmp(hwid, TEXT(TAP_WIN_COMPONENT_ID)) == 0
-|| _tcsicmp(hwid, TEXT("root\\") 
TEXT(TAP_WIN_COMPONENT_ID)) == 0)
+else if (_tcsicmp(hwid, szHardwareId) == 0)
 {
-/* This is a TAP-Windows6 adapter. We already have what we 
want! */
+/* This is an adapter with the requested hardware ID. We 
already have what we want! */
 break;
 }
 }
@@ -653,7 +655,9 @@ cleanup_pAdapterList:
  * @param seqRollback   The argument sequence to pass to 
UninstallTUNTAPAdaptersRollback custom
  *  action. NULL when rollback is disabled.
  *
- * @param szDisplayName  Adapter display name.
+ * @param szDisplayName  Adapter display name
+ *
+ * @param szHardwareId  Adapter hardware ID
  *
  * @param iTicksPointer to an integer that represents amount of work 
(on progress
  *  indicator) the UninstallTUNTAPAdapters will take. This 
function increments
@@ -667,11 +671,12 @@ schedule_adapter_delete(
 _Inout_opt_ struct msica_arg_seq *seqCommit,
 _Inout_opt_ struct msica_arg_seq *seqRollback,
 _In_z_ LPCTSTR szDisplayName,
+_In_z_ LPCTSTR szHardwareId,
 _Inout_ int *iTicks)
 {
-/* Get available TUN/TAP adapters. */
+/* Get available adapters with given hardware ID. */
 struct tap_adapter_node *pAdapterList = NULL;
-DWORD dwResult = tap_list_adapters(NULL, NULL, , FALSE);
+DWORD dwResult = tap_list_adapters(NULL, szHardwareId, , 
FALSE);
 if (dwResult != ERROR_SUCCESS)
 {
 return dwResult;
@@ -780,7 +785,7 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 
 /* Prepare a query to get a list/view of adapters. */
 MSIHANDLE hViewST = 0;
-LPCTSTR szQuery = TEXT("SELECT 
`Adapter`,`DisplayName`,`Condition`,`Component_` FROM `TUNTAPAdapter`");
+LPCTSTR szQuery = TEXT("SELECT 
`Adapter`,`DisplayName`,`Condition`,`Component_`,`HardwareId` FROM 
`TUNTAPAdapter`");
 uiResult = MsiDatabaseOpenView(hDatabase, szQuery, );
 if (uiResult != ERROR_SUCCESS)
 {
@@ -857,6 +862,14 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall)
 LPTSTR szDisplayNameEx = _tcschr(szDisplayName, TEXT('|'));
 sz

[Openvpn-devel] [PATCH 03/12] tapctl: Update documentation

2020-03-09 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/tapctl/tap.c | 17 -
 src/tapctl/tap.h | 18 +-
 2 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index 464ce725..b8249919 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -2,7 +2,7 @@
  *  tapctl -- Utility to manipulate TUN/TAP interfaces on Windows
  *https://community.openvpn.net/openvpn/wiki/Tapctl
  *
- *  Copyright (C) 2018 Simon Rozman 
+ *  Copyright (C) 2018-2020 Simon Rozman 
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
@@ -51,15 +51,15 @@ const static TCHAR szInterfaceRegKeyPathTemplate[] = 
TEXT("SYSTEM\\CurrentContro
  * Checks device install parameters if a system reboot is required.
  *
  * @param hDeviceInfoSet  A handle to a device information set that contains a 
device
- *  information element that represents the device for 
which to
+ *  information element that represents the device.
  *
  * @param pDeviceInfoData  A pointer to an SP_DEVINFO_DATA structure that 
specifies the
  *  device information element in hDeviceInfoSet.
  *
- * @param pbRebootRequired  A pointer to a BOOL flag. If the interface 
installation requires
- *  a system restart, this flag is set to TRUE. Otherwise, 
the flag is
- *  left unmodified. This allows the flag to be globally 
initialized to
- *  FALSE and reused for multiple interface installations.
+ * @param pbRebootRequired  A pointer to a BOOL flag. If the device requires a 
system restart,
+ *  this flag is set to TRUE. Otherwise, the flag is left 
unmodified. This
+ *  allows the flag to be globally initialized to FALSE 
and reused for multiple
+ *  interface manipulations.
  *
  * @return ERROR_SUCCESS on success; Win32 error code otherwise
  **/
@@ -244,7 +244,7 @@ get_reg_string(
  * Returns network interface ID.
  *
  * @param hDeviceInfoSet  A handle to a device information set that contains a 
device
- *  information element that represents the device for 
which to
+ *  information element that represents the device.
  *
  * @param pDeviceInfoData  A pointer to an SP_DEVINFO_DATA structure that 
specifies the
  *  device information element in hDeviceInfoSet.
@@ -330,8 +330,7 @@ get_net_interface_guid(
  * Returns a specified Plug and Play device property.
  *
  * @param hDeviceInfoSet  A handle to a device information set that contains a 
device
- *  information element that represents the device for 
which to
- *  retrieve a Plug and Play property.
+ *  information element that represents the device.
  *
  * @param pDeviceInfoData  A pointer to an SP_DEVINFO_DATA structure that 
specifies the
  *  device information element in hDeviceInfoSet.
diff --git a/src/tapctl/tap.h b/src/tapctl/tap.h
index f74a39df..ca66e5da 100644
--- a/src/tapctl/tap.h
+++ b/src/tapctl/tap.h
@@ -2,7 +2,7 @@
  *  tapctl -- Utility to manipulate TUN/TAP interfaces on Windows
  *https://community.openvpn.net/openvpn/wiki/Tapctl
  *
- *  Copyright (C) 2018 Simon Rozman 
+ *  Copyright (C) 2018-2020 Simon Rozman 
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
@@ -41,10 +41,10 @@
  *  of the device. This pointer is optional and can be 
NULL. Default value
  *  is root\tap0901.
  *
- * @param pbRebootRequired  A pointer to a BOOL flag. If the interface 
installation requires
- *  a system restart, this flag is set to TRUE. Otherwise, 
the flag is
- *  left unmodified. This allows the flag to be globally 
initialized to
- *  FALSE and reused for multiple interface installations.
+ * @param pbRebootRequired  A pointer to a BOOL flag. If the device requires a 
system restart,
+ *  this flag is set to TRUE. Otherwise, the flag is left 
unmodified. This
+ *  allows the flag to be globally initialized to FALSE 
and reused for multiple
+ *  interface manipulations.
  *
  * @param pguidInterface  A pointer to GUID that receives network interface ID.
  *
@@ -70,10 +70,10 @@ tap_create_interface(
  *
  * @param pguidInterface  A pointer to GUID that contains network interface ID.
  *
- * @param pbRebootRequired  A pointer to a BOOL flag. If the interface 
installation requires
- *  a system restart, this flag is set to TRUE. Otherwise, 
the flag is
- *  left unmodified. This allows the flag to be globally 
initia

Re: [Openvpn-devel] [PATCH 1/2] Skip DNS address validation

2020-02-06 Thread Simon Rozman 
Hi,

My thoughts exactly: as Lev pointed out:
https://github.com/rozmansi/openvpn/commit/6b746cb0bf72a75e9963cc1a037c18cfb
856702a

Acked-by: Simon Rozman 

Domagoj, if it's not too much for you, maybe document the reason why DNS
validation is so slow in the commit message. My wording went like this:

> DNS validation usually fails, as the pushed routes should be added first
> to make DNS servers not part of the OpenVPN subnet reachable before
> instructing Windows to use them.

Maybe Gert can update the commit message when applying?

One day somebody might revert that DNS validation back to default, as the
long-term shot would be to upgrade the OpenVPN to setup routes first, then
configure DNS servers.

But then there's ValdikSS with thousands of routes in his .ovpn setup...

Best regards,
Simon



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] wintun: check for conflicting options

2020-02-05 Thread Simon Rozman 
`--windows-driver wintun` requires `--dev tun`. This is now checked and
documented.

Signed-off-by: Simon Rozman 
---
 doc/openvpn.8 | 4 
 src/openvpn/options.c | 7 ++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 8feb3b9c..e2227a47 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -6257,6 +6257,10 @@ Specifies which tun driver to use. Values are
 (default) and
 .B wintun.
 This is Windows-only option.
+"wintun" requires
+.B \-\-dev tun
+and the OpenVPN process to run elevated, or be invoked using
+the Interactive Service.
 .\"*
 .TP
 .B \-\-dhcp\-renew
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index c459b260..101cca38 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2204,7 +2204,12 @@ options_postprocess_verify_ce(const struct options 
*options, const struct connec
 {
 msg(M_USAGE, "--dhcp-options requires --ip-win32 dynamic or adaptive");
 }
-#endif
+
+if (options->windows_driver == WINDOWS_DRIVER_WINTUN && dev != 
DEV_TYPE_TUN)
+{
+msg(M_USAGE, "--windows-driver wintun requires --dev tun");
+}
+#endif /* ifdef _WIN32 */
 
 /*
  * Check that protocol options make sense.
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] wintun: upgrade error message in case of ring registration failure

2020-02-05 Thread Simon Rozman 
Rather than have the Interactive Service return a custom 0x2004
(ERROR_REGISTER_RING_BUFFERS) error, return the true GetLastError() code
that the TUN_IOCTL_REGISTER_RINGS provides.

Signed-off-by: Simon Rozman 
---
 src/openvpn/ring_buffer.h |  2 +-
 src/openvpn/tun.c | 18 +++---
 src/openvpnserv/interactive.c |  3 +--
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/openvpn/ring_buffer.h b/src/openvpn/ring_buffer.h
index 3522c984..af46f106 100644
--- a/src/openvpn/ring_buffer.h
+++ b/src/openvpn/ring_buffer.h
@@ -92,7 +92,7 @@ struct TUN_PACKET
  *that data is available for reading in send ring
  * @param receive_tail_moved  event set by openvpn to signal wintun
  *that data has been written to receive ring
- * @returntrue if registration is successful, false 
otherwise
+ * @returntrue if registration is successful, false 
otherwise - use GetLastError()
  */
 bool register_ring_buffers(HANDLE device,
struct tun_ring *send_ring,
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index af09e676..27fcb785 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -5943,7 +5943,7 @@ tuntap_set_ip_addr(struct tuntap *tt,
 }
 
 static bool
-wintun_register_ring_buffer(struct tuntap *tt)
+wintun_register_ring_buffer(struct tuntap *tt, const char *device_guid)
 {
 bool ret = true;
 
@@ -5975,7 +5975,19 @@ wintun_register_ring_buffer(struct tuntap *tt)
 tt->rw_handle.read,
 tt->rw_handle.write))
 {
-msg(M_NONFATAL, "Failed to register ring buffers: %lu", 
GetLastError());
+switch (GetLastError())
+{
+case ERROR_ACCESS_DENIED:
+msg(M_FATAL, "Access denied registering ring buffers. Is 
this process run as SYSTEM?");
+break;
+
+case ERROR_ALREADY_INITIALIZED:
+msg(M_NONFATAL, "Adapter %s is already in use", 
device_guid);
+break;
+
+default:
+msg(M_NONFATAL | M_ERRNO, "Failed to register ring 
buffers");
+}
 ret = false;
 }
 if (!RevertToSelf())
@@ -6197,7 +6209,7 @@ tun_try_open_device(struct tuntap *tt, const char 
*device_guid, const struct dev
 if (tt->windows_driver == WINDOWS_DRIVER_WINTUN)
 {
 /* Wintun adapter may be considered "open" after ring buffers are 
successfuly registered. */
-if (!wintun_register_ring_buffer(tt))
+if (!wintun_register_ring_buffer(tt, device_guid))
 {
 msg(D_TUNTAP_INFO, "Failed to register %s adapter ring buffers", 
device_guid);
 CloseHandle(tt->hand);
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index 6e72a141..5b250225 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -51,7 +51,6 @@
 #define ERROR_STARTUP_DATA   0x2001
 #define ERROR_MESSAGE_DATA   0x2002
 #define ERROR_MESSAGE_TYPE   0x2003
-#define ERROR_REGISTER_RING_BUFFERS  0x2004
 
 static SERVICE_STATUS_HANDLE service;
 static SERVICE_STATUS status = { .dwServiceType = SERVICE_WIN32_SHARE_PROCESS 
};
@@ -1308,8 +1307,8 @@ HandleRegisterRingBuffers(const 
register_ring_buffers_message_t *rrb, HANDLE ovp
 if (!register_ring_buffers(ring_buffer_handles->device, send_ring, 
receive_ring,
ring_buffer_handles->send_tail_moved, 
ring_buffer_handles->receive_tail_moved))
 {
+err = GetLastError();
 MsgToEventLog(M_SYSERR, TEXT("Could not register ring buffers"));
-err = ERROR_REGISTER_RING_BUFFERS;
 }
 
 return err;
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] tun.c: uncrustify

2020-02-05 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 117 +++---
 src/openvpn/tun.h |   8 ++--
 2 files changed, 63 insertions(+), 62 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 070b0fa0..47c3088d 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -817,7 +817,7 @@ init_tun_post(struct tuntap *tt,
 tt->rw_handle.read = tt->reads.overlapped.hEvent;
 tt->rw_handle.write = tt->writes.overlapped.hEvent;
 }
-#endif
+#endif /* ifdef _WIN32 */
 }
 
 #if defined(_WIN32)\
@@ -1397,18 +1397,18 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 {
 switch (tt->options.ip_win32_type)
 {
-case IPW32_SET_MANUAL:
-msg(M_INFO,
-" NOTE:  Please manually set the IP/netmask of 
'%s' to %s/%s (if it is not already set)",
-ifname, ifconfig_local,
-print_in_addr_t(tt->adapter_netmask, 0, ));
-break;
-
-case IPW32_SET_NETSH:
-netsh_ifconfig(>options, ifname, tt->local,
-   tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS);
-
-break;
+case IPW32_SET_MANUAL:
+msg(M_INFO,
+" NOTE:  Please manually set the IP/netmask of 
'%s' to %s/%s (if it is not already set)",
+ifname, ifconfig_local,
+print_in_addr_t(tt->adapter_netmask, 0, ));
+break;
+
+case IPW32_SET_NETSH:
+netsh_ifconfig(>options, ifname, tt->local,
+   tt->adapter_netmask, 
NI_IP_NETMASK|NI_OPTIONS);
+
+break;
 }
 }
 }
@@ -3481,7 +3481,7 @@ tun_finalize(
 }
 
 static const struct device_instance_id_interface *
-get_device_instance_id_interface(struct gc_arena* gc)
+get_device_instance_id_interface(struct gc_arena *gc)
 {
 HDEVINFO dev_info_set;
 DWORD err;
@@ -3552,7 +3552,7 @@ get_device_instance_id_interface(struct gc_arena* gc)
 }
 
 cr = CM_Get_Device_Interface_List_Size(_interface_list_size,
-   (LPGUID)& GUID_DEVINTERFACE_NET,
+   (LPGUID)_DEVINTERFACE_NET,
device_instance_id,

CM_GET_DEVICE_INTERFACE_LIST_PRESENT);
 
@@ -3562,7 +3562,7 @@ get_device_instance_id_interface(struct gc_arena* gc)
 }
 
 dev_interface_list = alloc_buf_gc(dev_interface_list_size, gc);
-cr = CM_Get_Device_Interface_List((LPGUID)& GUID_DEVINTERFACE_NET, 
device_instance_id,
+cr = CM_Get_Device_Interface_List((LPGUID)_DEVINTERFACE_NET, 
device_instance_id,
   BPTR(_interface_list),
   dev_interface_list_size,
   
CM_GET_DEVICE_INTERFACE_LIST_PRESENT);
@@ -3571,7 +3571,7 @@ get_device_instance_id_interface(struct gc_arena* gc)
 goto next;
 }
 
-struct device_instance_id_interface* dev_if;
+struct device_instance_id_interface *dev_if;
 ALLOC_OBJ_CLEAR_GC(dev_if, struct device_instance_id_interface, gc);
 dev_if->net_cfg_instance_id = string_alloc(net_cfg_instance_id, gc);
 dev_if->device_interface_list = 
string_alloc(BSTR(_interface_list), gc);
@@ -3587,7 +3587,7 @@ get_device_instance_id_interface(struct gc_arena* gc)
 }
 last = dev_if;
 
-next:
+next:
 RegCloseKey(dev_key);
 }
 
@@ -3694,8 +3694,8 @@ get_tap_reg(struct gc_arena *gc)
 {
 /* Is this adapter supported? */
 enum windows_driver_type windows_driver = 
WINDOWS_DRIVER_UNSPECIFIED;
-if (strcasecmp(component_id, TAP_WIN_COMPONENT_ID) == 0 ||
-strcasecmp(component_id, "root\\" 
TAP_WIN_COMPONENT_ID) == 0)
+if (strcasecmp(component_id, TAP_WIN_COMPONENT_ID) == 0
+|| strcasecmp(component_id, "root\\" 
TAP_WIN_COMPONENT_ID) == 0)
 {
 windows_driver = WINDOWS_DRIVER_TAP_WINDOWS6;
 }
@@ -5768,8 +5768,8 @@ tuntap_get_version_info(const struct tuntap *tt)
 DWORD len;
 CLEAR(info);
 if (DeviceIoControl(tt->hand, TAP_WIN_IOCTL_GET_VERSION,
-, sizeof(info),
-, sizeof(info), , NULL))
+, sizeof(info),
+, sizeof(info), , NULL))
 {
 msg(D_TUNTAP_INFO, "TAP-Windows Driver Version %d.%d %s",
 (int)info[0],
@@ -5808,8 +5808,8

[Openvpn-devel] [PATCH] tun.c: refactor driver detection and make it case-insensitive

2020-02-05 Thread Simon Rozman 
Hardware IDs are case insensitive on Windows.

Furthermore the driver detection logic has been made more explicit and
easier to read.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index af09e676..070b0fa0 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -3692,11 +3692,19 @@ get_tap_reg(struct gc_arena *gc)
 
 if (status == ERROR_SUCCESS && data_type == REG_SZ)
 {
+/* Is this adapter supported? */
 enum windows_driver_type windows_driver = 
WINDOWS_DRIVER_UNSPECIFIED;
+if (strcasecmp(component_id, TAP_WIN_COMPONENT_ID) == 0 ||
+strcasecmp(component_id, "root\\" 
TAP_WIN_COMPONENT_ID) == 0)
+{
+windows_driver = WINDOWS_DRIVER_TAP_WINDOWS6;
+}
+else if (strcasecmp(component_id, WINTUN_COMPONENT_ID) == 
0)
+{
+windows_driver = WINDOWS_DRIVER_WINTUN;
+}
 
-if ((windows_driver = WINDOWS_DRIVER_TAP_WINDOWS6, 
!strcmp(component_id, TAP_WIN_COMPONENT_ID))
-|| (windows_driver = WINDOWS_DRIVER_TAP_WINDOWS6, 
!strcmp(component_id, "root\\" TAP_WIN_COMPONENT_ID))
-|| (windows_driver = WINDOWS_DRIVER_WINTUN, 
!strcmp(component_id, WINTUN_COMPONENT_ID)))
+if (windows_driver != WINDOWS_DRIVER_UNSPECIFIED)
 {
 struct tap_reg *reg;
 ALLOC_OBJ_CLEAR_GC(reg, struct tap_reg, gc);
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] wintun: refactor code to use enum driver type

2020-01-16 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/forward.c |   4 +-
 src/openvpn/init.c|   2 +-
 src/openvpn/options.c |  16 +++
 src/openvpn/options.h |   2 +-
 src/openvpn/tun.c | 108 --
 src/openvpn/tun.h |  16 +--
 6 files changed, 75 insertions(+), 73 deletions(-)

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6b823613..ea10f0bf 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1258,7 +1258,7 @@ read_incoming_tun(struct context *c)
 c->c2.buf = c->c2.buffers->read_tun_buf;
 
 #ifdef _WIN32
-if (c->c1.tuntap->wintun)
+if (c->c1.tuntap->windows_driver == WINDOWS_DRIVER_WINTUN)
 {
 read_wintun(c->c1.tuntap, >c2.buf);
 if (c->c2.buf.len == -1)
@@ -1274,7 +1274,7 @@ read_incoming_tun(struct context *c)
 {
 read_tun_buffered(c->c1.tuntap, >c2.buf);
 }
-#else
+#else  /* ifdef _WIN32 */
 ASSERT(buf_init(>c2.buf, FRAME_HEADROOM(>c2.frame)));
 ASSERT(buf_safe(>c2.buf, MAX_RW_SIZE_TUN(>c2.frame)));
 c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(>c2.buf), 
MAX_RW_SIZE_TUN(>c2.frame));
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 0bdb0a9c..ec444f47 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1734,7 +1734,7 @@ do_init_tun(struct context *c)
 >net_ctx);
 
 #ifdef _WIN32
-c->c1.tuntap->wintun = c->options.wintun;
+c->c1.tuntap->windows_driver = c->options.windows_driver;
 #endif
 
 init_tun_post(c->c1.tuntap,
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index a6f40e10..709ba4bb 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -854,7 +854,7 @@ init_options(struct options *o, const bool init_gc)
 o->tuntap_options.dhcp_masq_offset = 0; /* use network address as 
internal DHCP server address */
 o->route_method = ROUTE_METHOD_ADAPTIVE;
 o->block_outside_dns = false;
-o->wintun = false;
+o->windows_driver = WINDOWS_DRIVER_TAP_WINDOWS6;
 #endif
 o->vlan_accept = VLAN_ALL;
 o->vlan_pvid = 1;
@@ -3002,7 +3002,7 @@ options_postprocess_mutate_invariant(struct options 
*options)
 
 #ifdef _WIN32
 /* when using wintun, kernel doesn't send DHCP requests, so use netsh to 
set IP address and netmask */
-if (options->wintun)
+if (options->windows_driver == WINDOWS_DRIVER_WINTUN)
 {
 options->tuntap_options.ip_win32_type = IPW32_SET_NETSH;
 }
@@ -4076,23 +4076,23 @@ foreign_option(struct options *o, char *argv[], int 
len, struct env_set *es)
  *
  * @param str   value of --windows-driver option
  * @param msglevel  msglevel to report parsing error
- * @return bool true if --windows-driver is wintun, false otherwise
+ * @return enum windows_driver_type  driver type, WINDOWS_DRIVER_UNSPECIFIED 
on unknown --windows-driver value
  */
-static bool
+static enum windows_driver_type
 parse_windows_driver(const char *str, const int msglevel)
 {
 if (streq(str, "tap-windows6"))
 {
-return false;
+return WINDOWS_DRIVER_TAP_WINDOWS6;
 }
 else if (streq(str, "wintun"))
 {
-return true;
+return WINDOWS_DRIVER_WINTUN;
 }
 else
 {
 msg(msglevel, "--windows-driver must be tap-windows6 or wintun");
-return false;
+return WINDOWS_DRIVER_UNSPECIFIED;
 }
 }
 #endif
@@ -5367,7 +5367,7 @@ add_option(struct options *options,
 else if (streq(p[0], "windows-driver") && p[1] && !p[2])
 {
 VERIFY_PERMISSION(OPT_P_GENERAL);
-options->wintun = parse_windows_driver(p[1], M_FATAL);
+options->windows_driver = parse_windows_driver(p[1], M_FATAL);
 }
 #endif
 else if (streq(p[0], "dev-node") && p[1] && !p[2])
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 7fd2c00f..84d05f26 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -634,7 +634,7 @@ struct options
 bool show_net_up;
 int route_method;
 bool block_outside_dns;
-bool wintun;
+enum windows_driver_type windows_driver;
 #endif
 
 bool use_peer_id;
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 32a3f756..af09e676 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -786,7 +786,7 @@ init_tun_post(struct tuntap *tt,
 overlapped_io_init(>writes, frame, TRUE, true);
 tt->adapter_index = TUN_ADAPTER_INDEX_INVALID;
 
-if (tt->wintun)
+if (tt->windows_driver == WINDOWS_DRIVER_WINTUN)
 {
 tt->wintun_send_ring_handle = CreateFileMapping(INVALID_HANDLE_VALUE, 
NULL,
 PAGE_READWRITE,
@@ -1388,7 +1388,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, 
int tun_mtu,
 {
 ASSERT(

Re: [Openvpn-devel] [PATCH] options.c: do not force route delay when not using DHCP

2020-01-16 Thread Simon Rozman 
Code looks reasonable. Tested it.

Acked-by: Simon Rozman 

Best regards,
Simon

> -Original Message-
> From: Lev Stipakov 
> Sent: Thursday, December 19, 2019 2:30 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH] options.c: do not force route delay
> when not using DHCP
> 
> From: Lev Stipakov 
> 
> Route delay may be only necessary when we perform DHCP handshake. When
> we use IPAPI / netsh / manual, no delay needed.
> 
> Signed-off-by: Lev Stipakov 
> ---
>  src/openvpn/options.c | 19 +++
>  1 file changed, 11 insertions(+), 8 deletions(-)
> 
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c index
> cebcbb07..a6f40e10 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -3001,9 +3001,18 @@ options_postprocess_mutate_invariant(struct
> options *options)
>  }
> 
>  #ifdef _WIN32
> +/* when using wintun, kernel doesn't send DHCP requests, so use
> netsh to set IP address and netmask */
> +if (options->wintun)
> +{
> +options->tuntap_options.ip_win32_type = IPW32_SET_NETSH;
> +}
> +
>  if ((dev == DEV_TYPE_TUN || dev == DEV_TYPE_TAP) && !options-
> >route_delay_defined)
>  {
> -if (options->mode == MODE_POINT_TO_POINT)
> +/* delay may only be necessary when we perform DHCP handshake
> */
> +const bool dhcp = (options->tuntap_options.ip_win32_type ==
> IPW32_SET_DHCP_MASQ)
> +  || (options->tuntap_options.ip_win32_type ==
> IPW32_SET_ADAPTIVE);
> +if ((options->mode == MODE_POINT_TO_POINT) && dhcp)
>  {
>  options->route_delay_defined = true;
>  options->route_delay = 5; /* Vista sometimes has a race
> without this */ @@ -3016,14 +3025,8 @@
> options_postprocess_mutate_invariant(struct options *options)
>  options->ifconfig_noexec = false;
>  }
> 
> -/* for wintun kernel doesn't send DHCP requests, so use netsh to
> set IP address and netmask */
> -if (options->wintun)
> -{
> -options->tuntap_options.ip_win32_type = IPW32_SET_NETSH;
> -}
> -
>  remap_redirect_gateway_flags(options);
> -#endif
> +#endif /* ifdef _WIN32 */
> 
>  #if P2MP_SERVER
>  /*
> --
> 2.17.1
> 
> 
> 
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

2020-01-08 Thread Simon Rozman 
Wintun doesn't have its own I/O device. Rather, it taps on existing
Windows-provided NDIS device. Sending TAP-Windows6 IOCTL requests to it
is risky, as TAP-Windows6 is using one of the well-known device types
(FILE_DEVICE_UNKNOWN) with function IDs as 1, 2, 3 etc. raising a chance
of collision as NDIS might react to one of these IOCTLs.

Signed-off-by: Simon Rozman 
---
 src/openvpn/error.c | 5 -
 src/openvpn/sig.c   | 7 +--
 src/openvpn/tun.c   | 4 ++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index b2492f2b..ad4f0ef4 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
@@ -688,7 +688,10 @@ x_check_status(int status,
 }
 #elif defined(_WIN32)
 /* get possible driver error from TAP-Windows driver */
-extended_msg = tap_win_getinfo(tt, );
+if (tuntap_defined(tt))
+{
+extended_msg = tap_win_getinfo(tt, );
+}
 #endif
 if (!ignore_sys_error(my_errno))
 {
diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c
index d7f2abb8..6e3379fe 100644
--- a/src/openvpn/sig.c
+++ b/src/openvpn/sig.c
@@ -317,8 +317,11 @@ print_status(const struct context *c, struct status_output 
*so)
 #ifdef _WIN32
 if (tuntap_defined(c->c1.tuntap))
 {
-status_printf(so, "TAP-WIN32 driver status,\"%s\"",
-  tap_win_getinfo(c->c1.tuntap, ));
+const char *extended_msg = tap_win_getinfo(c->c1.tuntap, );
+if (extended_msg)
+{
+status_printf(so, "TAP-WIN32 driver status,\"%s\"", extended_msg);
+}
 }
 #endif
 
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 30fb78b2..e36c49b1 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6411,7 +6411,7 @@ open_tun(const char *dev, const char *dev_type, const 
char *dev_node, struct tun
 const char *
 tap_win_getinfo(const struct tuntap *tt, struct gc_arena *gc)
 {
-if (tt && tt->hand != NULL)
+if (!tt->wintun)
 {
 struct buffer out = alloc_buf_gc(256, gc);
 DWORD len;
@@ -6429,7 +6429,7 @@ tap_win_getinfo(const struct tuntap *tt, struct gc_arena 
*gc)
 void
 tun_show_debug(struct tuntap *tt)
 {
-if (tt && tt->hand != NULL)
+if (!tt->wintun)
 {
 struct buffer out = alloc_buf(1024);
 DWORD len;
-- 
2.24.1.windows.2

v3 changes:
* tuntap_defined() checks revised according to Lev's recommendations


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3 4/7] wintun: register ring buffers when iterating adapters

2019-12-20 Thread Simon Rozman 
Wintun adapters may be considered available if ring buffer registration
succeeded. Therefore, we must attempt to register ring buffers when
iterating adapters and continue on failure.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 111 +++---
 1 file changed, 65 insertions(+), 46 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index c6bbbd41..aef2c7f8 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6129,11 +6129,72 @@ tuntap_dhcp_mask(const struct tuntap *tt, const char 
*device_guid)
 gc_free();
 }
 
+static bool
+tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct 
device_instance_id_interface *device_instance_id_interface)
+{
+const char *path = NULL;
+char tuntap_device_path[256];
+
+if (tt->wintun)
+{
+const struct device_instance_id_interface *dev_if;
+
+/* Open Wintun adapter */
+for (dev_if = device_instance_id_interface; dev_if != NULL; dev_if = 
dev_if->next)
+{
+if (strcmp(dev_if->net_cfg_instance_id, device_guid) == 0)
+{
+path = dev_if->device_interface_list;
+break;
+}
+}
+if (path == NULL)
+{
+return false;
+}
+}
+else
+{
+/* Open TAP-Windows adapter */
+openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), 
"%s%s%s",
+USERMODEDEVICEDIR,
+device_guid,
+TAP_WIN_SUFFIX);
+path = tuntap_device_path;
+}
+
+tt->hand = CreateFile(path,
+   GENERIC_READ | GENERIC_WRITE,
+   0,/* was: FILE_SHARE_READ */
+   0,
+   OPEN_EXISTING,
+   FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
+   0);
+if (tt->hand == INVALID_HANDLE_VALUE)
+{
+msg(D_TUNTAP_INFO, "CreateFile failed on %s device: %s", tt->wintun ? 
"Wintun" : "TAP-Windows", path);
+return false;
+}
+
+if (tt->wintun)
+{
+/* Wintun adapter may be considered "open" after ring buffers are 
successfuly registered. */
+if (!wintun_register_ring_buffer(tt))
+{
+msg(D_TUNTAP_INFO, "Failed to register %s adapter ring buffers", 
device_guid);
+CloseHandle(tt->hand);
+tt->hand = NULL;
+return false;
+}
+}
+
+return true;
+}
+
 static void
 tun_open_device(struct tuntap *tt, const char *dev_node, const char 
**device_guid)
 {
 struct gc_arena gc = gc_new();
-char *path = NULL;
 char tuntap_device_path[256];
 const struct tap_reg* tap_reg = get_tap_reg();
 const struct panel_reg* panel_reg = get_panel_reg();
@@ -6197,27 +6258,11 @@ tun_open_device(struct tuntap *tt, const char 
*dev_node, const char **device_gui
 
 if (tt->wintun)
 {
-const struct device_instance_id_interface* dev_if;
-
 if (!is_picked_device_wintun)
 {
 /* wintun driver specified but picked adapter is not 
wintun, proceed to next one */
 goto next;
 }
-
-path = NULL;
-for (dev_if = device_instance_id_interface; dev_if != NULL; 
dev_if = dev_if->next)
-{
-if (strcmp(dev_if->net_cfg_instance_id, *device_guid) == 0)
-{
-path = (char*)dev_if->device_interface_list;
-break;
-}
-}
-if (path == NULL)
-{
-goto next;
-}
 }
 else
 {
@@ -6226,28 +6271,9 @@ tun_open_device(struct tuntap *tt, const char *dev_node, 
const char **device_gui
 /* tap-windows6 driver specified but picked adapter is 
wintun, proceed to next one */
 goto next;
 }
-
-/* Open Windows TAP-Windows adapter */
-openvpn_snprintf(tuntap_device_path, 
sizeof(tuntap_device_path), "%s%s%s",
- USERMODEDEVICEDIR,
- *device_guid,
- TAP_WIN_SUFFIX);
-path = tuntap_device_path;
 }
 
-tt->hand = CreateFile(path,
-  GENERIC_READ | GENERIC_WRITE,
-  0,/* was: FILE_SHARE_READ */
-  0,
-  OPEN_EXISTING,
-  FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
-  0);
-
-

[Openvpn-devel] [PATCH v2 3/7] tun.c: make wintun_register_ring_buffer() non-fatal on failures

2019-12-20 Thread Simon Rozman 
Wintun allows multiple handles to be opened on it's NDIS device pipe.
Just by succeeding to open the pipe does not warrant the adapter is
unused.

When iterating for available Wintun adapter, we will need to try
registering ring buffers with each one to actually determine which one
is used and which one is not.

Therefore, a failure to register ring buffers should be detectable, but
not M_FATAL.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 26 ++
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f90f201d..c6bbbd41 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -5647,11 +5647,12 @@ register_dns_service(const struct tuntap *tt)
 gc_free();
 }
 
-static void
+static bool
 service_register_ring_buffers(const struct tuntap *tt)
 {
 HANDLE msg_channel = tt->options.msg_channel;
 ack_message_t ack;
+bool ret = true;
 struct gc_arena gc = gc_new();
 
 register_ring_buffers_message_t msg = {
@@ -5669,13 +5670,13 @@ service_register_ring_buffers(const struct tuntap *tt)
 
 if (!send_msg_iservice(msg_channel, , sizeof(msg), , "Register 
ring buffers"))
 {
-gc_free();
-return;
+ret = false;
 }
 else if (ack.error_number != NO_ERROR)
 {
-msg(M_FATAL, "Register ring buffers failed using service: %s 
[status=0x%x]",
+msg(M_NONFATAL, "Register ring buffers failed using service: %s 
[status=0x%x]",
 strerror_win32(ack.error_number, ), ack.error_number);
+ret = false;
 }
 else
 {
@@ -5683,6 +5684,7 @@ service_register_ring_buffers(const struct tuntap *tt)
 }
 
 gc_free();
+return ret;
 }
 
 void
@@ -5922,9 +5924,11 @@ tuntap_set_ip_addr(struct tuntap *tt,
 gc_free();
 }
 
-static void
+static bool
 wintun_register_ring_buffer(struct tuntap *tt)
 {
+bool ret = true;
+
 tt->wintun_send_ring = (struct tun_ring 
*)MapViewOfFile(tt->wintun_send_ring_handle,
 
FILE_MAP_ALL_ACCESS,
 0,
@@ -5939,7 +5943,7 @@ wintun_register_ring_buffer(struct tuntap *tt)
 
 if (tt->options.msg_channel)
 {
-service_register_ring_buffers(tt);
+ret = service_register_ring_buffers(tt);
 }
 else
 {
@@ -5953,13 +5957,16 @@ wintun_register_ring_buffer(struct tuntap *tt)
 tt->rw_handle.read,
 tt->rw_handle.write))
 {
-msg(M_FATAL, "ERROR:  Failed to register ring buffers: %lu", 
GetLastError());
+msg(M_NONFATAL, "Failed to register ring buffers: %lu", 
GetLastError());
+ret = false;
 }
 if (!RevertToSelf())
 {
 msg(M_FATAL, "ERROR:  RevertToSelf error: %lu", GetLastError());
 }
 }
+
+return ret;
 }
 
 static void
@@ -6367,7 +6374,10 @@ open_tun(const char *dev, const char *dev_type, const 
char *dev_node, struct tun
 
 if (tt->wintun)
 {
-wintun_register_ring_buffer(tt);
+if (!wintun_register_ring_buffer(tt))
+{
+msg(M_FATAL, "Failed to register ring buffers");
+}
 }
 else
 {
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 5/7] wintun: add support for --dev-node

2019-12-20 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 38 --
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index f56682ef..18f06bb6 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6196,7 +6196,6 @@ static void
 tun_open_device(struct tuntap *tt, const char *dev_node, const char 
**device_guid)
 {
 struct gc_arena gc = gc_new();
-char tuntap_device_path[256];
 const struct tap_reg* tap_reg = get_tap_reg();
 const struct panel_reg* panel_reg = get_panel_reg();
 const struct device_instance_id_interface* device_instance_id_interface = 
get_device_instance_id_interface();
@@ -6209,31 +6208,34 @@ tun_open_device(struct tuntap *tt, const char 
*dev_node, const char **device_gui
  */
 if (dev_node)
 {
+bool is_picked_device_wintun = false;
+
 /* Get the device GUID for the device specified with --dev-node. */
-*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), NULL, tap_reg, panel_reg, );
+*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), _picked_device_wintun, tap_reg, panel_reg, );
 
 if (!*device_guid)
 {
-msg(M_FATAL, "TAP-Windows adapter '%s' not found", dev_node);
+msg(M_FATAL, "Adapter '%s' not found", dev_node);
 }
 
-/* Open Windows TAP-Windows adapter */
-openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), 
"%s%s%s",
- USERMODEDEVICEDIR,
- *device_guid,
- TAP_WIN_SUFFIX);
-
-tt->hand = CreateFile(tuntap_device_path,
-  GENERIC_READ | GENERIC_WRITE,
-  0,/* was: FILE_SHARE_READ */
-  0,
-  OPEN_EXISTING,
-  FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
-  0);
+if (tt->wintun)
+{
+if (!is_picked_device_wintun)
+{
+msg(M_FATAL, "Adapter '%s' is TAP-Windows, Wintun expected. If 
you want to use this device, remove --windows-driver wintun.", dev_node);
+}
+}
+else
+{
+if (is_picked_device_wintun)
+{
+msg(M_FATAL, "Adapter '%s' is Wintun, TAP-Windows expected. If 
you want to use this device, add --windows-driver wintun.", dev_node);
+}
+}
 
-if (tt->hand == INVALID_HANDLE_VALUE)
+if (!tun_try_open_device(tt, *device_guid, 
device_instance_id_interface))
 {
-msg(M_ERR, "CreateFile failed on TAP device: %s", 
tuntap_device_path);
+msg(M_FATAL, "Failed to open %s adapter: %s", tt->wintun ? 
"Wintun" : "TAP-Windows", dev_node);
 }
 }
 else
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 4/7] wintun: register ring buffers when iterating adapters

2019-12-20 Thread Simon Rozman 
Wintun adapters may be considered available if ring buffer registration
succeeded. Therefore, we must attempt to register ring buffers when
iterating adapters and continue on failure.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 112 +++---
 1 file changed, 66 insertions(+), 46 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index c6bbbd41..f56682ef 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6129,11 +6129,73 @@ tuntap_dhcp_mask(const struct tuntap *tt, const char 
*device_guid)
 gc_free();
 }
 
+static bool
+tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct 
device_instance_id_interface *device_instance_id_interface)
+{
+const char *path = NULL;
+char tuntap_device_path[256];
+HANDLE h;
+
+if (tt->wintun)
+{
+const struct device_instance_id_interface *dev_if;
+
+/* Open Wintun adapter */
+for (dev_if = device_instance_id_interface; dev_if != NULL; dev_if = 
dev_if->next)
+{
+if (strcmp(dev_if->net_cfg_instance_id, device_guid) == 0)
+{
+path = dev_if->device_interface_list;
+break;
+}
+}
+if (path == NULL)
+{
+return false;
+}
+}
+else
+{
+/* Open TAP-Windows adapter */
+openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), 
"%s%s%s",
+USERMODEDEVICEDIR,
+device_guid,
+TAP_WIN_SUFFIX);
+path = tuntap_device_path;
+}
+
+h = CreateFile(path,
+   GENERIC_READ | GENERIC_WRITE,
+   0,/* was: FILE_SHARE_READ */
+   0,
+   OPEN_EXISTING,
+   FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
+   0);
+if (h == INVALID_HANDLE_VALUE)
+{
+msg(D_TUNTAP_INFO, "CreateFile failed on %s device: %s", tt->wintun ? 
"Wintun" : "TAP-Windows", path);
+return false;
+}
+
+if (tt->wintun)
+{
+/* Wintun adapter may be considered "open" after ring buffers are 
successfuly registered. */
+if (!wintun_register_ring_buffer(tt))
+{
+msg(D_TUNTAP_INFO, "Failed to register %s adapter ring buffers", 
device_guid);
+CloseHandle(h);
+return false;
+}
+}
+
+tt->hand = h;
+return true;
+}
+
 static void
 tun_open_device(struct tuntap *tt, const char *dev_node, const char 
**device_guid)
 {
 struct gc_arena gc = gc_new();
-char *path = NULL;
 char tuntap_device_path[256];
 const struct tap_reg* tap_reg = get_tap_reg();
 const struct panel_reg* panel_reg = get_panel_reg();
@@ -6197,27 +6259,11 @@ tun_open_device(struct tuntap *tt, const char 
*dev_node, const char **device_gui
 
 if (tt->wintun)
 {
-const struct device_instance_id_interface* dev_if;
-
 if (!is_picked_device_wintun)
 {
 /* wintun driver specified but picked adapter is not 
wintun, proceed to next one */
 goto next;
 }
-
-path = NULL;
-for (dev_if = device_instance_id_interface; dev_if != NULL; 
dev_if = dev_if->next)
-{
-if (strcmp(dev_if->net_cfg_instance_id, *device_guid) == 0)
-{
-path = (char*)dev_if->device_interface_list;
-break;
-}
-}
-if (path == NULL)
-{
-goto next;
-}
 }
 else
 {
@@ -6226,28 +6272,9 @@ tun_open_device(struct tuntap *tt, const char *dev_node, 
const char **device_gui
 /* tap-windows6 driver specified but picked adapter is 
wintun, proceed to next one */
 goto next;
 }
-
-/* Open Windows TAP-Windows adapter */
-openvpn_snprintf(tuntap_device_path, 
sizeof(tuntap_device_path), "%s%s%s",
- USERMODEDEVICEDIR,
- *device_guid,
- TAP_WIN_SUFFIX);
-path = tuntap_device_path;
 }
 
-tt->hand = CreateFile(path,
-  GENERIC_READ | GENERIC_WRITE,
-  0,/* was: FILE_SHARE_READ */
-  0,
-  OPEN_EXISTING,
-  FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
-  0);
-
-if (tt->hand == INVAL

[Openvpn-devel] [PATCH v2 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

2019-12-20 Thread Simon Rozman 
Wintun doesn't have its own I/O device. Rather, it taps on existing
Windows-provided NDIS device. Sending TAP-Windows6 IOCTL requests to it
is risky, as TAP-Windows6 is using one of the well-known device types
(FILE_DEVICE_UNKNOWN) with function IDs as 1, 2, 3 etc. raising a chance
of collision as NDIS might react to one of these IOCTLs.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 18f06bb6..6762402c 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6412,7 +6412,7 @@ open_tun(const char *dev, const char *dev_type, const 
char *dev_node, struct tun
 const char *
 tap_win_getinfo(const struct tuntap *tt, struct gc_arena *gc)
 {
-if (tt && tt->hand != NULL)
+if (tuntap_defined(tt) && !tt->wintun)
 {
 struct buffer out = alloc_buf_gc(256, gc);
 DWORD len;
@@ -6430,7 +6430,7 @@ tap_win_getinfo(const struct tuntap *tt, struct gc_arena 
*gc)
 void
 tun_show_debug(struct tuntap *tt)
 {
-if (tt && tt->hand != NULL)
+if (tuntap_defined(tt) && !tt->wintun)
 {
 struct buffer out = alloc_buf(1024);
 DWORD len;
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 7/7] tun.c: reword the at_least_one_tap_win() error

2019-12-20 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 6762402c..4e16f989 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -4031,7 +4031,7 @@ at_least_one_tap_win(const struct tap_reg *tap_reg)
 {
 if (!tap_reg)
 {
-msg(M_FATAL, "There are no TAP-Windows adapters on this system.  You 
should be able to create a TAP-Windows adapter by going to Start -> All 
Programs -> TAP-Windows -> Utilities -> Add a new TAP-Windows virtual ethernet 
adapter.");
+msg(M_FATAL, "There are no TAP-Windows nor Wintun adapters on this 
system.  You should be able to create an adapter by using tapctl.exe utility.");
 }
 }
 
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2 2/7] tun.c: upgrade get_device_guid() to return the Windows driver type

2019-12-20 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 17 +
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 0d6f40fe..f90f201d 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -4104,12 +4104,13 @@ get_unspecified_device_guid(const int device_number,
 
 /*
  * Lookup a --dev-node adapter name in the registry
- * returning the GUID and optional actual_name.
+ * returning the GUID and optional actual_name and device type
  */
 static const char *
 get_device_guid(const char *name,
 char *actual_name,
 int actual_name_size,
+bool *wintun,
 const struct tap_reg *tap_reg,
 const struct panel_reg *panel_reg,
 struct gc_arena *gc)
@@ -4145,6 +4146,10 @@ get_device_guid(const char *name,
 {
 buf_printf(, "%s", name);
 }
+if (wintun)
+{
+*wintun = tr->wintun;
+}
 return BSTR();
 }
 
@@ -4154,6 +4159,10 @@ get_device_guid(const char *name,
 if (tr)
 {
 buf_printf(, "%s", name);
+if (wintun)
+{
+*wintun = tr->wintun;
+}
 buf_printf(, "%s", tr->guid);
 return BSTR();
 }
@@ -4838,7 +4847,7 @@ tap_allow_nonadmin_access(const char *dev_node)
 if (dev_node)
 {
 /* Get the device GUID for the device specified with --dev-node. */
-device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), tap_reg, panel_reg, );
+device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), NULL, tap_reg, panel_reg, );
 
 if (!device_guid)
 {
@@ -5412,7 +5421,7 @@ netsh_get_id(const char *dev_node, struct gc_arena *gc)
 
 if (dev_node)
 {
-guid = get_device_guid(dev_node, BPTR(), BCAP(), 
tap_reg, panel_reg, gc);
+guid = get_device_guid(dev_node, BPTR(), BCAP(), NULL, 
tap_reg, panel_reg, gc);
 }
 else
 {
@@ -6132,7 +6141,7 @@ tun_open_device(struct tuntap *tt, const char *dev_node, 
const char **device_gui
 if (dev_node)
 {
 /* Get the device GUID for the device specified with --dev-node. */
-*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), tap_reg, panel_reg, );
+*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), NULL, tap_reg, panel_reg, );
 
 if (!*device_guid)
 {
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 6/7] wintun: stop sending TAP-Windows6 ioctls to NDIS device

2019-12-19 Thread Simon Rozman 
Wintun doesn't have its own I/O device. Rather, it taps on existing
Windows-provided NDIS device. Sending TAP-Windows6 IOCTL requests to it
is risky, as TAP-Windows6 is using one of the well-known device types
(FILE_DEVICE_UNKNOWN) with function IDs as 1, 2, 3 etc. raising a chance
of collision as NDIS might react to one of these IOCTLs.

Signed-off-by: Simon Rozman 
---
 src/openvpn/error.c   | 5 -
 src/openvpn/forward.c | 2 +-
 src/openvpn/sig.c | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index b2492f2b..8d91a131 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
@@ -688,7 +688,10 @@ x_check_status(int status,
 }
 #elif defined(_WIN32)
 /* get possible driver error from TAP-Windows driver */
-extended_msg = tap_win_getinfo(tt, );
+if (!tt->wintun)
+{
+extended_msg = tap_win_getinfo(tt, );
+}
 #endif
 if (!ignore_sys_error(my_errno))
 {
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6b823613..2bc9d871 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1956,7 +1956,7 @@ pre_select(struct context *c)
 if (check_debug_level(D_TAP_WIN_DEBUG))
 {
 c->c2.timeval.tv_sec = 1;
-if (tuntap_defined(c->c1.tuntap))
+if (tuntap_defined(c->c1.tuntap) && !c->c1.tuntap->wintun)
 {
 tun_show_debug(c->c1.tuntap);
 }
diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c
index d7f2abb8..f02aa57c 100644
--- a/src/openvpn/sig.c
+++ b/src/openvpn/sig.c
@@ -315,7 +315,7 @@ print_status(const struct context *c, struct status_output 
*so)
 status_printf(so, "Post-decrypt truncations," counter_format, 
c->c2.n_trunc_post_decrypt);
 #endif
 #ifdef _WIN32
-if (tuntap_defined(c->c1.tuntap))
+if (tuntap_defined(c->c1.tuntap) && !c->c1.tuntap->wintun)
 {
 status_printf(so, "TAP-WIN32 driver status,\"%s\"",
   tap_win_getinfo(c->c1.tuntap, ));
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 4/7] wintun: register ring buffers when iterating adapters

2019-12-19 Thread Simon Rozman 
Wintun adapters may be considered available if ring buffer registration
succeeded. Therefore, we must attempt to register ring buffers when
iterating adapters and continue on failure.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 110 +++---
 1 file changed, 64 insertions(+), 46 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 220dee87..9dc9b3a2 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6129,11 +6129,71 @@ tuntap_dhcp_mask(const struct tuntap *tt, const char 
*device_guid)
 gc_free();
 }
 
+static bool
+tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct 
device_instance_id_interface *device_instance_id_interface)
+{
+const char *path = NULL;
+char tuntap_device_path[256];
+
+if (tt->wintun)
+{
+const struct device_instance_id_interface *dev_if;
+
+/* Open Wintun adapter */
+for (dev_if = device_instance_id_interface; dev_if != NULL; dev_if = 
dev_if->next)
+{
+if (strcmp(dev_if->net_cfg_instance_id, device_guid) == 0)
+{
+path = dev_if->device_interface_list;
+break;
+}
+}
+if (path == NULL)
+{
+return false;
+}
+}
+else
+{
+/* Open TAP-Windows adapter */
+openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), 
"%s%s%s",
+USERMODEDEVICEDIR,
+device_guid,
+TAP_WIN_SUFFIX);
+path = tuntap_device_path;
+}
+
+tt->hand = CreateFile(path,
+  GENERIC_READ | GENERIC_WRITE,
+  0,/* was: FILE_SHARE_READ */
+  0,
+  OPEN_EXISTING,
+  FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
+  0);
+
+if (tt->hand == INVALID_HANDLE_VALUE)
+{
+msg(D_TUNTAP_INFO, "CreateFile failed on %s device: %s", tt->wintun ? 
"Wintun" : "TAP-Windows", path);
+return false;
+}
+
+if (tt->wintun)
+{
+/* Wintun adapter may be considered "open" after ring buffers are 
successfuly registered. */
+if (!wintun_register_ring_buffer(tt))
+{
+msg(D_TUNTAP_INFO, "Failed to register %s adapter ring buffers", 
device_guid);
+return false;
+}
+}
+
+return true;
+}
+
 static void
 tun_open_device(struct tuntap *tt, const char *dev_node, const char 
**device_guid)
 {
 struct gc_arena gc = gc_new();
-char *path = NULL;
 char tuntap_device_path[256];
 const struct tap_reg* tap_reg = get_tap_reg();
 const struct panel_reg* panel_reg = get_panel_reg();
@@ -6197,27 +6257,11 @@ tun_open_device(struct tuntap *tt, const char 
*dev_node, const char **device_gui
 
 if (tt->wintun)
 {
-const struct device_instance_id_interface* dev_if;
-
 if (!is_picked_device_wintun)
 {
 /* wintun driver specified but picked adapter is not 
wintun, proceed to next one */
 goto next;
 }
-
-path = NULL;
-for (dev_if = device_instance_id_interface; dev_if != NULL; 
dev_if = dev_if->next)
-{
-if (strcmp(dev_if->net_cfg_instance_id, *device_guid) == 0)
-{
-path = (char*)dev_if->device_interface_list;
-break;
-}
-}
-if (path == NULL)
-{
-goto next;
-}
 }
 else
 {
@@ -6226,28 +6270,9 @@ tun_open_device(struct tuntap *tt, const char *dev_node, 
const char **device_gui
 /* tap-windows6 driver specified but picked adapter is 
wintun, proceed to next one */
 goto next;
 }
-
-/* Open Windows TAP-Windows adapter */
-openvpn_snprintf(tuntap_device_path, 
sizeof(tuntap_device_path), "%s%s%s",
- USERMODEDEVICEDIR,
- *device_guid,
- TAP_WIN_SUFFIX);
-path = tuntap_device_path;
 }
 
-tt->hand = CreateFile(path,
-  GENERIC_READ | GENERIC_WRITE,
-  0,/* was: FILE_SHARE_READ */
-  0,
-  OPEN_EXISTING,
-  FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
-  0);
-
-if (tt->hand == IN

[Openvpn-devel] [PATCH 2/7] tun.c: upgrade get_device_guid() to return the Windows driver type

2019-12-19 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 053a8232..623ed37b 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -4110,6 +4110,7 @@ static const char *
 get_device_guid(const char *name,
 char *actual_name,
 int actual_name_size,
+bool *wintun,
 const struct tap_reg *tap_reg,
 const struct panel_reg *panel_reg,
 struct gc_arena *gc)
@@ -4145,6 +4146,10 @@ get_device_guid(const char *name,
 {
 buf_printf(, "%s", name);
 }
+if (wintun)
+{
+*wintun = tr->wintun;
+}
 return BSTR();
 }
 
@@ -4154,6 +4159,10 @@ get_device_guid(const char *name,
 if (tr)
 {
 buf_printf(, "%s", name);
+if (wintun)
+{
+*wintun = tr->wintun;
+}
 buf_printf(, "%s", tr->guid);
 return BSTR();
 }
@@ -4838,7 +4847,7 @@ tap_allow_nonadmin_access(const char *dev_node)
 if (dev_node)
 {
 /* Get the device GUID for the device specified with --dev-node. */
-device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), tap_reg, panel_reg, );
+device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), NULL, tap_reg, panel_reg, );
 
 if (!device_guid)
 {
@@ -5412,7 +5421,7 @@ netsh_get_id(const char *dev_node, struct gc_arena *gc)
 
 if (dev_node)
 {
-guid = get_device_guid(dev_node, BPTR(), BCAP(), 
tap_reg, panel_reg, gc);
+guid = get_device_guid(dev_node, BPTR(), BCAP(), NULL, 
tap_reg, panel_reg, gc);
 }
 else
 {
@@ -6132,7 +6141,7 @@ tun_open_device(struct tuntap *tt, const char *dev_node, 
const char **device_gui
 if (dev_node)
 {
 /* Get the device GUID for the device specified with --dev-node. */
-*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), tap_reg, panel_reg, );
+*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), NULL, tap_reg, panel_reg, );
 
 if (!*device_guid)
 {
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 5/7] wintun: add support for --dev-node

2019-12-19 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 38 --
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 9dc9b3a2..8508b9c0 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -6194,7 +6194,6 @@ static void
 tun_open_device(struct tuntap *tt, const char *dev_node, const char 
**device_guid)
 {
 struct gc_arena gc = gc_new();
-char tuntap_device_path[256];
 const struct tap_reg* tap_reg = get_tap_reg();
 const struct panel_reg* panel_reg = get_panel_reg();
 const struct device_instance_id_interface* device_instance_id_interface = 
get_device_instance_id_interface();
@@ -6207,31 +6206,34 @@ tun_open_device(struct tuntap *tt, const char 
*dev_node, const char **device_gui
  */
 if (dev_node)
 {
+bool is_picked_device_wintun = false;
+
 /* Get the device GUID for the device specified with --dev-node. */
-*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), NULL, tap_reg, panel_reg, );
+*device_guid = get_device_guid(dev_node, actual_buffer, 
sizeof(actual_buffer), _picked_device_wintun, tap_reg, panel_reg, );
 
 if (!*device_guid)
 {
-msg(M_FATAL, "TAP-Windows adapter '%s' not found", dev_node);
+msg(M_FATAL, "Adapter '%s' not found", dev_node);
 }
 
-/* Open Windows TAP-Windows adapter */
-openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), 
"%s%s%s",
- USERMODEDEVICEDIR,
- *device_guid,
- TAP_WIN_SUFFIX);
-
-tt->hand = CreateFile(tuntap_device_path,
-  GENERIC_READ | GENERIC_WRITE,
-  0,/* was: FILE_SHARE_READ */
-  0,
-  OPEN_EXISTING,
-  FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
-  0);
+if (tt->wintun)
+{
+if (!is_picked_device_wintun)
+{
+msg(M_FATAL, "Adapter '%s' is TAP-Windows, Wintun expected", 
dev_node);
+}
+}
+else
+{
+if (is_picked_device_wintun)
+{
+msg(M_FATAL, "Adapter '%s' is Wintun, TAP-Windows expected", 
dev_node);
+}
+}
 
-if (tt->hand == INVALID_HANDLE_VALUE)
+if (!tun_try_open_device(tt, *device_guid, 
device_instance_id_interface))
 {
-msg(M_ERR, "CreateFile failed on TAP device: %s", 
tuntap_device_path);
+msg(M_FATAL, "Failed to open %s adapter: %s", tt->wintun ? 
"Wintun" : "TAP-Windows", dev_node);
 }
 }
 else
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/7] tun.c: make wintun_register_ring_buffer() non-fatal on failures

2019-12-19 Thread Simon Rozman 
Wintun allows multiple handles to be opened on it's NDIS device pipe.
Just by succeeding to open the pipe does not warrant the adapter is
unused.

When iterating for available Wintun adapter, we will need to try
registering ring buffers with each one to actually determine which one
is used and which one is not.

Therefore, a failure to register ring buffers should be detectable, but
not M_FATAL.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 26 ++
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 623ed37b..220dee87 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -5647,11 +5647,12 @@ register_dns_service(const struct tuntap *tt)
 gc_free();
 }
 
-static void
+static bool
 service_register_ring_buffers(const struct tuntap *tt)
 {
 HANDLE msg_channel = tt->options.msg_channel;
 ack_message_t ack;
+bool ret = true;
 struct gc_arena gc = gc_new();
 
 register_ring_buffers_message_t msg = {
@@ -5669,13 +5670,13 @@ service_register_ring_buffers(const struct tuntap *tt)
 
 if (!send_msg_iservice(msg_channel, , sizeof(msg), , "Register 
ring buffers"))
 {
-gc_free();
-return;
+ret = false;
 }
 else if (ack.error_number != NO_ERROR)
 {
-msg(M_FATAL, "Register ring buffers failed using service: %s 
[status=0x%x]",
+msg(M_NONFATAL, "Register ring buffers failed using service: %s 
[status=0x%x]",
 strerror_win32(ack.error_number, ), ack.error_number);
+ret = false;
 }
 else
 {
@@ -5683,6 +5684,7 @@ service_register_ring_buffers(const struct tuntap *tt)
 }
 
 gc_free();
+return ret;
 }
 
 void
@@ -5922,9 +5924,11 @@ tuntap_set_ip_addr(struct tuntap *tt,
 gc_free();
 }
 
-static void
+static bool
 wintun_register_ring_buffer(struct tuntap *tt)
 {
+bool ret = true;
+
 tt->wintun_send_ring = (struct tun_ring 
*)MapViewOfFile(tt->wintun_send_ring_handle,
 
FILE_MAP_ALL_ACCESS,
 0,
@@ -5939,7 +5943,7 @@ wintun_register_ring_buffer(struct tuntap *tt)
 
 if (tt->options.msg_channel)
 {
-service_register_ring_buffers(tt);
+ret = service_register_ring_buffers(tt);
 }
 else
 {
@@ -5953,13 +5957,16 @@ wintun_register_ring_buffer(struct tuntap *tt)
 tt->rw_handle.read,
 tt->rw_handle.write))
 {
-msg(M_FATAL, "ERROR:  Failed to register ring buffers: %lu", 
GetLastError());
+msg(M_NONFATAL, "Failed to register ring buffers: %lu", 
GetLastError());
+ret = false;
 }
 if (!RevertToSelf())
 {
 msg(M_FATAL, "ERROR:  RevertToSelf error: %lu", GetLastError());
 }
 }
+
+return ret;
 }
 
 static void
@@ -6367,7 +6374,10 @@ open_tun(const char *dev, const char *dev_type, const 
char *dev_node, struct tun
 
 if (tt->wintun)
 {
-wintun_register_ring_buffer(tt);
+if (!wintun_register_ring_buffer(tt))
+{
+msg(M_FATAL, "Failed to register ring buffers");
+}
 }
 else
 {
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 7/7] tun.c: reword the at_least_one_tap_win() error

2019-12-19 Thread Simon Rozman 
Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 8508b9c0..14ff0259 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -4031,7 +4031,7 @@ at_least_one_tap_win(const struct tap_reg *tap_reg)
 {
 if (!tap_reg)
 {
-msg(M_FATAL, "There are no TAP-Windows adapters on this system.  You 
should be able to create a TAP-Windows adapter by going to Start -> All 
Programs -> TAP-Windows -> Utilities -> Add a new TAP-Windows virtual ethernet 
adapter.");
+msg(M_FATAL, "There are no TAP-Windows nor Wintun adapters on this 
system.  You should be able to create an adapter by using tapctl.exe utility.");
 }
 }
 
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/7] tun.c: make Windows device lookup functions more general

2019-12-19 Thread Simon Rozman 
Since the introduction of Wintun, not all network devices in Windows are
TAP-Windows6. Rather than returning a simple true/false answer, a couple
of functions were reworked to return a corresponding struct tap_reg *
or NULL instead.

As it would make the code `tr = is_tap_win(...)` a bit awkward those
functions (both static) were renamed to better reflect their nature.

Signed-off-by: Simon Rozman 
---
 src/openvpn/tun.c | 39 ++-
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index ad497a71..053a8232 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -3976,10 +3976,10 @@ show_tap_win_adapters(int msglev, int warnlev)
 }
 
 /*
- * Confirm that GUID is a TAP-Windows adapter.
+ * Lookup a TAP-Windows or Wintun adapter by GUID.
  */
-static bool
-is_tap_win(const char *guid, const struct tap_reg *tap_reg)
+static const struct tap_reg *
+get_tap_by_guid(const char *guid, const struct tap_reg *tap_reg)
 {
 const struct tap_reg *tr;
 
@@ -3987,11 +3987,11 @@ is_tap_win(const char *guid, const struct tap_reg 
*tap_reg)
 {
 if (guid && !strcmp(tr->guid, guid))
 {
-return true;
+return tr;
 }
 }
 
-return false;
+return NULL;
 }
 
 static const char *
@@ -4010,16 +4010,16 @@ guid_to_name(const char *guid, const struct panel_reg 
*panel_reg)
 return NULL;
 }
 
-static const char *
-name_to_guid(const char *name, const struct tap_reg *tap_reg, const struct 
panel_reg *panel_reg)
+static const struct tap_reg *
+get_tap_by_name(const char *name, const struct tap_reg *tap_reg, const struct 
panel_reg *panel_reg)
 {
 const struct panel_reg *pr;
 
 for (pr = panel_reg; pr != NULL; pr = pr->next)
 {
-if (name && !strcmp(pr->name, name) && is_tap_win(pr->guid, tap_reg))
+if (name && !strcmp(pr->name, name))
 {
-return pr->guid;
+return get_tap_by_guid(pr->guid, tap_reg);
 }
 }
 
@@ -4116,6 +4116,7 @@ get_device_guid(const char *name,
 {
 struct buffer ret = alloc_buf_gc(256, gc);
 struct buffer actual = clear_buf();
+const struct tap_reg *tr;
 
 /* Make sure we have at least one TAP adapter */
 if (!tap_reg)
@@ -4131,7 +4132,8 @@ get_device_guid(const char *name,
 }
 
 /* Check if GUID was explicitly specified as --dev-node parameter */
-if (is_tap_win(name, tap_reg))
+tr = get_tap_by_guid(name, tap_reg);
+if (tr)
 {
 const char *act = guid_to_name(name, panel_reg);
 buf_printf(, "%s", name);
@@ -4148,11 +4150,11 @@ get_device_guid(const char *name,
 
 /* Lookup TAP adapter in network connections list */
 {
-const char *guid = name_to_guid(name, tap_reg, panel_reg);
-if (guid)
+tr = get_tap_by_name(name, tap_reg, panel_reg);
+if (tr)
 {
 buf_printf(, "%s", name);
-buf_printf(, "%s", guid);
+buf_printf(, "%s", tr->guid);
 return BSTR();
 }
 }
@@ -4696,11 +4698,14 @@ get_adapter_index_flexible(const char *name)  /* actual 
name or GUID */
 {
 const struct tap_reg *tap_reg = get_tap_reg();
 const struct panel_reg *panel_reg = get_panel_reg();
-const char *guid = name_to_guid(name, tap_reg, panel_reg);
-index = get_adapter_index_method_1(guid);
-if (index == TUN_ADAPTER_INDEX_INVALID)
+const struct tap_reg *tr = get_tap_by_name(name, tap_reg, panel_reg);
+if (tr)
 {
-index = get_adapter_index_method_2(guid);
+index = get_adapter_index_method_1(tr->guid);
+if (index == TUN_ADAPTER_INDEX_INVALID)
+{
+index = get_adapter_index_method_2(tr->guid);
+}
 }
 }
 if (index == TUN_ADAPTER_INDEX_INVALID)
-- 
2.24.1.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] wintun: set adapter properties via interactive service

2019-12-17 Thread Simon Rozman 
From: Lev Stipakov 

Since Wintun doesn't do DHCP, use interactive service
calls to set up adapter properties.

This also fixes bug in previously unused IPv4 code of
do_address_service():

 - ipv4 address must be in network byte order
 - prefix length cannot be hardcoded /32 but
 must be calculated from netmask

Signed-off-by: Lev Stipakov 
Acked-by: Simon Rozman 
---
 src/openvpn/route.c |  2 +-
 src/openvpn/route.h |  3 +-
 src/openvpn/tun.c   | 75 +++--
 3 files changed, 61 insertions(+), 19 deletions(-)

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 97e90e56..cc6d5519 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3019,7 +3019,7 @@ out:
 return ret;
 }
 
-static bool
+bool
 do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct 
tuntap *tt)
 {
 DWORD if_index = windows_route_find_if_index(r, tt);
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index 2e68091c..27b652cd 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -321,7 +321,8 @@ void setenv_routes(struct env_set *es, const struct 
route_list *rl);
 
 void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6);
 
-
+bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r,
+   const struct tuntap *tt);
 
 bool is_special_addr(const char *addr_str);
 
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 77d84fb2..32f4f483 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -109,8 +109,8 @@ do_address_service(const bool add, const short family, 
const struct tuntap *tt)
 
 if (addr.family == AF_INET)
 {
-addr.address.ipv4.s_addr = tt->local;
-addr.prefix_len = 32;
+addr.address.ipv4.s_addr = htonl(tt->local);
+addr.prefix_len = netmask_to_netbits2(tt->adapter_netmask);
 }
 else
 {
@@ -139,13 +139,15 @@ out:
 }
 
 static bool
-do_dns6_service(bool add, const struct tuntap *tt)
+do_dns_service(bool add, const short family, const struct tuntap *tt)
 {
 bool ret = false;
 ack_message_t ack;
 struct gc_arena gc = gc_new();
 HANDLE pipe = tt->options.msg_channel;
-int addr_len = add ? tt->options.dns6_len : 0;
+int len = family == AF_INET6 ? tt->options.dns6_len : tt->options.dns_len;
+int addr_len = add ? len : 0;
+const char *ip_proto_name = family == AF_INET6 ? "IPv6" : "IPv4";
 
 if (addr_len == 0 && add) /* no addresses to add */
 {
@@ -160,7 +162,7 @@ do_dns6_service(bool add, const struct tuntap *tt)
 },
 .iface = { .index = tt->adapter_index, .name = "" },
 .domains = "",
-.family = AF_INET6,
+.family = family,
 .addr_len = addr_len
 };
 
@@ -172,17 +174,24 @@ do_dns6_service(bool add, const struct tuntap *tt)
 {
 addr_len = _countof(dns.addr);
 dns.addr_len = addr_len;
-msg(M_WARN, "Number of IPv6 DNS addresses sent to service truncated to 
%d",
-addr_len);
+msg(M_WARN, "Number of %s DNS addresses sent to service truncated to 
%d",
+ip_proto_name, addr_len);
 }
 
 for (int i = 0; i < addr_len; ++i)
 {
-dns.addr[i].ipv6 = tt->options.dns6[i];
+if (family == AF_INET6)
+{
+dns.addr[i].ipv6 = tt->options.dns6[i];
+}
+else
+{
+dns.addr[i].ipv4.s_addr = htonl(tt->options.dns[i]);
+}
 }
 
-msg(D_LOW, "%s IPv6 dns servers on '%s' (if_index = %d) using service",
-(add ? "Setting" : "Deleting"), dns.iface.name, dns.iface.index);
+msg(D_LOW, "%s %s dns servers on '%s' (if_index = %d) using service",
+(add ? "Setting" : "Deleting"), ip_proto_name, dns.iface.name, 
dns.iface.index);
 
 if (!send_msg_iservice(pipe, , sizeof(dns), , "TUN"))
 {
@@ -191,13 +200,13 @@ do_dns6_service(bool add, const struct tuntap *tt)
 
 if (ack.error_number != NO_ERROR)
 {
-msg(M_WARN, "TUN: %s IPv6 dns failed using service: %s [status=%u 
if_name=%s]",
-(add ? "adding" : "deleting"), strerror_win32(ack.error_number, 
),
+msg(M_WARN, "TUN: %s %s dns failed using service: %s [status=%u 
if_name=%s]",
+(add ? "adding" : "deleting"), ip_proto_name, 
strerror_win32(ack.error_number, ),
 ack.error_number, dns.iface.name);
 goto out;
 }
 
-msg(M_INFO, "IPv6 dns servers %s using service", (add ? "set" : 
"deleted"));
+msg(M_INFO, "%s dns servers %s using service", ip_proto_name, (add ? "set" 
: "deleted"));
 ret = true;
 
 out:
@@ -819,7 +828,7 @@ init_tun_post(struct tuntap *tt,
  * an extra call

Re: [Openvpn-devel] [PATCH] tun.c: refactor open_tun() implementation

2019-12-17 Thread Simon Rozman 
Hi,

> While patch looks big and scary, there are no functional changes at all,
> just tossing code around.

Indeed this looks scary. This patch chops Windows version of open_tun() into
functions. Maybe, preserve functions in the original order to help diff pair
the changes next time. Took me more than an hour to follow old and new code
side by side and compare.

> -/*
> - * Preliminaries for setting TAP-Windows adapter TCP/IP
> - * properties via --ip-win32 dynamic or --ip-win32 adaptive.
> - */
> -if (tt->did_ifconfig_setup)

The original version always ran this block of code. For Wintun adapters too.
Now, it is a part of tuntap_post_open() -> tuntap_set_ip_props() which is
invoked for TAP-Windows6 adapters only.
Since Wintun is always IPW32_SET_NETSH for the time being the
tuntap_set_ip_props() would always be noop for Wintun.

> +msg(M_INFO, "Sleeping for %d seconds...", s);
> +management_sleep(s);
> +}
> +}

The original version always slept. For Wintun adapters too. Now, it is a
part of tuntap_post_open() -> tuntap_set_connected() which is invoked for
TAP-Windows6 adapters only. When adding IPW32_SET_IPAPI support for Wintun,
we shall add this pause back.

Those were just my observations this is a tiny bit more than just a
"refactor".

BTW, the patch reindents some parts of the code (looks like editor's
auto-format after copy). The indenting will be fixed in my follow-up
uncrustify patch.

Acked-by: Simon Rozman 

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v5 5/7] wintun: interactive service support

2019-12-17 Thread Simon Rozman 
Definitely an ack. We need this for Wintun and to drop that SYSTEM token
hack.

Acked-by: Simon Rozman  

Best regards,
Simon

> -Original Message-
> From: Lev Stipakov 
> Sent: Tuesday, December 17, 2019 1:51 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH v5 5/7] wintun: interactive service
> support
> 
> From: Lev Stipakov 
> 
> Wintun requires ring buffers registration to be performed by privileged
> process. In order to use openvpn with wintun by non-Administrator, we
> need to use interactive service and shared memory to register buffers.
> 
> Openvpn process creates memory mapping object and event for send and
> receive ring and passes handles to interactive service. There handles
> are duplicated and memory mapped object is mapped into the address space
> of service process.
> Then address of mapped view and event handle is passed to wintun kernel
> driver.
> 
> After interactive service preformed registration, openvpn process maps
> memory mapped object into own address space. Thus mapped views in
> openvpn and service process represent the same memory region.
> 
> Signed-off-by: Lev Stipakov 
> ---
> 
>  While v2 has been ACKed, it had to be rebased on  top of previous patch
> in series, which required some  manual work.
> 
>  v5:
>   - rebased on top of [PATCH v8 4/7] wintun: ring buffers based I/O
> (fixed struct tun_ring layout and made DeviceIoControl result check
> more robust)
> 
>  v4:
>   - rebased on top of [PATCH v5 4/7] "wintun: ring buffers based I/O"
> 
>  v3:
>   - rebased on top of [PATCH v4 4/7] "wintun: ring buffers based I/O"
>   - added doxygen comments to ring_buffer.h
> 
>  v2:
>   - rebased on top of master
> 
>  include/openvpn-msg.h   |  10 ++
>  src/openvpn/Makefile.am |   2 +-
>  src/openvpn/openvpn.vcxproj |   2 +
>  src/openvpn/openvpn.vcxproj.filters |   8 +-
>  src/openvpn/ring_buffer.c   |  56 
>  src/openvpn/ring_buffer.h   | 104 +++
>  src/openvpn/tun.c   |  82 ++--
>  src/openvpn/tun.h   |   3 +
>  src/openvpn/win32.c |  27 
>  src/openvpn/win32.h |  46 ---
>  src/openvpnserv/Makefile.am |   3 +-
>  src/openvpnserv/interactive.c   | 141 +++-
>  src/openvpnserv/openvpnserv.vcxproj |   2 +
>  src/openvpnserv/openvpnserv.vcxproj.filters |   6 +
>  14 files changed, 399 insertions(+), 93 deletions(-)  create mode
> 100644 src/openvpn/ring_buffer.c  create mode 100644
> src/openvpn/ring_buffer.h
> 
> diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h index
> 66177a21..3ed62069 100644
> --- a/include/openvpn-msg.h
> +++ b/include/openvpn-msg.h
> @@ -39,6 +39,7 @@ typedef enum {
>  msg_del_block_dns,
>  msg_register_dns,
>  msg_enable_dhcp,
> +msg_register_ring_buffers
>  } message_type_t;
> 
>  typedef struct {
> @@ -117,4 +118,13 @@ typedef struct {
>  interface_t iface;
>  } enable_dhcp_message_t;
> 
> +typedef struct {
> +message_header_t header;
> +HANDLE device;
> +HANDLE send_ring_handle;
> +HANDLE receive_ring_handle;
> +HANDLE send_tail_moved;
> +HANDLE receive_tail_moved;
> +} register_ring_buffers_message_t;
> +
>  #endif /* ifndef OPENVPN_MSG_H_ */
> diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index
> a091ffc2..d1bb99c2 100644
> --- a/src/openvpn/Makefile.am
> +++ b/src/openvpn/Makefile.am
> @@ -138,6 +138,6 @@ openvpn_LDADD = \
>   $(OPTIONAL_SYSTEMD_LIBS) \
>   $(OPTIONAL_DL_LIBS)
>  if WIN32
> -openvpn_SOURCES += openvpn_win32_resources.rc block_dns.c block_dns.h
> +openvpn_SOURCES += openvpn_win32_resources.rc block_dns.c block_dns.h
> +ring_buffer.c ring_buffer.h
>  openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -
> lwinmm -lfwpuclnt -lrpcrt4 -lncrypt -lsetupapi  endif diff --git
> a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index
> 7446d97d..614d720a 100644
> --- a/src/openvpn/openvpn.vcxproj
> +++ b/src/openvpn/openvpn.vcxproj
> @@ -181,6 +181,7 @@
>  
>  
>  
> +
>  
>  
>  
> @@ -265,6 +266,7 @@
>  
>  
>  
> +
>  
>  
>  
> diff --git a/src/openvpn/openvpn.vcxproj.filters
> b/src/openvpn/openvpn.vcxproj.filters
> index 653e892c..41e62d14 100644
> --- a/src/openvpn/openvpn.vcxproj.filters
> +++ b/src/openvpn/openvpn.vcxproj.filters
> @@ -240,6 +

Re: [Openvpn-devel] [PATCH v8 4/7] wintun: ring buffers based I/O

2019-12-17 Thread Simon Rozman 
I have stare-reviewed the code, then run it back and forth with different
config files. Works as advertised.

Note that this patch contains controversial impersonate_as_system() which we
will remove or #ifdef in the patches to follow.

Acked-By: Simon Rozman 

Best regards,
Simon

> -Original Message-
> From: Lev Stipakov 
> Sent: Tuesday, December 17, 2019 1:44 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH v8 4/7] wintun: ring buffers based I/O
> 
> From: Lev Stipakov 
> 
> Implemented according to Wintun documentation and reference client code.
> 
> Wintun uses ring buffers to communicate between kernel driver and user
> process. Client allocates send and receive ring buffers, creates events
> and passes it to kernel driver under LocalSystem privileges.
> 
> When data is available for read, wintun modifies "tail" pointer of send
> ring and signals via event.
> User process reads data from "head" to "tail" and updates "head"
> pointer.
> 
> When user process is ready to write, it writes to receive ring, updates
> "tail" pointer and signals to kernel via event.
> 
> In openvpn code we add send ring's event to event loop.
> Before performing io wait, we compare "head" and "tail"
> pointers of send ring and if they're different, we skip io wait and
> perform read.
> 
> This also adds ring buffers support to tcp and udp server code.
> 
> Signed-off-by: Lev Stipakov 
> ---
> 
>  v8:
>   - make DeviceIoControl result check more robust
>   - fix struct tun_ring layout
> 
>  v7:
>   - fix comments (no code changes)
> 
>  v6:
>   - added a sanity check to write_wintun() to avoid
> writing malformed IPv4/6 packet, which causes
> "ring buffer is out of capacity" error.
> 
>  v5:
>   - fix crash at ring buffer registration on Win7
> (passing NULL to DeviceIOControl, reported by kitsune1)
> 
>  v4:
>   - added helper function tuntap_ring_empty()
>   - refactored event handling, got rid of separate
> event_ctl() call for wintun and send/receive_tail_moved
> members
>   - added wintun_ prefix for ring buffer variables
>   - added a comment explaining the size of wintun-specific buffers
> 
>  v3:
>   - simplified convoluted #ifdefs
>   - replaced "greater than" with "greater or equal than"
> 
>  v2:
>   - rebased on top of master
> 
>  src/openvpn/forward.c |  29 +++-
>  src/openvpn/forward.h |  38 +-
>  src/openvpn/mtcp.c|  19 -
>  src/openvpn/mudp.c|   7 +-
>  src/openvpn/options.c |   4 +-
>  src/openvpn/syshead.h |   1 +
>  src/openvpn/tun.c |  62 +++-
>  src/openvpn/tun.h | 169 +-
>  src/openvpn/win32.c   | 122 ++
>  src/openvpn/win32.h   |  50 +
>  10 files changed, 490 insertions(+), 11 deletions(-)
> 
> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index
> 8451706b..6b823613 100644
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -1256,8 +1256,24 @@ read_incoming_tun(struct context *c)
>  perf_push(PERF_READ_IN_TUN);
> 
>  c->c2.buf = c->c2.buffers->read_tun_buf;
> +
>  #ifdef _WIN32
> -read_tun_buffered(c->c1.tuntap, >c2.buf);
> +if (c->c1.tuntap->wintun)
> +{
> +read_wintun(c->c1.tuntap, >c2.buf);
> +if (c->c2.buf.len == -1)
> +{
> +register_signal(c, SIGHUP, "tun-abort");
> +c->persist.restart_sleep_seconds = 1;
> +msg(M_INFO, "Wintun read error, restarting");
> +perf_pop();
> +return;
> +}
> +}
> +else
> +{
> +read_tun_buffered(c->c1.tuntap, >c2.buf);
> +}
>  #else
>  ASSERT(buf_init(>c2.buf, FRAME_HEADROOM(>c2.frame)));
>  ASSERT(buf_safe(>c2.buf, MAX_RW_SIZE_TUN(>c2.frame))); @@ -
> 2099,6 +2115,17 @@ io_wait_dowork(struct context *c, const unsigned int
> flags)
>  tuntap |= EVENT_READ;
>  }
> 
> +#ifdef _WIN32
> +if (tuntap_is_wintun(c->c1.tuntap))
> +{
> +/*
> + * With wintun we are only interested in read event. Ring
> buffer is
> + * always ready for write, so we don't do wait.
> + */
> +tuntap = EVENT_READ;
> +}
> +#endif
> +
>  /*
>   * Configure event wait based on socket, tuntap flags.
>   */
> diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index
> 48202c07..b711ff00 100644
>

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

2019-12-17 Thread Simon Rozman 
Hi,



Lev, unfortunately, the openvpn.exe binary will still contain this hack's 
machine code and might really rise some eyebrows with anti-virus software.



