Re: [Openvpn-devel] [PATCH] tun.c: enable using wintun driver under SYSTEM
No need to rush. I’m happy to wait until Wednesday for beta2. Cheers, Marvin Sent from my iPhone > On Aug 22, 2020, at 12:20 AM, Gert Doering wrote: > > Hi, > >> On Fri, Aug 21, 2020 at 07:37:27PM -0700, Marvin Adeff wrote: >> When will this be available as an installable (beta) msi? > > I'll merge the commit today or tomorrow (sorry for the lag on my side, > was travelling and had only limited access to "Internet and focus"). > > My plan is to do a formal "beta2" tag on Wednesday, but of course > Samuli/Lev could do a new installer ("beta1_1") earlier. > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] tun.c: enable using wintun driver under SYSTEM
Hi, On Fri, Aug 21, 2020 at 07:37:27PM -0700, Marvin Adeff wrote: > When will this be available as an installable (beta) msi? I'll merge the commit today or tomorrow (sorry for the lag on my side, was travelling and had only limited access to "Internet and focus"). My plan is to do a formal "beta2" tag on Wednesday, but of course Samuli/Lev could do a new installer ("beta1_1") earlier. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] tun.c: enable using wintun driver under SYSTEM
Hi, When will this be available as an installable (beta) msi? Marvin > On Aug 21, 2020, at 2:13 PM, Selva Nair wrote: > > Hi, > >> On Wed, Aug 19, 2020 at 3:08 AM Lev Stipakov wrote: >> From: Lev Stipakov >> >> Commit 6d19775a468 has removed SYSTEM elevation hack, >> but introduced regression - inability to use wintun without interactive >> service. >> >> Proceed with ring buffers registration even if iservice is unavailable and >> display >> relevant error message. >> >> Trac #1318 >> >> Signed-off-by: Lev Stipakov >> --- >> src/openvpn/tun.c | 30 +- >> 1 file changed, 25 insertions(+), 5 deletions(-) >> >> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c >> index 30454454..62557364 100644 >> --- a/src/openvpn/tun.c >> +++ b/src/openvpn/tun.c >> @@ -6158,12 +6158,32 @@ wintun_register_ring_buffer(struct tuntap *tt, const >> char *device_guid) >> } >> else >> { >> -msg(M_FATAL, "ERROR: Wintun requires SYSTEM privileges and >> therefore " >> - "should be used with interactive service. If you want >> to " >> - "use openvpn from command line, you need to do SYSTEM " >> - "elevation yourself (for example with psexec)."); >> -} >> +if (!register_ring_buffers(tt->hand, >> + tt->wintun_send_ring, >> + tt->wintun_receive_ring, >> + tt->rw_handle.read, >> + tt->rw_handle.write)) >> +{ >> +switch (GetLastError()) >> +{ >> +case ERROR_ACCESS_DENIED: >> +msg(M_FATAL, "ERROR: Wintun requires SYSTEM privileges >> and therefore " >> + "should be used with interactive service. >> If you want to " >> + "use openvpn from command line, you need >> to do SYSTEM " >> + "elevation yourself (for example with >> psexec)."); >> +break; >> + >> +case ERROR_ALREADY_INITIALIZED: >> +msg(M_NONFATAL, "Adapter %s is already in use", >> device_guid); >> +break; >> >> +default: >> +msg(M_NONFATAL | M_ERRNO, "Failed to register ring >> buffers"); >> +} >> +ret = false; >> +} >> + >> +} >> return ret; >> } > > Looks good and running as SYSTEM works now as expected. Tested on 64 bit > Windows 10. > > Acked-by: selva.n...@gmail.com > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] tun.c: enable using wintun driver under SYSTEM
Hi, On Wed, Aug 19, 2020 at 3:08 AM Lev Stipakov wrote: > From: Lev Stipakov > > Commit 6d19775a468 has removed SYSTEM elevation hack, > but introduced regression - inability to use wintun without interactive > service. > > Proceed with ring buffers registration even if iservice is unavailable and > display > relevant error message. > > Trac #1318 > > Signed-off-by: Lev Stipakov > --- > src/openvpn/tun.c | 30 +- > 1 file changed, 25 insertions(+), 5 deletions(-) > > diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c > index 30454454..62557364 100644 > --- a/src/openvpn/tun.c > +++ b/src/openvpn/tun.c > @@ -6158,12 +6158,32 @@ wintun_register_ring_buffer(struct tuntap *tt, > const char *device_guid) > } > else > { > -msg(M_FATAL, "ERROR: Wintun requires SYSTEM privileges and > therefore " > - "should be used with interactive service. If you > want to " > - "use openvpn from command line, you need to do > SYSTEM " > - "elevation yourself (for example with psexec)."); > -} > +if (!register_ring_buffers(tt->hand, > + tt->wintun_send_ring, > + tt->wintun_receive_ring, > + tt->rw_handle.read, > + tt->rw_handle.write)) > +{ > +switch (GetLastError()) > +{ > +case ERROR_ACCESS_DENIED: > +msg(M_FATAL, "ERROR: Wintun requires SYSTEM > privileges and therefore " > + "should be used with interactive > service. If you want to " > + "use openvpn from command line, you need > to do SYSTEM " > + "elevation yourself (for example with > psexec)."); > +break; > + > +case ERROR_ALREADY_INITIALIZED: > +msg(M_NONFATAL, "Adapter %s is already in use", > device_guid); > +break; > > +default: > +msg(M_NONFATAL | M_ERRNO, "Failed to register ring > buffers"); > +} > +ret = false; > +} > + > +} > return ret; > } > Looks good and running as SYSTEM works now as expected. Tested on 64 bit Windows 10. Acked-by: selva.n...@gmail.com ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] tun.c: enable using wintun driver under SYSTEM
From: Lev Stipakov Commit 6d19775a468 has removed SYSTEM elevation hack, but introduced regression - inability to use wintun without interactive service. Proceed with ring buffers registration even if iservice is unavailable and display relevant error message. Trac #1318 Signed-off-by: Lev Stipakov --- src/openvpn/tun.c | 30 +- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 30454454..62557364 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -6158,12 +6158,32 @@ wintun_register_ring_buffer(struct tuntap *tt, const char *device_guid) } else { -msg(M_FATAL, "ERROR: Wintun requires SYSTEM privileges and therefore " - "should be used with interactive service. If you want to " - "use openvpn from command line, you need to do SYSTEM " - "elevation yourself (for example with psexec)."); -} +if (!register_ring_buffers(tt->hand, + tt->wintun_send_ring, + tt->wintun_receive_ring, + tt->rw_handle.read, + tt->rw_handle.write)) +{ +switch (GetLastError()) +{ +case ERROR_ACCESS_DENIED: +msg(M_FATAL, "ERROR: Wintun requires SYSTEM privileges and therefore " + "should be used with interactive service. If you want to " + "use openvpn from command line, you need to do SYSTEM " + "elevation yourself (for example with psexec)."); +break; + +case ERROR_ALREADY_INITIALIZED: +msg(M_NONFATAL, "Adapter %s is already in use", device_guid); +break; +default: +msg(M_NONFATAL | M_ERRNO, "Failed to register ring buffers"); +} +ret = false; +} + +} return ret; } -- 2.17.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel