blob: 3f2ca345a66db7a17d2eec3074519e1cacad13d6 [file] [log] [blame]
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* This program allows one or more OpenVPN processes to be started
* as a service. To build, you must get the service sample from the
* Platform SDK and replace Simple.c with this file.
*
* You should also apply service.patch to
* service.c and service.h from the Platform SDK service sample.
*
* This code is designed to be built with the mingw compiler.
*/
#include "service.h"
#include <stdio.h>
#include <stdarg.h>
#include <stdbool.h>
#include <process.h>
static SERVICE_STATUS_HANDLE service;
static SERVICE_STATUS status = { .dwServiceType = SERVICE_WIN32_SHARE_PROCESS };
openvpn_service_t automatic_service = {
automatic,
TEXT(PACKAGE_NAME "ServiceLegacy"),
TEXT(PACKAGE_NAME " Legacy Service"),
TEXT(SERVICE_DEPENDENCIES),
SERVICE_DEMAND_START
};
struct security_attributes
{
SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;
};
static HANDLE exit_event = NULL;
/* clear an object */
#define CLEAR(x) memset(&(x), 0, sizeof(x))
bool
init_security_attributes_allow_all(struct security_attributes *obj)
{
CLEAR(*obj);
obj->sa.nLength = sizeof(SECURITY_ATTRIBUTES);
obj->sa.lpSecurityDescriptor = &obj->sd;
obj->sa.bInheritHandle = TRUE;
if (!InitializeSecurityDescriptor(&obj->sd, SECURITY_DESCRIPTOR_REVISION))
{
return false;
}
if (!SetSecurityDescriptorDacl(&obj->sd, TRUE, NULL, FALSE))
{
return false;
}
return true;
}
HANDLE
create_event(LPCTSTR name, bool allow_all, bool initial_state, bool manual_reset)
{
if (allow_all)
{
struct security_attributes sa;
if (!init_security_attributes_allow_all(&sa))
{
return NULL;
}
return CreateEvent(&sa.sa, (BOOL)manual_reset, (BOOL)initial_state, name);
}
else
{
return CreateEvent(NULL, (BOOL)manual_reset, (BOOL)initial_state, name);
}
}
void
close_if_open(HANDLE h)
{
if (h != NULL)
{
CloseHandle(h);
}
}
static bool
match(const WIN32_FIND_DATA *find, LPCTSTR ext)
{
if (find->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
return false;
}
if (*ext == TEXT('\0'))
{
return true;
}
/* find the pointer to that last '.' in filename and match ext against the rest */
const TCHAR *p = _tcsrchr(find->cFileName, TEXT('.'));
return p && p != find->cFileName && _tcsicmp(p + 1, ext) == 0;
}
/*
* Modify the extension on a filename.
*/
static bool
modext(LPTSTR dest, size_t size, LPCTSTR src, LPCTSTR newext)
{
size_t i;
if (size > 0 && (_tcslen(src) + 1) <= size)
{
_tcscpy(dest, src);
dest [size - 1] = TEXT('\0');
i = _tcslen(dest);
while (i-- > 0)
{
if (dest[i] == TEXT('\\'))
{
break;
}
if (dest[i] == TEXT('.'))
{
dest[i] = TEXT('\0');
break;
}
}
if (_tcslen(dest) + _tcslen(newext) + 2 <= size)
{
_tcscat(dest, TEXT("."));
_tcscat(dest, newext);
return true;
}
dest[0] = TEXT('\0');
}
return false;
}
static DWORD WINAPI
ServiceCtrlAutomatic(DWORD ctrl_code, DWORD event, LPVOID data, LPVOID ctx)
{
SERVICE_STATUS *status = ctx;
switch (ctrl_code)
{
case SERVICE_CONTROL_STOP:
status->dwCurrentState = SERVICE_STOP_PENDING;
ReportStatusToSCMgr(service, status);
if (exit_event)
{
SetEvent(exit_event);
}
return NO_ERROR;
case SERVICE_CONTROL_INTERROGATE:
return NO_ERROR;
default:
return ERROR_CALL_NOT_IMPLEMENTED;
}
}
VOID WINAPI
ServiceStartAutomaticOwn(DWORD dwArgc, LPTSTR *lpszArgv)
{
status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
ServiceStartAutomatic(dwArgc, lpszArgv);
}
VOID WINAPI
ServiceStartAutomatic(DWORD dwArgc, LPTSTR *lpszArgv)
{
DWORD error = NO_ERROR;
settings_t settings;
TCHAR event_name[256];
service = RegisterServiceCtrlHandlerEx(automatic_service.name, ServiceCtrlAutomatic, &status);
if (!service)
{
return;
}
status.dwCurrentState = SERVICE_START_PENDING;
status.dwServiceSpecificExitCode = NO_ERROR;
status.dwWin32ExitCode = NO_ERROR;
status.dwWaitHint = 3000;
if (!ReportStatusToSCMgr(service, &status))
{
MsgToEventLog(M_ERR, TEXT("ReportStatusToSCMgr #1 failed"));
goto finish;
}
/*
* Create our exit event
* This event is initially created in the non-signaled
* state. It will transition to the signaled state when
* we have received a terminate signal from the Service
* Control Manager which will cause an asynchronous call
* of ServiceStop below.