Before the final release the entire SYSTEM token hack should be removed from 
the OpenVPN source.



I think it's okay to make a note in README that "--windows-driver wintun" 
works with iservice only. (Or, if user is responsible to run openvpn.exe as 
SYSTEM user himself somehow.)



Regards,

Simon



From: Lev Stipakov 
Sent: Tuesday, December 17, 2019 10:35 AM
To: Selva Nair 
Cc: Simon Rozman ; Lev Stipakov ; 
openvpn-devel 
Subject: Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O



How about compromise - let's add  "--enable-system-elevation" windows specific 
option.



 - When it is set, we print warning and elevate to SYSTEM for the single 
DeviceIOControl call



 - When it is not set and wintun is used, we run openvpn from command line via 
iservice



 - If service is missing, we print error "either use iservice 
or --enable-system-elevation (experts only)"



The ones who want to run openvpn from command line with wintun still could do 
it via psexec and it is

assumed that they know what they are doing. So why not make it simpler and add 
a option

"yes I know what I am doing and I am willing to take risks"? Also, it is safer 
to use system privilege

just for single call rather than run whole process with it.



This also will make debugging / development easier.



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

2019-12-17 Thread Simon Rozman 
Hi,

> > I am running OpenVPN on Windows using NSSM wrapper for years. I had a
> brief discussion on the Hackathon with Samuli about integrating SCM
> support directly into openvpn.exe (imagine --daemon for Windows):
> >
> > sc create OpenVPN$MyTunnel binpath= "C:\Program
> > Files\OpenVPN\bin\openvpn" --daemon --config "C:\Program
> > Files\OpenVPN\config\MyTunnel.ovpn" --log "C:\Program
> > Files\OpenVPN\log\MyTunnel.log" start= auto depend= dhcp sc start
> > OpenVPN$MyTunnel
> >
> > This would install openvpn.exe as a Windows service and run it as the
> SYSTEM user — no need for iservice, no need for SYSTEM token hack. Other
> than me, perhaps it could cover at least some of the users now running
> openvpn.exe directly.
> 
> This is not the direction I want to see us moving towards. Instead I
> want to see us daemonizing OpenVPN.exe as LOCAL SERVICE or a custom
> service user and delegate privileged operations to a separate service
> running as SYSTEM. And we already have the latter: interactive service.
> So, not even admin rights is needed in openvpn.exe, let alone SYSTEM.
> 
> IMO, the right approach on Windows is to run a bare minimal code as a
> service to get SYSTEM rights and the rest with limited privileges.

Selva, those are two different use-cases. And none is "right" or "wrong". 
OpenVPN can or should have both. :)

1. I need to run VPN tunnel as a persistent service - something that comes up 
with computer (Group Policy Client service waits for about 30 seconds on boot 
to get network access to AD server). And stays on all the time - any user 
signed in or not. I connect computers with VPN.

2. You need an openvpn.exe (or introduce some openvpn-tui.exe) to be a command 
line version of openvpn-gui.exe. Something to be run by a regular user or a 
batch script in an unprivileged context. You connect users with VPN.

If we implement both, we can obsolete SYSTEM token hack completely.

I have been playing with Lev's patches for the past few days. Tested them, 
debugged them, did some fixes. There are things to be desired like 
netsh=>ipcfg, remove or #ifdef the SYSTEM token hack... But those are design 
choices we should pursue in the future. I believe patches are mature enough to 
ack them. They should be merged into master to provide wider testing and easier 
development progress.

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

2019-12-16 Thread Simon Rozman 
Hi,

>>> TLDR:
>>> (i) stealing SYSTEM access from winlogon.exe is not a good thing to do
>> 
>> 
>> This doesn't happen for the majority of use cases - only when iservice is 
>> not used. We also
>> elevate only for the single DeviceIOControl call.
> 
> I understand. But stealing access token from winlogon.exe is a hack and not
> something I would expect to see in a trustworthy executable. Diagnostic
> and forensic tools may be justified in doing such things.

Wintun has a hardcoded check to allow ring registration from the SYSTEM user 
only.

To be honest: I am using a Windows 10 VPC in test mode with a modified Wintun 
driver installed that also allows ring registration for the members of 
Administrators group. This allows me to quickly test ideas while 
reviewing/upgrading Lev's work. I can run Visual Studio to compile openvpn.exe 
on my computer as an unprivileged user. Then have an elevated Remote Debugger 
running on the VPC and Visual Studio to remotely run openvpn.exe with debugger 
attached with a single F5 click.

Having to use OpenVPN GUI and iservice, or running openvpn.exe as service would 
require a lot more clicks to replace the binary, attach debugger etc.

As far as I am concerned, this elevation hack may be removed from the OpenVPN 
source code in the final release. However, mind that this would prevent people 
from running openvpn.exe+Wintun from the command line.

>>> +bool
>>> 
 +impersonate_as_system()
 +{
>>> 
>>> This is implemented by stealing the access token from
>>> winlogon.exe. I don't think such tricks belong to OpenVPN.
>>> It may also trip some anti-virus software.
>>> 
>>> That said, probably there are no "legitimate" ways of getting
>>> LOCAL SYSTEM rights on Windows without running a service.
>>> 
>>> Why does wintun require SYSTEM for using it? If there is a
>>> good reason for that, we should not let every admin
>>> user bypass it.
>> 
>> 
>> I'll defer it to Simon.

Unfortunately, I don't do security decisions in Wintun.

Wintun was originally designed for WireGuard. WireGuard is architectured to run 
all its tunnels as Windows services running as the SYSTEM user. Wintun's 
security is as tight as possible so the WireGuard can barely use it. I know a 
guy who is tempted to introduce a userspace binary code signature check to the 
Wintun. :)

Given the relative ease to get SYSTEM token just by being an elevated process — 
mind there's also a hack to get from non-elevated to elevated completely 
bypassing the UAC prompt as long as you are a member of Administrators — this 
SYSTEM restriction really doesn't provide considerable additional security 
compared to being a member of Administrators group.

>>> Those who really need to test OpenVPN with wintun from
>>> command prompt can use diagnostic tools available to get
>>> a cmd prompt as system (e.g., psexec). That also  makes
>>> it explicit that SYSTEM privilege is required.
>>> 
>>> In the longer run, we could provide a script to launch
>>> openvpn.exe using the interactive service. Modifying the
>>> automatic service to use interactive service for launching
>>> looks easy to do as well. Then, all privileged operations could
>>> be removed from openvpn core.
>> 
>> 
>> I think it is good not to break user experience and allow run openvpn as
>> an administrator without iservice using wintun at the expense on elevation
>> to system for single API call.
> 
> I have already said what I think of it. As an admin I wouldn't like to see
> users running processes that elevate to SYSTEM like this.

Selva, Windows is full of such hacks internally. :( This is no excuse for us 
doing the same of course. Just saying Windows is far from ideal world.

I am running OpenVPN on Windows using NSSM wrapper for years. I had a brief 
discussion on the Hackathon with Samuli about integrating SCM support directly 
into openvpn.exe (imagine --daemon for Windows):

sc create OpenVPN$MyTunnel binpath= "C:\Program Files\OpenVPN\bin\openvpn" 
--daemon --config "C:\Program Files\OpenVPN\config\MyTunnel.ovpn" --log 
"C:\Program Files\OpenVPN\log\MyTunnel.log" start= auto depend= dhcp
sc start OpenVPN$MyTunnel

This would install openvpn.exe as a Windows service and run it as the SYSTEM 
user — no need for iservice, no need for SYSTEM token hack. Other than me, 
perhaps it could cover at least some of the users now running openvpn.exe 
directly.

Regards,
Simon

smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun device

2019-11-25 Thread Simon Rozman 
I know. The tap.c code needs an upgrade, not to evaluate all drivers, but just 
compatible drivers when creating a new adapter. This speeds things a lot. 
There's a flag that needs to be changed. Somewhere deep on my TODO lists.

 

I would suggest against temporary adapters on Windows. This is OK on Linux, but 
Windows is not Linux. Apart from the time penalty you already discovered, there 
are more annoying issues with temporary adapters: adapters always get a new 
GUID on creation, making NLA think it's a new network each time. This will keep 
resetting the firewall profile assigned to the adapter and piling up network 
IDs in user registry at each connection attempt. Also, changing bindings on 
adapters don't persist (vmWare, VirtualBox, Hyper-V bindings comes to my mind)…

 

I am testing an intermediate approach to adapter management on Windows, 
inspired by Microsoft's own way how Windows handle dial-up adapters:

1.  if adapter "My VPN Connection" doesn't exist, create it.
2.  else enable it
3.  use it
4.  disable it

 

In my observation, this is the most streamlined approach on Windows. It avoids 
adapter creation burden, while still (re)creates it on demand. Disabling 
adapter when it is not in use releases the resources, removes the adapter from 
the network stack, halts the adapter, unloads the driver when the last of the 
adapters (of the same driver) is disabled… Like adapter was deleted, only its 
settings persist in registry.

 

An annoyance here is, the adapters pile up over time. On multi-user computers, 
OpenVPN GUI don't have a complete overview which one are stale (no 
corresponding .ovpn file exist anymore) to clean them. Cleaning requires 
elevation… An admin user may use Device manager to clean them, uninstaller 
should clean them. Both are not ideal. On test computers with lots of 
configuration fuss that might be a problem. On production computers this 
shouldn't be a big issue. Mind that even Hyper-V doesn't clean up adapters if 
you install and uninstall it on Windows.

 

Maybe we could save the absolute path to .ovpn file in the adapter registry to 
assign it to a particular profile. Interactive service could periodically 
delete orphaned adapters. I'm not worried about .ovpn-less tunnels: users 
running openvpn.exe specifying all settings in the command line know what 
they're doing.

 

Best regards,

Simon

 

From: Lev Stipakov  
Sent: Monday, November 25, 2019 10:04 AM
To: Selva Nair 
Cc: openvpn-devel 
Subject: Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun 
device

 

Hi,

 

(cc:ed to -devel)

 

I would vote for B and not the combination.

 

With wintun there is no backwards compatibility requirements, so we could use a 
cleaner, consistent and simpler approach (i.e B). Do not create any adapter 
during installation and dynamically create a temporary adapter at connection 
time.

 

My main concern with creating tun adapter on demand is that it is far from 
instant:

 

$ time ./tapctl.exe create --hwid wintun
{D9F56B7A-3054-4ADC-9457-61030F0B469D}

real0m2,090s

 

I don't think we want to add it to connection time.

 

Creating one persistent adapter per profile (as viscosity does for tapwindows 
and wireguard seems to do for wintun)

 

If I remember right, wireguard doesn't create persistent adapter, instead it 
adds/removes it on demand.

 

If --dev-node is specified, we open the named adapter which the user is 
supposed to have created as we do for tapwindows.

 

Yes, I plan to add support for --dev-node for wintun. 

 

-- 

-Lev



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun device

2019-11-20 Thread Simon Rozman 
Hi,

 

The Wintun doesn't create its own communication I/O device. Running a separate 
NdisRegisterDeviceEx() device came with a big can of worms, so we decided not 
to run our own, but rather piggy-back on the existing NDIS one from the 
NdisMRegisterMiniportDriver() that we tap on. Technically, we could limit it to 
a single client handle, but this device is primarily used by Windows to manage 
the adapter, therefore we must not tweak it in this direction.

 

As Lev said: Wintun adds an IOCTL call to register ring buffers and it is this 
IOCTL that has a refcounting implemented to deny secondary connection attempts. 
Unfortunately for OpenVPN, this IOCTL is restricted to privileged processes 
only. You cannot use it to detect which Wintun adapters are in use by an 
unprivileged openvpn.exe process. WireGuard is very strict about which TUN 
adapter it will use – it will never ever use a lottery to pick one.

 

We have more options here:

 

A.  Wintun adapter can be explicitly chosen by configuration only (by name 
or GUID). With tapctl.exe utility users can make an adapter with predefined 
name and put this name into .ovpn. If the Wintun adapter is not specified 
explicitly => configuration error. Less lottery; predictable tunnel-adapter 
mapping when running multiple tunnels; disturbed users because there is an 
inconsistency between TAP-Windows6 and Wintun adapter selection logic.
B.  The tapctl.exe code is in OpenVPN repo already and could be integrated 
in openvpn.exe and interactive service to create Wintun adapter on demand. But, 
you have to take responsibility to clean what you have created. Pretty much the 
same as A), but nicer for user. In the long term, I'd suggest this "create 
adapter if doesn't exist" approach even for TAP-Windows6 adapters.
C.  Use adapter media state to see if particular Wintun adapter is already 
in use or not. Mind that registering buffer also sets 
MediaConnectStateConnected, and stays connected until its client closes handle 
or dies. This allows OpenVPN to extend its "use first available adapter" 
approach to Wintun adapters.

 

Best regards,

Simon

 

From: Selva Nair  
Sent: Tuesday, November 19, 2019 7:03 PM
To: Lev Stipakov 
Cc: Lev Stipakov ; openvpn-devel 

Subject: Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun 
device

 

Hi Lev,

 

On Tue, Nov 19, 2019 at 12:23 PM Lev Stipakov mailto:lstipa...@gmail.com> > wrote:

Hi,

 

Apart from the error message, there is a larger issue especially when we use 
iservice. In that case, we have to preserve privilege separation and allowing a 
user to open a device handle in use by another has to be avoided.

 

Do you see it as a security issue when handle can be opened by another process?

 

I don't know the internals of wintun to know that for sure. 

  

 

To read / write to tunnel one needs to register ring buffers, and this call 
will fail for any other process. Am I missing something here?

 

Hopefully, Simon can confirm whether that provides a sufficient safety net.

 

Selva



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] OpenVPN 2.4.8 released

2019-11-11 Thread Simon Rozman 
Hi,

> > Is your computer perhaps behind in Windows updates? My hunch is that
> > Digicert's latest root certificate is not availabe in the Windows
> > certificate store and this causes the failure.
> >
> > Samuli
>
>thanks for the hint! but I don't know why uninstall/reinstall make
> things work?

Mind that this OpenVPN release also brings the TAP-Windows6 driver update - 
first one after some years. That's why there were no issues upgrading the 
OpenVPN in the past years.

The TAP-Windows6 driver remains loaded when there are TAP adapters present. 
Even if adapters are in the "disconnected" state. This makes upgrading the 
driver a real challenge. I would suggest disabling all TAP adapters before 
attempting the upgrade. Disabling the last of the TAP adapters will cause 
Windows kernel to unload the TAP-Windows6, allowing its upgrade.

>   our windows 7 update is stay at 2019-8, which is not very far behind.
> but we do security-only update to prevent telemetry, I don't know if
> that make difference.
>   I will try again when windows update mess quiet down. December patch
> is always good these years. hope it is the same this year.

1. Windows 7 have issues with SHA-256 signatures. In general, it works. But, 
for optimal experience you should install KB2921916 (not available via Windows 
Update). Maybe that's the reason for driver signature verification failure 
recorded in your log. Probably, this error is recorded in the log on all 
Windows 7 computers without KB2921916.

2. Mind that initial release of OpenVPN 2.4.8 is shipped using separate 
installers for Windows 7/8/8.1/Server2008R2/Server2012R2 _and_ Windows 
10/Server2016/Server2019. Please, make sure you are using the first one on 
Windows 7. We do plan to unify the installers back to a single one in future 
releases to avoid confusion.

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] travis: bump MSVC to 2019

2019-11-09 Thread Simon Rozman 
Acked-by: Simon Rozman 

Best regards,
Simon





smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 7/7] wintun: clear adapter settings on tun close

2019-11-09 Thread Simon Rozman 
Hi,

> -Original Message-
> From: Lev Stipakov [mailto:lstipa...@gmail.com]
> Sent: Thursday, November 7, 2019 6:45 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH v2 7/7] wintun: clear adapter settings on
tun
> close
> 
>  }
> +else
> +if (tt->wintun)
> +{
> +netsh_delete_address_dns(tt, false, );
> +}
>  #endif

if (tt->wintun && tt->options.msg_channel)
{
...
}
else
if (tt->ipapi_context_defined)
{
...
}
else
if (tt->wintun)
{
...
}

This construct got a bit convoluted.

Otherwise, LGTM.

Best regards,
Simon



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 6/7] wintun: set adapter properties via interactive service

2019-11-09 Thread Simon Rozman 
Hi,

> -Original Message-
> From: Lev Stipakov [mailto:lstipa...@gmail.com]
> Sent: Thursday, November 7, 2019 6:45 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH v2 6/7] wintun: set adapter properties via
> interactive service
> 
>  static bool
> -do_dns6_service(bool add, const struct tuntap *tt)
> +do_dns_service(bool add, const short family, const struct tuntap *tt)
>  {
>  bool ret = false;
>  ack_message_t ack;
>  struct gc_arena gc = gc_new();
>  HANDLE pipe = tt->options.msg_channel;
> -int addr_len = add ? tt->options.dns6_len : 0;
> +int len = family == AF_INET6 ? tt->options.dns6_len :
tt->options.dns_len;
> +int addr_len = add ? len : 0;
> +char ip_proto_name[5];
> +
> +strcpy(ip_proto_name, family == AF_INET6 ? "IPv6" : "IPv4");

const char *ip_proto_name = family == AF_INET6 ? "IPv6" : "IPv4";

... to avoid the strcpy().

The rest LGTM, so...

Acked-by: Simon Rozman 

Best regards,
Simon





smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 5/7] wintun: interactive service support

2019-11-09 Thread Simon Rozman 
Hi,

Acked-by: Simon Rozman 

Best regards,
Simon





smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 4/7] wintun: ring buffers based I/O

2019-11-09 Thread Simon Rozman 
Hi,
 
> -Original Message-
> From: Lev Stipakov [mailto:lstipa...@gmail.com]
> Sent: Thursday, November 7, 2019 6:45 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH v2 4/7] wintun: ring buffers based I/O
> 
> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index
> 8451706..0be8b6d 100644
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -1256,12 +1256,30 @@ read_incoming_tun(struct context *c)
>  perf_push(PERF_READ_IN_TUN);
> 
>  c->c2.buf = c->c2.buffers->read_tun_buf;
> +
>  #ifdef _WIN32
> -read_tun_buffered(c->c1.tuntap, >c2.buf);
> +if (c->c1.tuntap->wintun)
> +{
> +read_wintun(c->c1.tuntap, >c2.buf);
> +if (c->c2.buf.len == -1)
> +{
> +register_signal(c, SIGHUP, "tun-abort");
> +c->persist.restart_sleep_seconds = 1;
> +msg(M_INFO, "Wintun read error, restarting");
> +perf_pop();
> +return;
> +}
> +}
> +else
> +{
> +read_tun_buffered(c->c1.tuntap, >c2.buf);
>  #else
> -ASSERT(buf_init(>c2.buf, FRAME_HEADROOM(>c2.frame)));
> -ASSERT(buf_safe(>c2.buf, MAX_RW_SIZE_TUN(>c2.frame)));
> -c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(>c2.buf),
> MAX_RW_SIZE_TUN(>c2.frame));
> +ASSERT(buf_init(>c2.buf, FRAME_HEADROOM(>c2.frame)));
> +ASSERT(buf_safe(>c2.buf, MAX_RW_SIZE_TUN(>c2.frame)));
> +c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(>c2.buf),
> +MAX_RW_SIZE_TUN(>c2.frame)); #endif #ifdef _WIN32
> +}
>  #endif

This #ifdef dance is a bit convoluted. I suggest simplification.

>  #ifdef PACKET_TRUNCATION_CHECK
> @@ -2103,7 +2121,21 @@ io_wait_dowork(struct context *c, const unsigned
> int flags)
>   * Configure event wait based on socket, tuntap flags.
>   */
>  socket_set(c->c2.link_socket, c->c2.event_set, socket, (void
*)_shift,
> NULL);
> -tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)_shift,
NULL);
> +
> +#ifdef _WIN32
> +if (c->c1.tuntap && c->c1.tuntap->wintun)
> +{
> +/* add ring buffer event */
> +struct rw_handle rw = {.read = c->c1.tuntap->send_tail_moved };
> +event_ctl(c->c2.event_set, , EVENT_READ, (void *)_shift);
> +}
> +else
> +{
> +#endif
> +tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void
> +*)_shift, NULL); #ifdef _WIN32
> +}
> +#endif

This #ifdef dance is a bit convoluted. I suggest simplification.

> +static inline int
> +write_wintun(struct tuntap *tt, struct buffer *buf) {
> +struct tun_ring *ring = tt->receive_ring;
> +ULONG head = ring->head;
> +ULONG tail = ring->tail;
> +ULONG aligned_packet_size;
> +ULONG buf_space;
> +struct TUN_PACKET *packet;
> +
> +if ((head > WINTUN_RING_CAPACITY) || (tail >=
> WINTUN_RING_CAPACITY))

Should be `...head >= WINTUN_RING_CAPACITY...`

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun device

2019-11-08 Thread Simon Rozman 
Hi,

> -Original Message-
> From: Lev Stipakov [mailto:lstipa...@gmail.com]
> Sent: Thursday, November 7, 2019 6:45 PM
> To: openvpn-devel@lists.sourceforge.net
> Cc: Lev Stipakov 
> Subject: [Openvpn-devel] [PATCH v2 3/7] wintun: implement opening wintun
> device
> 
> +const static GUID GUID_DEVCLASS_NET = { 0x4d36e972L, 0xe325, 0x11ce, {
> +0xbf, 0xc1, 0x08, 0x00, 0x2b, 0xe1, 0x03, 0x18 } }; const static GUID
> +GUID_DEVINTERFACE_NET = { 0xcac88484, 0x7
515, 0x4c03, { 0x82, 0xe6,
> +0x71, 0xa8, 0x7a, 0xba, 0xc3, 0x61 } };
> +

GUID_DEVCLASS_NET is declared in devguid.h, GUID_DEVINTERFACE_NET in
ndisguid.h... No need to redefine them. However, while one could include
those SDK files, one needs to add the appropriate .lib files too. It's not
worth complicating for just a couple of GUIDs that will never ever change.
So, ACK.

The rest LGTM.

Acked-by: Simon Rozman 

Best regards,
Simon




smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files to VS2019

2019-11-08 Thread Simon Rozman 
Acked-by: Simon Rozman 

Note, the OpenSSL and other dependencies should also be built using the same
version of MSVC.

Best regards,
Simon

-Original Message-
From: Lev Stipakov [mailto:lstipa...@gmail.com] 
Sent: Thursday, November 7, 2019 6:45 PM
To: openvpn-devel@lists.sourceforge.net
Cc: Lev Stipakov 
Subject: [Openvpn-devel] [PATCH v2 1/7] Visual Studio: upgrade project files
to VS2019

From: Lev Stipakov 

Signed-off-by: Lev Stipakov 
---
 src/compat/compat.vcxproj | 12 ++--
 src/openvpn/openvpn.vcxproj   | 12 ++--
 src/openvpnmsica/openvpnmsica.vcxproj | 14 +++---
 src/openvpnserv/openvpnserv.vcxproj   | 12 ++--
 src/tapctl/tapctl.vcxproj | 14 +++---
 5 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj
index 111dacd..e388008 100644
--- a/src/compat/compat.vcxproj
+++ b/src/compat/compat.vcxproj
@@ -22,30 +22,30 @@
 {4B2E2719-E661-45D7-9203-F6F456B22F19}
 compat
 Win32Proj
-
10.0.17134.0
+10.0
   
   
   
 StaticLibrary
 MultiByte
 true
-v141
+v142
   
   
 StaticLibrary
 MultiByte
 true
-v141
+v142
   
   
 StaticLibrary
 MultiByte
-v141
+v142
   
   
 StaticLibrary
 MultiByte
-v141
+v142
   
   
   
@@ -115,4 +115,4 @@
   
   
   
-
+
\ No newline at end of file
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 42b..e77f026 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -22,30 +22,30 @@
 {29DF226E-4D4E-440F-ADAF-5829CFD4CA94}
 openvpn
 Win32Proj
-
10.0.17134.0
+10.0
   
   
   
 Application
 true
 Unicode
-v141
+v142
   
   
 Application
 true
 Unicode
-v141
+v142
   
   
 Application
 Unicode
-v141
+v142
   
   
 Application
 Unicode
-v141
+v142
   
   
   
@@ -301,4 +301,4 @@
   
   
   
-
+
\ No newline at end of file
diff --git a/src/openvpnmsica/openvpnmsica.vcxproj
b/src/openvpnmsica/openvpnmsica.vcxproj
index 5f1d699..afa4fae 100644
--- a/src/openvpnmsica/openvpnmsica.vcxproj
+++ b/src/openvpnmsica/openvpnmsica.vcxproj
@@ -31,32 +31,32 @@
 {D41AA9D6-B818-476E-992E-0E16EB86BEE2}
 Win32Proj
 openvpnmsica
-
10.0.17134.0
+10.0
   
   
   
 DynamicLibrary
 true
-v141
+v142
 Unicode
 true
   
   
 DynamicLibrary
 true
-v141
+v142
 Unicode
   
   
 DynamicLibrary
 true
-v141
+v142
 Unicode
   
   
 DynamicLibrary
 false
-v141
+v142
 true
 Unicode
 true
@@ -64,14 +64,14 @@
   
 DynamicLibrary
 false
-v141
+v142
 true
 Unicode
   
   
 DynamicLibrary
 false
-v141
+v142
 true
 Unicode
   
diff --git a/src/openvpnserv/openvpnserv.vcxproj
b/src/openvpnserv/openvpnserv.vcxproj
index 7407757..7061b7b 100644
--- a/src/openvpnserv/openvpnserv.vcxproj
+++ b/src/openvpnserv/openvpnserv.vcxproj
@@ -22,30 +22,30 @@
 {9C91EE0B-817D-420A-A1E6-15A5A9D98BAD}
 openvpnserv
 Win32Proj
-
10.0.17134.0
+10.0
   
   
   
 Application
 Unicode
 true
-v141
+v142
   
   
 Application
 Unicode
 true
-v141
+v142
   
   
 Application
 Unicode
-v141
+v142
   
   
 Application
 Unicode
-v141
+v142
   
   
   
@@ -139,4 +139,4 @@
   
   
   
-
+
\ No newline at end of file
diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj
index 5c1983b..1d593fc 100644
--- a/src/tapctl/tapctl.vcxproj
+++ b/src/tapctl/tapctl.vcxproj
@@ -31,32 +31,32 @@
 {A06436E7-D576-490D-8BA0-0751D920334A}
 Win32Proj
 tapctl
-
10.0.17134.0
+10.0
   
   
   
 Application
 true
-v141
+v142
 Unicode
 true
   
   
 Application
 true
-v141
+v142
 Unicode
   
   
 Application
 true
-v141
+v142
 Unicode
   
   
 Application
 false
-v141
+v142
 true
 Unicode
 true
@@ -64,14 +64,14 @@
   
 Application
 false
-v141
+v142
 true
 Unicode
   
   
 Application
 false
-v141
+v142
 true
 Unicode
   
-- 
2.7.4



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support

2019-11-07 Thread Simon Rozman 
I revoke this “master.c” idea. It makes incremental compiling ridiculously 
slow. It might work for production builds, but definitely not for development.

 

Best regards,

Simon

 

From: Simon Rozman [mailto:si...@rozman.si] 
Sent: Thursday, November 7, 2019 2:06 PM
To: 'Lev Stipakov' ; 'Gert Doering' 
Cc: 'Antonio Quartulli' ; 'openvpn-devel' 

Subject: Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging 
support

 

We could introduce a master.c file which would include:

 

#include "argv.c"

#include "auth_token.c"

#include "base64.c"

#include "block_dns.c"

#include "buffer.c"

.

.

.

#include "status.c"

#include "tls_crypt.c"

#include "tun.c"

#include "win32.c"

 

And then have Makefile.ac and MSVC project files compile the master.c only.

 

Best regards,

Simon

 

 

Besides this, we need to fix this whole MSVC mess - all other platforms
are just done with "add new source file to the Makefile.ac" and done
(including mingw builds), and then MSVC is broken again, and this will
happen again and again.   


Is there no reasonable way to build these project files from Makefile.ac?

 

I see no reasonable way. Selva, Simon - opinions?

 

We could probably have a templatized project file and script which inserts 
source files to there

based on content of Makefile.ac, but I don't like it. I consider necessity of 
modifying VS project

a lesser evil. 

 

(you open it and it just works)

 

-Lev



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] msvc: Add vlan.c/h

2019-11-07 Thread Simon Rozman 
This upgrades 99f28081477ca325a14b13c38abec2c9b619eb01 to support MSVC
building.

Signed-off-by: Simon Rozman 
---
 src/openvpn/openvpn.vcxproj | 2 ++
 src/openvpn/openvpn.vcxproj.filters | 6 ++
 2 files changed, 8 insertions(+)

diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 85af466f..48e8e140 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -196,6 +196,7 @@
 
 
 
+
 
   
   
@@ -283,6 +284,7 @@
 
 
 
+
 
   
   
diff --git a/src/openvpn/openvpn.vcxproj.filters 
b/src/openvpn/openvpn.vcxproj.filters
index e6068aff..653e892c 100644
--- a/src/openvpn/openvpn.vcxproj.filters
+++ b/src/openvpn/openvpn.vcxproj.filters
@@ -237,6 +237,9 @@
 
   Source Files
 
+
+  Source Files
+
   
   
 
@@ -494,6 +497,9 @@
 
   Header Files
 
+
+  Header Files
+
   
   
 
-- 
2.23.0.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: VLAN: add basic VLAN tagging support

2019-11-07 Thread Simon Rozman 
We could introduce a master.c file which would include:



#include "argv.c"

#include "auth_token.c"

#include "base64.c"

#include "block_dns.c"

#include "buffer.c"

.

.

.

#include "status.c"

#include "tls_crypt.c"

#include "tun.c"

#include "win32.c"



And then have Makefile.ac and MSVC project files compile the master.c only.



Best regards,

Simon





Besides this, we need to fix this whole MSVC mess - all other platforms
are just done with "add new source file to the Makefile.ac" and done
(including mingw builds), and then MSVC is broken again, and this will
happen again and again.


Is there no reasonable way to build these project files from Makefile.ac?



I see no reasonable way. Selva, Simon - opinions?



We could probably have a templatized project file and script which inserts 
source files to there

based on content of Makefile.ac, but I don't like it. I consider necessity of 
modifying VS project

a lesser evil.



(you open it and it just works)



-Lev



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] OpenVPN 2.4.8 released

2019-11-03 Thread Simon Rozman 
Hi Ton,

You can also use pnputil.exe (in an elevated command prompt) to check version, 
uninstall, and/or install TAP driver manually. The pnputil is a stock command 
line utility for driver management on all Windows.

I advise you use pnputil to list all your installed TAP-Windows6 drivers - yes, 
there may be more than one version installed.  Carefully uninstall all 
TAP-Windows6 drivers. "Carefully" in a sense that you pay extra attention to 
delete oem.inf entries corresponding to the TAP-Windows6, and not your 
graphics card or disk controller.  Note that network interface settings are 
stored elsewhere in registry and uninstalling the driver will not delete them. 
Your TAP interfaces will just disappear for a while. You already noticed that 
phenomena before.

Next, install the latest driver - you can use the official installer. Or - if 
you already have it installed - find a copy of the driver in C:\Program 
Files\TAP-Windows6\driver (your path may vary) and use pnputil to install the 
driver. Or - right click on the .inf file and select Install. Your TAP 
interfaces should reappear.

Also, since you're troubleshooting, I'd strongly advise you to reboot in 
between.

Best regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] msvc: OpenSSL 1.1.x support

2019-10-30 Thread Simon Rozman 
Hi,

Unfortunately, I have no Visual Studio 2017 available any more. So, I had to 
upgrade the openvpn-build and openvpn to build with VS2019 first.

Tested with OpenSSL 1.1.1d and this patch is indeed required to build 
openvpn.exe.

Acked-by: Simon Rozman 

Best regards,
Simon

On 17.10.2019, 14:27, "Lev Stipakov"  wrote:

Since we release Windows client with OpenSSL 1.1.0
(and will switch to 1.1.1 in the next release),
it makes sense to use a newer version in VS build.

This patch adds msvc-specific defines which imply
that underlying OpenSSL is 1.1.x (works with 1.1.0 and 1.1.1).

Also OpenSSL library names in project file are updated.

Signed-off-by: Lev Stipakov 
---

v2: clarify in comment and commit message that
this supports 1.1.x, which is 1.1.0 and 1.1.1.


 config-msvc.h   | 37 +
 src/openvpn/openvpn.vcxproj |  8 
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/config-msvc.h b/config-msvc.h
index 45fae8b..875da4a 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -76,6 +76,43 @@
 #define HAVE_POLL 1
 
 #define HAVE_OPENSSL_ENGINE 1
+/* hardcode usage of OpenSSL 1.1.x */
+#define HAVE_EVP_MD_CTX_RESET 1
+#define HAVE_EVP_MD_CTX_FREE 1
+#define HAVE_EVP_MD_CTX_NEW 1
+#define HAVE_HMAC_CTX_RESET 1
+#define HAVE_HMAC_CTX_FREE 1
+#define HAVE_HMAC_CTX_NEW 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB 1
+#define HAVE_X509_GET0_PUBKEY 1
+#define HAVE_X509_STORE_GET0_OBJECTS 1
+#define HAVE_X509_OBJECT_FREE 1
+#define HAVE_X509_OBJECT_GET_TYPE 1
+#define HAVE_EVP_PKEY_GET0_RSA 1
+#define HAVE_EVP_PKEY_GET0_EC_KEY 1
+#define HAVE_EVP_PKEY_ID 1
+#define HAVE_EVP_PKEY_GET0_DSA 1
+#define HAVE_RSA_SET_FLAGS 1
+#define HAVE_RSA_GET0_KEY 1
+#define HAVE_RSA_SET0_KEY 1
+#define HAVE_RSA_BITS 1
+#define HAVE_DSA_GET0_PQG 1
+#define HAVE_DSA_BITS 1
+#define HAVE_RSA_METH_NEW 1
+#define HAVE_RSA_METH_FREE 1
+#define HAVE_RSA_METH_SET_PUB_ENC 1
+#define HAVE_RSA_METH_SET_PUB_DEC 1
+#define HAVE_RSA_METH_SET_PRIV_ENC 1
+#define HAVE_RSA_METH_SET_PRIV_DEC 1
+#define HAVE_RSA_METH_SET_INIT 1
+#define HAVE_RSA_METH_SET_SIGN 1
+#define HAVE_RSA_METH_SET_FINISH 1
+#define HAVE_RSA_METH_SET0_APP_DATA 1
+#define HAVE_RSA_METH_GET0_APP_DATA 1
+#define HAVE_EC_GROUP_ORDER_BITS 1
+#define OPENSSL_NO_EC 1
+#define HAVE_EVP_CIPHER_CTX_RESET 1
 
 #define PATH_SEPARATOR '\\'
 #define PATH_SEPARATOR_STR "\\"
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 3b0ee60..42b 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -78,7 +78,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
+  
legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
 
@@ -91,7 +91,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
+  
legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
 
@@ -104,7 +104,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
+  
legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
 
@@ -117,7 +117,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-help

Re: [Openvpn-devel] [PATCH] Visual Studio: make it easier to build with VS

2019-10-16 Thread Simon Rozman 
Hi,

> -Original Message-
> From: Lev Stipakov 
> Sent: Friday, October 11, 2019 11:04 AM
> To: openvpn-devel@lists.sourceforge.net
> Subject: [Openvpn-devel] [PATCH] Visual Studio: make it easier to build
> with VS
> 
> This changes default path to openvpn dependencies, so that openvpn-build
> and openvpn projects can be cloned from the same
> folder:
> 
>   c:\Users\Administrator\Projects>git clone
> g...@github.com:OpenVPN/openvpn-build.git
>   c:\Users\Administrator\Projects>git clone
> g...@github.com:OpenVPN/openvpn.git
> 
> This also removes the necessity of copying openvpn-build\msvc\image to
> %USERPROFILE%.
> 
> To use Visual Studio, clone both projects, install dependencies
> (VS2017 Community with SDK 10.0.17143, Strawberry Perl) and run:
> 
>   c:\Users\Administrator\Projects\openvpn-build\msvc\build.bat
> 
> Then just open solution file:
> 
>   c:\Users\Administrator\Projects\openvpn\openvpn.sln
> 
> Signed-off-by: Lev Stipakov 
> ---
>  src/compat/PropertySheet.props | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/compat/PropertySheet.props
> b/src/compat/PropertySheet.props index 4cad994..fdded31 100644
> --- a/src/compat/PropertySheet.props
> +++ b/src/compat/PropertySheet.props
> @@ -3,7 +3,7 @@
>
>
>  $(SolutionDir)
> -$(SOURCEBASE)\..\..\image
> +
> + $(SOURCEBASE)\..\openvpn-build\msvc\image + PROOT>
>  $(OPENVPN_DEPROOT)
>  $(OPENVPN_DEPROOT)
>  $(OPENVPN_DEPROOT)
> --
> 2.7.4
> 
> 
> 
> _______
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Acked-by: Simon Rozman 

Best regards
Simon



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] tapctl: add optional "hardware id" parameter

2019-09-23 Thread Simon Rozman 
Hi,

LGTM

Best regards,
Simon

> -Original Message-
> From: Lev Stipakov 
> Sent: Monday, September 23, 2019 11:08 AM
> To: openvpn-devel@lists.sourceforge.net
> Subject: [Openvpn-devel] [PATCH] tapctl: add optional "hardware id"
> parameter
> 
> From: Lev Stipakov 
> 
> If parameter is not specified, default value "root\tap0901"
> is used.
> 
> This enables tapctl to work with different tun drivers, like "tapoas"
> (from OpenVPN Connect) or "wintun".
> 
> Signed-off-by: Lev Stipakov 


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Summary of the community meeting (20th June 2019)

2019-07-04 Thread Simon Rozman 
Hi,

I just got from vacation and struggling to catch up on things...

> I got the Static Driver Verifier to run with help from Stephen. The
> correct (command-line) procedure is now documented here:
>
>  st>
>
> So it was bad usability after all. The tests are now running and
> hopefully I can create the merged test result package from SDV and Code
> Analysis today.

Reading your documentation, I found something odd.

I can just "cd src" and run:

msbuild tap-windows6.vcxproj /target:DVL /p:Configuration=Release;Platform=x64

And it produces tap0901.DVL.XML just fine. No need to jump into IDE and 
click-click-click to build it.

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] Summary of the community meeting (20th June 2019)

2019-06-21 Thread Simon Rozman 
(21:04:58) mattock: assuming Microsoft's systems are happy with the test 
submission package, that is
(21:05:12) mattock: they _should_ be, but we have not tested submitting 
anything yes

1. Do the SDV and DVL to get tap901.DVL.xml.
2. Compile the driver and EV sign it. Save PDBs too.
3. Deploy the driver on test computers (including tap901.DVL.xml, remember?).
4. Do the WHLK.
5. When creating submission package, add the driver binaries and PDBs (on HLK 
Studio submission page).
6. Submit the driver to Microsoft WHQL.
7. Miscrosoft should return you a WHQL signed driver in about 10 minutes.

(21:07:09) mattock: worst case scenario is that I have to reinstall the HLK 
client as Windows Server 2019 core _if_ Microsoft is not happy with the 
"Operate in Server Core" having been run on a virtual machine, or on some old 
i5 laptop which does not have the required 4 physical processor cores

Microsoft is fine with that test being run on a virtual Windows Server 2019 
Core in Wintun case. And this test is pretty straight forward - just checks 
that driver loads and adapter responds, it doesn't need to be connected and 
have traffic. Use devcon to make a single TAP adapter on the Server Core. No 
need to have a running OpenVPN connection for this test to pass.

(21:14:42) mattock: I also finally ate our own dogfood and installer OpenVPN on 
the virtual host running the HLK controller so that I can access the HLK 
controller and clients remotely, which speeds the testing up quite a bit

Not a good idea, as WHLK tests can and will interfere with all TAP-Windows6 
adapters on test computers. Not just the one that is being tested. Expect 
OpenVPN connections to flicker or die. Just use it to access controller server 
only. I never experienced any issues requiring intervention on test computers.

Best regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add developer notes URL for openvpnmsica.dll

2019-02-24 Thread Simon Rozman 
This patch follows Gert's recommendations from [openvpn-devel].

Signed-off-by: Simon Rozman 
Message-ID: <201901181957.x0ijvlq2003...@chekov.greenie.muc.de>
---
 src/openvpnmsica/dllmain.c  | 1 +
 src/openvpnmsica/msica_op.c | 1 +
 src/openvpnmsica/msica_op.h | 1 +
 src/openvpnmsica/msiex.c| 1 +
 src/openvpnmsica/msiex.h| 1 +
 src/openvpnmsica/openvpnmsica.c | 1 +
 src/openvpnmsica/openvpnmsica.h | 1 +
 7 files changed, 7 insertions(+)

diff --git a/src/openvpnmsica/dllmain.c b/src/openvpnmsica/dllmain.c
index 5e29f44c..201fd9af 100644
--- a/src/openvpnmsica/dllmain.c
+++ b/src/openvpnmsica/dllmain.c
@@ -1,5 +1,6 @@
 /*
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
diff --git a/src/openvpnmsica/msica_op.c b/src/openvpnmsica/msica_op.c
index 8912e92a..3b9878dc 100644
--- a/src/openvpnmsica/msica_op.c
+++ b/src/openvpnmsica/msica_op.c
@@ -1,5 +1,6 @@
 /*
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
diff --git a/src/openvpnmsica/msica_op.h b/src/openvpnmsica/msica_op.h
index 7ce80519..eaf7596c 100644
--- a/src/openvpnmsica/msica_op.h
+++ b/src/openvpnmsica/msica_op.h
@@ -1,5 +1,6 @@
 /*
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
diff --git a/src/openvpnmsica/msiex.c b/src/openvpnmsica/msiex.c
index 7e2bed3e..00265d04 100644
--- a/src/openvpnmsica/msiex.c
+++ b/src/openvpnmsica/msiex.c
@@ -1,5 +1,6 @@
 /*
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
diff --git a/src/openvpnmsica/msiex.h b/src/openvpnmsica/msiex.h
index e9f98377..d819b875 100644
--- a/src/openvpnmsica/msiex.h
+++ b/src/openvpnmsica/msiex.h
@@ -1,5 +1,6 @@
 /*
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index b134bc9b..f5ad2295 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -1,5 +1,6 @@
 /*
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
diff --git a/src/openvpnmsica/openvpnmsica.h b/src/openvpnmsica/openvpnmsica.h
index d6a09127..1486c043 100644
--- a/src/openvpnmsica/openvpnmsica.h
+++ b/src/openvpnmsica/openvpnmsica.h
@@ -1,5 +1,6 @@
 /*
  *  openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to 
MSI packages
+ *  https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
-- 
2.19.0.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Limit tapctl.exe and openvpnmsica.dll to TAP-Windows6 adapters only

2019-02-24 Thread Simon Rozman 
Note: Hardware ID check is used selectively. When naming the adapter, we
still need to check all existing adapters to prevent duplicate names.
When listing or removing adapters by name, the operation is limited to
TUN-Windows6 adapters only.

This patch follows Gert's recommendations from [openvpn-devel].

Signed-off-by: Simon Rozman 
Message-ID: <20190120130813.gy...@greenie.muc.de>
---
 src/openvpnmsica/msica_op.c | 16 
 src/openvpnmsica/openvpnmsica.c | 69 +--
 src/tapctl/main.c   | 20 -
 src/tapctl/tap.c| 72 -
 src/tapctl/tap.h|  8 +++-
 5 files changed, 89 insertions(+), 96 deletions(-)

diff --git a/src/openvpnmsica/msica_op.c b/src/openvpnmsica/msica_op.c
index fec1ef8a..8912e92a 100644
--- a/src/openvpnmsica/msica_op.c
+++ b/src/openvpnmsica/msica_op.c
@@ -443,9 +443,9 @@ msica_op_tap_interface_create_exec(
 }
 }
 
-/* Get available network interfaces. */
+/* Get all available network interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
-DWORD dwResult = tap_list_interfaces(NULL, );
+DWORD dwResult = tap_list_interfaces(NULL, , TRUE);
 if (dwResult == ERROR_SUCCESS)
 {
 /* Does interface exist? */
@@ -598,9 +598,9 @@ msica_op_tap_interface_delete_by_name_exec(
 }
 }
 
-/* Get available network interfaces. */
+/* Get available TUN/TAP interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
-DWORD dwResult = tap_list_interfaces(NULL, );
+DWORD dwResult = tap_list_interfaces(NULL, , FALSE);
 if (dwResult == ERROR_SUCCESS)
 {
 /* Does interface exist? */
@@ -656,9 +656,9 @@ msica_op_tap_interface_delete_by_guid_exec(
 }
 }
 
-/* Get available network interfaces. */
+/* Get all available interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
-DWORD dwResult = tap_list_interfaces(NULL, );
+DWORD dwResult = tap_list_interfaces(NULL, , TRUE);
 if (dwResult == ERROR_SUCCESS)
 {
 /* Does interface exist? */
@@ -715,9 +715,9 @@ msica_op_tap_interface_set_name_exec(
 }
 }
 
-/* Get available network interfaces. */
+/* Get all available network interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
-DWORD dwResult = tap_list_interfaces(NULL, );
+DWORD dwResult = tap_list_interfaces(NULL, , TRUE);
 if (dwResult == ERROR_SUCCESS)
 {
 /* Does interface exist? */
diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 2477e81a..b134bc9b 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -475,9 +475,9 @@ FindTAPInterfaces(_In_ MSIHANDLE hInstall)
 
 OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
 
-/* Get available network interfaces. */
+/* Get all TUN/TAP network interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
-uiResult = tap_list_interfaces(NULL, );
+uiResult = tap_list_interfaces(NULL, , FALSE);
 if (uiResult != ERROR_SUCCESS)
 {
 goto cleanup_CoInitialize;
@@ -516,58 +516,15 @@ FindTAPInterfaces(_In_ MSIHANDLE hInstall)
 }
 }
 
-/* Enumerate interfaces. */
-struct interface_node
+if (pInterfaceList != NULL)
 {
-const struct tap_interface_node *iface;
-struct interface_node *next;
-} *interfaces_head = NULL, *interfaces_tail = NULL;
-size_t interface_count = 0;
-MSIHANDLE hRecord = MsiCreateRecord(1);
-for (struct tap_interface_node *pInterface = pInterfaceList; pInterface; 
pInterface = pInterface->pNext)
-{
-for (LPCTSTR hwid = pInterface->szzHardwareIDs; hwid[0]; hwid += 
_tcslen(hwid) + 1)
+/* Count interfaces. */
+size_t interface_count = 0;
+for (struct tap_interface_node *pInterface = pInterfaceList; 
pInterface; pInterface = pInterface->pNext)
 {
-if (_tcsicmp(hwid, TEXT(TAP_WIN_COMPONENT_ID)) == 0
-|| _tcsicmp(hwid, TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID)) 
== 0)
-{
-/* TAP interface found. */
-
-/* Report the GUID of the interface to installer. */
-LPOLESTR szInterfaceId = NULL;
-StringFromIID((REFIID)>guid, );
-MsiRecordSetString(hRecord, 1, szInterfaceId);
-MsiProcessMessage(hInstall, INSTALLMESSAGE_ACTIONDATA, 
hRecord);
-CoTaskMemFree(szInterfaceId);
-
-/* Append interface to the list. */
-struct interface_node *node = (struct interface_node 
*)malloc(sizeof(struct interface_node));
-if (node == NULL)
-{
-MsiCloseHandle(hRecord);
-msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, 
sizeof(struct interface_node));
-

[Openvpn-devel] [PATCH] Refactor OpenVPNService state detection code

2019-02-24 Thread Simon Rozman 
The code was standardized to avoid "E1072: a declaration cannot have a
label" warning of Visual Studio 2017 IntelliSense.

Furthermore, a comment explaining what `dwStartType <=
SERVICE_AUTO_START` condition is about.

This patch follows Gert's recommendations from [openvpn-devel].

Signed-off-by: Simon Rozman 
Message-ID: <201901181944.x0ijiguv003...@chekov.greenie.muc.de>
---
 src/openvpnmsica/openvpnmsica.c | 59 +
 1 file changed, 31 insertions(+), 28 deletions(-)

diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 00ed2765..2477e81a 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -365,40 +365,42 @@ openvpnmsica_set_openvpnserv_state(_In_ MSIHANDLE 
hInstall)
 /* Query service status. */
 SERVICE_STATUS_PROCESS ssp;
 DWORD dwBufSize;
-if (!QueryServiceStatusEx(hService, SC_STATUS_PROCESS_INFO, (LPBYTE), 
sizeof(ssp), ))
+if (QueryServiceStatusEx(hService, SC_STATUS_PROCESS_INFO, (LPBYTE), 
sizeof(ssp), ))
 {
-uiResult = GetLastError();
-msg(M_NONFATAL | M_ERRNO, "%s: 
QueryServiceStatusEx(\"OpenVPNService\") failed", __FUNCTION__);
-goto finish_QueryServiceStatusEx;
-}
-
-switch (ssp.dwCurrentState)
-{
-case SERVICE_START_PENDING:
-case SERVICE_RUNNING:
-case SERVICE_STOP_PENDING:
-case SERVICE_PAUSE_PENDING:
-case SERVICE_PAUSED:
-case SERVICE_CONTINUE_PENDING:
+switch (ssp.dwCurrentState)
 {
-/* Set OPENVPNSERVICE property to service PID. */
-TCHAR szPID[10 /*MAXDWORD in decimal*/ + 1 /*terminator*/];
-_stprintf_s(
-szPID, _countof(szPID),
-TEXT("%u"),
-ssp.dwProcessId);
-
-uiResult = MsiSetProperty(hInstall, TEXT("OPENVPNSERVICE"), szPID);
-if (uiResult != ERROR_SUCCESS)
+case SERVICE_START_PENDING:
+case SERVICE_RUNNING:
+case SERVICE_STOP_PENDING:
+case SERVICE_PAUSE_PENDING:
+case SERVICE_PAUSED:
+case SERVICE_CONTINUE_PENDING:
 {
-SetLastError(uiResult); /* MSDN does not mention 
MsiSetProperty() to set GetLastError(). But we do have an error code. Set last 
error manually. */
-msg(M_NONFATAL | M_ERRNO, "%s: 
MsiSetProperty(\"OPENVPNSERVICE\") failed", __FUNCTION__);
+/* Service is started (kind of). Set OPENVPNSERVICE property 
to service PID. */
+TCHAR szPID[10 /*MAXDWORD in decimal*/ + 1 /*terminator*/];
+_stprintf_s(
+szPID, _countof(szPID),
+TEXT("%u"),
+ssp.dwProcessId);
+
+uiResult = MsiSetProperty(hInstall, TEXT("OPENVPNSERVICE"), 
szPID);
+if (uiResult != ERROR_SUCCESS)
+{
+SetLastError(uiResult); /* MSDN does not mention 
MsiSetProperty() to set GetLastError(). But we do have an error code. Set last 
error manually. */
+msg(M_NONFATAL | M_ERRNO, "%s: 
MsiSetProperty(\"OPENVPNSERVICE\") failed", __FUNCTION__);
+}
+
+/* We know user is using the service. Skip auto-start setting 
check. */
+goto cleanup_OpenService;
 }
-goto cleanup_OpenService;
+break;
 }
-break;
 }
-finish_QueryServiceStatusEx:;
+else
+{
+uiResult = GetLastError();
+msg(M_NONFATAL | M_ERRNO, "%s: 
QueryServiceStatusEx(\"OpenVPNService\") failed", __FUNCTION__);
+}
 
 /* Service is not started. Is it set to auto-start? */
 /* MSDN describes the maximum buffer size for QueryServiceConfig() to be 
8kB. */
@@ -415,6 +417,7 @@ finish_QueryServiceStatusEx:;
 
 if (pQsc->dwStartType <= SERVICE_AUTO_START)
 {
+/* Service is set to auto-start. Set OPENVPNSERVICE property to its 
path. */
 uiResult = MsiSetProperty(hInstall, TEXT("OPENVPNSERVICE"), 
pQsc->lpBinaryPathName);
 if (uiResult != ERROR_SUCCESS)
 {
-- 
2.19.0.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add user manual and developer notes URL for tapctl.exe

2019-02-24 Thread Simon Rozman 
This patch follows Gert's recommendations from [openvpn-devel].

Signed-off-by: Simon Rozman 
Message-ID: <20190117155829.ga92...@greenie.muc.de>
---
 src/tapctl/basic.h | 1 +
 src/tapctl/error.c | 1 +
 src/tapctl/error.h | 1 +
 src/tapctl/main.c  | 1 +
 src/tapctl/tap.c   | 1 +
 src/tapctl/tap.h   | 1 +
 6 files changed, 6 insertions(+)

diff --git a/src/tapctl/basic.h b/src/tapctl/basic.h
index 3469cb1c..bfbcc30d 100644
--- a/src/tapctl/basic.h
+++ b/src/tapctl/basic.h
@@ -1,5 +1,6 @@
 /*
  *  basic -- Basic macros
+ *   https://community.openvpn.net/openvpn/wiki/Tapctl
  *
  *  Copyright (C) 2002-2018 OpenVPN Inc 
  *  Copyright (C) 2018 Simon Rozman 
diff --git a/src/tapctl/error.c b/src/tapctl/error.c
index 42ab6ccb..d1f77d20 100644
--- a/src/tapctl/error.c
+++ b/src/tapctl/error.c
@@ -1,5 +1,6 @@
 /*
  *  error -- OpenVPN compatible error reporting API
+ *   https://community.openvpn.net/openvpn/wiki/Tapctl
  *
  *  Copyright (C) 2002-2018 OpenVPN Inc 
  *  Copyright (C) 2018 Simon Rozman 
diff --git a/src/tapctl/error.h b/src/tapctl/error.h
index 1ac9b835..924cbbe8 100644
--- a/src/tapctl/error.h
+++ b/src/tapctl/error.h
@@ -1,5 +1,6 @@
 /*
  *  error -- OpenVPN compatible error reporting API
+ *   https://community.openvpn.net/openvpn/wiki/Tapctl
  *
  *  Copyright (C) 2002-2018 OpenVPN Inc 
  *  Copyright (C) 2018 Simon Rozman 
diff --git a/src/tapctl/main.c b/src/tapctl/main.c
index 5e6e1752..295366b4 100644
--- a/src/tapctl/main.c
+++ b/src/tapctl/main.c
@@ -1,5 +1,6 @@
 /*
  *  tapctl -- Utility to manipulate TUN/TAP interfaces on Windows
+ *https://community.openvpn.net/openvpn/wiki/Tapctl
  *
  *  Copyright (C) 2002-2018 OpenVPN Inc 
  *  Copyright (C) 2008-2013 David Sommerseth 
diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index ba80237f..b2cb2dca 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -1,5 +1,6 @@
 /*
  *  tapctl -- Utility to manipulate TUN/TAP interfaces on Windows
+ *https://community.openvpn.net/openvpn/wiki/Tapctl
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
diff --git a/src/tapctl/tap.h b/src/tapctl/tap.h
index 39dc28b0..c09c4766 100644
--- a/src/tapctl/tap.h
+++ b/src/tapctl/tap.h
@@ -1,5 +1,6 @@
 /*
  *  tapctl -- Utility to manipulate TUN/TAP interfaces on Windows
+ *https://community.openvpn.net/openvpn/wiki/Tapctl
  *
  *  Copyright (C) 2018 Simon Rozman 
  *
-- 
2.19.0.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Add NULL checks

2019-02-24 Thread Simon Rozman 
Extra NULL checks were added after malloc() calls to display out-of-
memory error and try to exit gracefully.

Function msica_op_create_*() now return NULL in out-of-memory condition
too. Since their output is directly used in msica_op_seq_add_head() and
msica_op_seq_add_tail() functions, later were extended to check for NULL
pointer arguments.

This patch follows Gert's recommendations from [openvpn-devel].

Signed-off-by: Simon Rozman 
Message-ID: <20190117155829.ga92...@greenie.muc.de>
---
 src/openvpnmsica/dllmain.c  | 23 ++---
 src/openvpnmsica/msica_op.c | 60 +
 src/openvpnmsica/msiex.c| 36 
 src/openvpnmsica/openvpnmsica.c | 48 +++---
 src/tapctl/tap.c| 50 +++
 5 files changed, 207 insertions(+), 10 deletions(-)

diff --git a/src/openvpnmsica/dllmain.c b/src/openvpnmsica/dllmain.c
index 5f5092a0..5e29f44c 100644
--- a/src/openvpnmsica/dllmain.c
+++ b/src/openvpnmsica/dllmain.c
@@ -65,8 +65,12 @@ DllMain(
 case DLL_THREAD_ATTACH:
 {
 /* Create thread local storage data. */
-struct openvpnmsica_thread_data *s = (struct 
openvpnmsica_thread_data *)malloc(sizeof(struct openvpnmsica_thread_data));
-memset(s, 0, sizeof(struct openvpnmsica_thread_data));
+struct openvpnmsica_thread_data *s = (struct 
openvpnmsica_thread_data *)calloc(1, sizeof(struct openvpnmsica_thread_data));
+if (s == NULL)
+{
+return FALSE;
+}
+
 TlsSetValue(openvpnmsica_thread_data_idx, s);
 break;
 }
@@ -128,9 +132,18 @@ x_msg_va(const unsigned int flags, const char *format, 
va_list arglist)
 {
 /* Allocate on heap and retry. */
 char *szMessage = (char *)malloc(++iResultLen * sizeof(char));
-vsnprintf(szMessage, iResultLen, format, arglist);
-MsiRecordSetStringA(hRecordProg, 2, szMessage);
-free(szMessage);
+if (szMessage != NULL)
+{
+vsnprintf(szMessage, iResultLen, format, arglist);
+MsiRecordSetStringA(hRecordProg, 2, szMessage);
+free(szMessage);
+}
+else
+{
+/* Use stack variant anyway, but make sure it's 
zero-terminated. */
+szBufStack[_countof(szBufStack) - 1] = 0;
+MsiRecordSetStringA(hRecordProg, 2, szBufStack);
+}
 }
 }
 
diff --git a/src/openvpnmsica/msica_op.c b/src/openvpnmsica/msica_op.c
index 1ea93530..fec1ef8a 100644
--- a/src/openvpnmsica/msica_op.c
+++ b/src/openvpnmsica/msica_op.c
@@ -85,6 +85,12 @@ msica_op_create_bool(
 
 /* Create and fill operation struct. */
 struct msica_op_bool *op = (struct msica_op_bool *)malloc(sizeof(struct 
msica_op_bool));
+if (op == NULL)
+{
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, sizeof(struct 
msica_op_bool));
+return NULL;
+}
+
 op->base.type  = type;
 op->base.ticks = ticks;
 op->base.next  = next;
@@ -110,6 +116,12 @@ msica_op_create_string(
 /* Create and fill operation struct. */
 size_t value_size = (_tcslen(value) + 1) * sizeof(TCHAR);
 struct msica_op_string *op = (struct msica_op_string 
*)malloc(sizeof(struct msica_op_string) + value_size);
+if (op == NULL)
+{
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, sizeof(struct 
msica_op_string) + value_size);
+return NULL;
+}
+
 op->base.type  = type;
 op->base.ticks = ticks;
 op->base.next  = next;
@@ -142,6 +154,12 @@ msica_op_create_multistring_va(
 
 /* Create and fill operation struct. */
 struct msica_op_multistring *op = (struct msica_op_multistring 
*)malloc(sizeof(struct msica_op_multistring) + value_size);
+if (op == NULL)
+{
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, sizeof(struct 
msica_op_multistring) + value_size);
+return NULL;
+}
+
 op->base.type  = type;
 op->base.ticks = ticks;
 op->base.next  = next;
@@ -173,6 +191,12 @@ msica_op_create_guid(
 
 /* Create and fill operation struct. */
 struct msica_op_guid *op = (struct msica_op_guid *)malloc(sizeof(struct 
msica_op_guid));
+if (op == NULL)
+{
+msg(M_FATAL, "%s: malloc(%u) failed", __FUNCTION__, sizeof(struct 
msica_op_guid));
+return NULL;
+}
+
 op->base.type  = type;
 op->base.ticks = ticks;
 op->base.next  = next;
@@ -199,6 +223,12 @@ msica_op_create_guid_string(
 /* Create and fill operation struct. */
 size_t value_str_size = (_tcslen(value_str) + 1) * sizeof(TCHAR);
 struct msica_op_guid_string *op = (struct msica_op_guid_string 
*)malloc(sizeof(struct msica_op_guid_string) + value_str_size);
+if (op == NULL)

[Openvpn-devel] [PATCH] Disambiguate thread local storage references from TLS

2019-02-24 Thread Simon Rozman 
Since OpenVPN is security software, "TLS" usually stands for Transport
Layer Security.

Furthermore, repetitive copy code was refactored using a macro.

This patch follows Gert's recommendations from [openvpn-devel].

Signed-off-by: Simon Rozman 
Message-ID: <20190117155829.ga92...@greenie.muc.de>
---
 src/openvpnmsica/dllmain.c  | 30 +++---
 src/openvpnmsica/openvpnmsica.c | 20 +---
 src/openvpnmsica/openvpnmsica.h | 18 ++
 3 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/openvpnmsica/dllmain.c b/src/openvpnmsica/dllmain.c
index 50231e4c..5f5092a0 100644
--- a/src/openvpnmsica/dllmain.c
+++ b/src/openvpnmsica/dllmain.c
@@ -36,7 +36,7 @@
 #include 
 
 
-DWORD openvpnmsica_tlsidx_session = TLS_OUT_OF_INDEXES;
+DWORD openvpnmsica_thread_data_idx = TLS_OUT_OF_INDEXES;
 
 
 /**
@@ -54,9 +54,9 @@ DllMain(
 switch (dwReason)
 {
 case DLL_PROCESS_ATTACH:
-/* Allocate TLS index. */
-openvpnmsica_tlsidx_session = TlsAlloc();
-if (openvpnmsica_tlsidx_session == TLS_OUT_OF_INDEXES)
+/* Allocate thread local storage index. */
+openvpnmsica_thread_data_idx = TlsAlloc();
+if (openvpnmsica_thread_data_idx == TLS_OUT_OF_INDEXES)
 {
 return FALSE;
 }
@@ -64,25 +64,25 @@ DllMain(
 
 case DLL_THREAD_ATTACH:
 {
-/* Create TLS data. */
-struct openvpnmsica_tls_data *s = (struct openvpnmsica_tls_data 
*)malloc(sizeof(struct openvpnmsica_tls_data));
-memset(s, 0, sizeof(struct openvpnmsica_tls_data));
-TlsSetValue(openvpnmsica_tlsidx_session, s);
+/* Create thread local storage data. */
+struct openvpnmsica_thread_data *s = (struct 
openvpnmsica_thread_data *)malloc(sizeof(struct openvpnmsica_thread_data));
+memset(s, 0, sizeof(struct openvpnmsica_thread_data));
+TlsSetValue(openvpnmsica_thread_data_idx, s);
 break;
 }
 
 case DLL_PROCESS_DETACH:
-if (openvpnmsica_tlsidx_session != TLS_OUT_OF_INDEXES)
+if (openvpnmsica_thread_data_idx != TLS_OUT_OF_INDEXES)
 {
-/* Free TLS data and TLS index. */
-free(TlsGetValue(openvpnmsica_tlsidx_session));
-TlsFree(openvpnmsica_tlsidx_session);
+/* Free thread local storage data and index. */
+free(TlsGetValue(openvpnmsica_thread_data_idx));
+TlsFree(openvpnmsica_thread_data_idx);
 }
 break;
 
 case DLL_THREAD_DETACH:
-/* Free TLS data. */
-free(TlsGetValue(openvpnmsica_tlsidx_session));
+/* Free thread local storage data. */
+free(TlsGetValue(openvpnmsica_thread_data_idx));
 break;
 }
 
@@ -105,7 +105,7 @@ x_msg_va(const unsigned int flags, const char *format, 
va_list arglist)
 /* Secure last error before it is overridden. */
 DWORD dwResult = (flags & M_ERRNO) != 0 ? GetLastError() : ERROR_SUCCESS;
 
-struct openvpnmsica_tls_data *s = (struct openvpnmsica_tls_data 
*)TlsGetValue(openvpnmsica_tlsidx_session);
+struct openvpnmsica_thread_data *s = (struct openvpnmsica_thread_data 
*)TlsGetValue(openvpnmsica_thread_data_idx);
 if (s->hInstall == 0)
 {
 /* No MSI session, no fun. */
diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 3232a47c..b8108b99 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -435,9 +435,7 @@ FindSystemInfo(_In_ MSIHANDLE hInstall)
 
 BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
 
-/* Set MSI session handle in TLS. */
-struct openvpnmsica_tls_data *s = (struct openvpnmsica_tls_data 
*)TlsGetValue(openvpnmsica_tlsidx_session);
-s->hInstall = hInstall;
+OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
 
 openvpnmsica_set_driver_certification(hInstall);
 openvpnmsica_set_openvpnserv_state(hInstall);
@@ -462,9 +460,7 @@ FindTAPInterfaces(_In_ MSIHANDLE hInstall)
 UINT uiResult;
 BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
 
-/* Set MSI session handle in TLS. */
-struct openvpnmsica_tls_data *s = (struct openvpnmsica_tls_data 
*)TlsGetValue(openvpnmsica_tlsidx_session);
-s->hInstall = hInstall;
+OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);
 
 /* Get available network interfaces. */
 struct tap_interface_node *pInterfaceList = NULL;
@@ -677,9 +673,7 @@ StartOpenVPNGUI(_In_ MSIHANDLE hInstall)
 UINT uiResult;
 BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL));
 
-/* Set MSI session handle in TLS. */
-struct openvpnmsica_tls_data *s = (struct openvpnmsica_tls_data 
*)TlsGetValue(openvpnmsica_tlsidx_session);
-s->hInstall = hInstall;
+OPENVPNMSICA_SAVE_MSI_SESSION(hInstall);

Re: [Openvpn-devel] [PATCH applied] Re: Strip _stdcall suffixes (@nn) for 32-bit builds

2019-01-20 Thread Simon Rozman 
Hi,

> You really do not like this calling convention, do you?  ;-) - learned
> something new today, what "-Wl,--kill-at" does...  (while the original
> round of stdcall discussion was MSVC, here's the mingw variant)

If I was importing this library into a C/C++ project, I wouldn't mind
function name decorations at all.

However, DLL exported functions are authored in MSI package by name. Having
a different name for i386 and x64 platforms would require "#ifdefs" in WiX
XML files.



I'll explain this in the developer documentation but briefly I can explain
it here already: Consider the openvpnmsica.dll as a collection of functions
(aka "Custom Actions") the MSI installer calls to perform tasks that are not
implemented by stock MSI actions.

Some functions are completely stand-alone. FindSystemInfo() and
FindTAPInterfaces() are sequenced in the MSI package to execute early. They
perform some tests MSI is too limited to do itself, and set various MSI
properties accordingly. Later, those MSI properties are used to form
conditions in MSI. Like which version of driver to install, should
OpenVPNServ be selected to install or not, etc. The CloseOpenVPNGUI() and
StartOpenVPNGUI() do just what they say immediately when called.

Then there are other functions that form an  tuple. The  is an example of those.
They are sequenced in the MSI package like this:

1. EvaluateTAPInterfaces() executes in the first pass. It runs in the
current user context and it doesn't touch computer in any way. Well, it just
prepares a list of TAP-interface-related operations to be executed and saves
it in a temporary file. The list contains operations like: "install TAP
interface X", "delete TAP interface X", "rename TAP interface X>Y", "delete
file X", etc. Operations are implemented in msica_op.h/.c.

2. ProcessDeferredAction() runs in the so called deferred MSI execution pass
run by Windows Installer service as the SYSTEM user. It loads the list of
operations from the temporary file and executes them one by one.

Let's look at a sample operation "delete file X". Normally, this operation
does not really delete the file X. It renames it to Y instead, while adding
"delete file Y" to a separate commit list tail, and inserting "move file
Y>X" to a rollback list head. Unless MSI rollback is explicitly disabled -
in this case it just deletes the file immediately and doesn't touch
commit/rollback lists.

After all operations on the list are executed, the newly created commit and
rollback operation lists are saved to separate temporary files.

3. Should the installation succeed, the MSI calls all deferred commit
actions: This time, the ProcessDeferredAction() is called with the commit
list filename as the action parameter.

Should the installation fail, the MSI calls all deferred rollback actions in
reverse order: This time, the ProcessDeferredAction() would be called with
the rollback list filename as the action parameter.

Since execution, commit and rollback list files are of the same syntax, the
same ProcessDeferredAction() function is reused. The only detail worth
noting is that when ProcessDeferredAction() detects it is run in the
commit/rollback pass it disables the MSI rollback: this makes all sequenced
operations execute immediately and no longer bother with commit/rollback
lists.




Wow, this made a nice text to start the developer documentation of MSI
setup. If it was understandable enough. :)

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: Extend FindSystemInfo custom action to detect OpenVPNService state

2019-01-20 Thread Simon Rozman 
Hi,

> +finish_QueryServiceStatusEx:;
> +
> +// Service is not started. Is it set to auto-start?
> +// MSDN describes the maximum buffer size for QueryServiceConfig()
> to be 8kB.
> +// This is small enough to fit on stack.
> 
> .. there shouldn't be a ";" after a label, and no C++ comments... but I
> assume the uncrustify patch coming next will fix that...

The sentence following the finish_QueryServiceStatusEx label is a local
variable declaration. While MSVC and MinGW are fine with or without
semicolon, the Visual Studio 2017 IDE's IntelliSense is complaining with
"E1072: a declaration cannot have a label".

Now, I could leave that semicolon in place to keep IntelliSense false
warning away, but looking at the code I asked myself a question: "If my code
is so convoluted it produces a false warning to a bot, how convoluted it
must be for a human to understand?" False warnings are usually sign of
overcomplex or atypical code design. I have refactored the code.

> 
> Something else might not be obvious to the reader:
> 
> +if (pQsc->dwStartType <= SERVICE_AUTO_START)
> +{
> 
> so what does "lesser than AUTO_START" mean?  manual start?  no start at
> all?  Comparing for "lesser or equal" with something enum-like might
> warrant a comment /* BOOT_START = 0, SYSTEM_START = 1, AUTO_START = 2 */
> or so...  (yes, I can google this, but still).

This is a very generic test "Is driver or service set to start automatically
in any phase of the system launch?" on the Windows. I've added a comment
with a brief explanation.

A patch will follow.

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 5/5] Detect TAP interfaces with root-enumerated hardware ID

2019-01-19 Thread Simon Rozman 
Hi,

> On Tue, Oct 16, 2018 at 12:26:27PM +0200, Simon Rozman wrote:
> > This patch extends the TAP interface enumerating to detect the TAP
> > interfaces registered using "root\tap0901" hardware ID. Before, only
> > TAP interfaces with legacy "tap0901" HWID were detected by
> openvpn.exe.
> >
> > The openvpnmsica.dll and tapctl.exe install TAP interfaces using root-
> > enumerated HWIDs, and were not detected by openvpn.exe.
> 
> I do not see a specific reason to *not* apply this patch, but I'm
> wondering if you could shed some background light on the changed
> behaviour in openvpnmsica.dll and tapctl.exe?

The tapctl.exe and openvpnmsica.dll use a simplified interface installation
compared to devcon.exe/tapinstall.exe. They assume the driver is already
installed and they don't require INF file to create a TAP interface.
However, when the interface is installed this way, Windows reports its
hardware ID as "root\\tap0901". Whereas, tapinstall.exe installed TAP
interfaces report their HWID as "tap0901". That's about the only difference
I noticed.

(Tested with driver versions 9.21.x and later.)

Rather than exploring, what causes the difference and fuelled by Microsoft's
recommendation to use root-enumerated HWIDs anyway, I proposed to extend the
openvpn.exe's TAP interface detection to accept both: "tap0901" _and_
"root\\tap0901" interfaces.

> I'm not sure if we're going to care for someone who uses a 2.5 msi
> installer to set up a TAP interface and then runs a 2.3 openvpn.exe on
> top of it and wonders why it isn't finding the TAP driver - but the
> question might come up, and I like having good answers... :-)

Suggest them to remove the TAP interface and reinstall it using
tapinstall.exe. The tapinstall.exe should still be able to install 9.22 and
later TUN interfaces.

Or even better: apply this patch to 2.4 and 2.3 branches (it's a really
minor change) and ask them to compile and use the patched version of 2.3. :)

Best regards,
Simon



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: Introduce tapctl.exe utility and openvpnmsica.dll MSI CA

2019-01-19 Thread Simon Rozman 
Hi,

> (I *have* glanced over the code to see that there isn't anything that
> looks "suspicious" - and of course it does not modify openvpn code, so
> there is no risk for introducing remote exploits, crypto breaches, etc.)
> 
> I found a few things I'd like to see cleaned up eventually...

Thank you. I am reviewing your suggestions and preparing patches for them.
Stay tuned.

> Then, it would be nice if file headers had a short comment "what is this
> doing" (like, I just read through "msiex.c", and having an idea what I
> can find in there makes life easier).
> 
> Does some other patch in the series have an "overall picture" document
> that explains how the "large picture" in MSI custom DLL works?  Like,
> first happens , than , and for a silent installer 
> will be a change?  Maybe just a pointer to a MS document?

Good idea. I have put this on my TODO list. I still owe you "Administrators
Guide for OpenVPN MSI Deployment". This would make a second document:
"Developers Guide to OpenVPN MSI Setup". I should have done the later first,
to make the code review easier for you, sorry. I have so much to explain you
and so little time. :(

IIRC, we agreed, I prepare documentation at OpenVPN Wiki. After it's
published, remind me to URL it in the source code.

> I have test-run the mingw-compilede tapctl on Win10, and "tapctl list"
> "did something" (= it did not crash or complain about missing DLLs) -
> but
> it did not actually *work*.  The machine has no TAP interfaces, just one
> LAN card - and "tapctl list" prints out 2 or 10 different "LAN" adapters
> (see attached image).  Not sure this is how it should be... after I
> installed OpenVPN & had it create a TAP interface, I still have 9 times
> "LAN-Verbindung" but I also get an "Ethernet 2" now (which is correct).

"tapctl list" lists all NICs found. Including the non-TAP ones. On my
computer it shows 12, where I see only 2 in the Network Connections window.
That's normal, as Windows have separate NICs for RAS: WAN, WAN IPv6, PPPoE,
PPTP, L2TP, GRE, SSTP, etc. They all have silly names like "Local Area
Connection* " (note the asterisk in their name). They don't display
elsewhere normally.

Don't delete them with "tapctl delete" - like the "list" command lists _all_
interfaces, the "delete" can delete _any_ interface on your computer. Even
with no TAP-Windows6 driver installed.

On the other hand: "tapctl create" supports creating a TAP-Windows6
interface only.

Shall I limit the "tapctl list" and "tapctl delete" commands to the
TAP-Windows6 interfaces too? The utility is called *tap*ctl after all.

Best regards,
Simon



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [Help required] Testing MSI installations

2019-01-02 Thread Simon Rozman 
Hi,

> However, there appears to be a problem ..
> 
> https://paste.fedoraproject.org/paste/Ih2LYl0cR8YoKnI2lNwhcQ
> 
> Part 1 is the client log *with* errors using the binary from your
> installer 2.4.6-m4 dated 1/Jan/2019

The 2.4.6-m4 version is based on the current release/2.4 
 branch (with my 
MSI-specific patches applied). You should consider the 2.4.6-m4 more like a 
2.4.7-alpha than a 2.4.6.

> Part 2 is the routing before and after part 1
> 
> Part 3 is the client log *without* errors using the binary from
> the official installer 2.4.6 dated 26/Apr/2018
> 
> Both logs are for the same config file on the same machine
> Windows 7 32bit VM -- Fully upto date with MS.
> 
> Even though there are errors reported the VPN still works for both
> IPv4 and 6 with both versions of the binary.

Probably a patch between 2.4.6 from 26/Apr/2018 and 2.4.6-m4 from 1/Jan/2019 
introduced an error-level check after the netsh.exe interface ipv6 add route 
call.

Take this as a bonus: you are testing MSI setup and the 2.4.7 prerelease at the 
same time. :)

I am thinking of rebasing the 2.4.6-mX on the original 2.4.6 release from 
26/Apr/2018 to avoid confusion. Maybe package an even older release to allow 
MSI with MSI update testing.

Regards,
Simon

smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [Help required] Testing MSI installations

2018-12-20 Thread Simon Rozman 
Hi,

> Action 06:41:08: FindTAPInterfaces. Searching for TAP interfaces Action
> start 06:41:08: FindTAPInterfaces.
> CustomAction FindTAPInterfaces returned actual error code 1154 (note
> this may not be 100% accurate if translation happened inside sandbox)
> Error 1723. There is a problem with this Windows Installer package. A
> DLL required for this install to complete could not be run. Contact your
> support personnel or package vendor.  Action FindTAPInterfaces, entry:
> FindTAPInterfaces, library:
> C:\Users\IEUser\AppData\Local\Temp\MSIE9C3.tmp
> MSI (c) (DC:E4) [06:41:16:156]: Product: OpenVPN 2.4.6m3-I603 x86 --
> Error 1723. There is a problem with this Windows Installer package. A
> DLL required for this install to complete could not be run. Contact your
> support personnel or package vendor.  Action FindTAPInterfaces, entry:
> FindTAPInterfaces, library:
> C:\Users\IEUser\AppData\Local\Temp\MSIE9C3.tmp
> 
> Action ended 06:41:16: FindTAPInterfaces. Return value 3.

The "Error 1723" translates to RPC_S_SERVER_TOO_BUSY. So, this is something
new.

I'll try to reproduce it.

Regards,
Simon



smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [Help required] Testing MSI installations

2018-12-20 Thread Simon Rozman 
Hi,

> This may be a false alarm because Windows has decided this VM needs
> "some" updates .. I'll update after the reboot dance. *yawn*

Actually, setup should work with a vanilla non-updated Windows 7 too. Though
we should encourage our users to run up-to-date Windows.

Thank you very much for your report. I am downloading the IE11-Win7 image as
we speak and will test _before_ and _after_ the updates.

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [Help required] Testing MSI installations

2018-12-20 Thread Simon Rozman 
Hi,

> > The %TEMP%/openvpn-install.log is:

...

> I should mention I tested the .exe installer.

You didn't need to. The MSI packages does not setup any logging to file by
default. The EXE installer is the one who adds /l*
%TEMP%/openvpn-install.log to the msiexec command line. The
%TEMP%/openvpn-install.log is EXE-installer-specific.

Regards,
Simon




smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [Help required] Testing MSI installations

2018-12-20 Thread Simon Rozman 
Hi,

> Action 05:28:59: FindTAPInterfaces. Searching for TAP interfaces Action
> start 05:28:59: FindTAPInterfaces.
> CustomAction FindTAPInterfaces returned actual error code 1154 (note
> this may not be 100% accurate if translation happened inside sandbox)

error code 1154 = ERROR_INVALID_DLL

The error code 1154 (ERROR_INVALID_DLL) indicates, one of the DLLs required
by libopenvpnmsica.dll was missing, failed to load or it's too old (missing
some functions perhaps introduced later).

The libopenvpnmsica.dll requires the following DLLs in System32 folder:

  ADVAPI32.dll
  IPHLPAPI.DLL
  KERNEL32.dll
  msi.dll
  msvcrt.dll
  ole32.dll
  SETUPAPI.dll
  SHELL32.dll
  SHLWAPI.dll
  USER32.dll
  VERSION.dll

I'm not sure about msvcrt.dll, but the rest are stock since more or less
Windows NT, so your Windows should have them out of the box.

To be continued...

Regards,
Simon


smime.p7s
Description: S/MIME cryptographic signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

  1   2   3   >