*/
openvpn_sntprintf(event_name, _countof(event_name), TEXT(PACKAGE "%s_exit_1"), service_instance);
exit_event = create_event(event_name, false, false, true);
if (!exit_event)
{
MsgToEventLog(M_ERR, TEXT("CreateEvent failed"));
goto finish;
}
/*
* If exit event is already signaled, it means we were not
* shut down properly.
*/
if (WaitForSingleObject(exit_event, 0) != WAIT_TIMEOUT)
{
MsgToEventLog(M_ERR, TEXT("Exit event is already signaled -- we were not shut down properly"));
goto finish;
}
if (!ReportStatusToSCMgr(service, &status))
{
MsgToEventLog(M_ERR, TEXT("ReportStatusToSCMgr #2 failed"));
goto finish;
}
/*
* Read info from registry in key HKLM\SOFTWARE\OpenVPN
*/
error = GetOpenvpnSettings(&settings);
if (error != ERROR_SUCCESS)
{
goto finish;
}
/*
* Instantiate an OpenVPN process for each configuration
* file found.
*/
{
WIN32_FIND_DATA find_obj;
HANDLE find_handle;
BOOL more_files;
TCHAR find_string[MAX_PATH];
openvpn_sntprintf(find_string, MAX_PATH, TEXT("%s\\*"), settings.config_dir);
find_handle = FindFirstFile(find_string, &find_obj);
if (find_handle == INVALID_HANDLE_VALUE)
{
MsgToEventLog(M_ERR, TEXT("Cannot get configuration file list using: %s"), find_string);
goto finish;
}
/*
* Loop over each config file
*/
do
{
HANDLE log_handle = NULL;
STARTUPINFO start_info;
PROCESS_INFORMATION proc_info;
struct security_attributes sa;
TCHAR log_file[MAX_PATH];
TCHAR log_path[MAX_PATH];
TCHAR command_line[256];
CLEAR(start_info);
CLEAR(proc_info);
CLEAR(sa);
if (!ReportStatusToSCMgr(service, &status))
{
MsgToEventLog(M_ERR, TEXT("ReportStatusToSCMgr #3 failed"));
FindClose(find_handle);
goto finish;
}
/* does file have the correct type and extension? */
if (match(&find_obj, settings.ext_string))
{
/* get log file pathname */
if (!modext(log_file, _countof(log_file), find_obj.cFileName, TEXT("log")))
{
MsgToEventLog(M_ERR, TEXT("Cannot construct logfile name based on: %s"), find_obj.cFileName);
FindClose(find_handle);
goto finish;
}
openvpn_sntprintf(log_path, _countof(log_path),
TEXT("%s\\%s"), settings.log_dir, log_file);
/* construct command line */
openvpn_sntprintf(command_line, _countof(command_line), TEXT("openvpn --service \"" PACKAGE "%s_exit_1\" 1 --config \"%s\""),
service_instance,
find_obj.cFileName);
/* Make security attributes struct for logfile handle so it can
* be inherited. */
if (!init_security_attributes_allow_all(&sa))
{
error = MsgToEventLog(M_SYSERR, TEXT("InitializeSecurityDescriptor start_" PACKAGE " failed"));
goto finish;
}
/* open logfile as stdout/stderr for soon-to-be-spawned subprocess */
log_handle = CreateFile(log_path,
GENERIC_WRITE,
FILE_SHARE_READ,
&sa.sa,
settings.append ? OPEN_ALWAYS : CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (log_handle == INVALID_HANDLE_VALUE)
{
error = MsgToEventLog(M_SYSERR, TEXT("Cannot open logfile: %s"), log_path);
FindClose(find_handle);
goto finish;
}
/* append to logfile? */
if (settings.append)
{
if (SetFilePointer(log_handle, 0, NULL, FILE_END) == INVALID_SET_FILE_POINTER)
{
error = MsgToEventLog(M_SYSERR, TEXT("Cannot seek to end of logfile: %s"), log_path);
FindClose(find_handle);
goto finish;
}
}
/* fill in STARTUPINFO struct */
GetStartupInfo(&start_info);
start_info.cb = sizeof(start_info);
start_info.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
start_info.wShowWindow = SW_HIDE;
start_info.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
start_info.hStdOutput = start_info.hStdError = log_handle;
/* create an OpenVPN process for one config file */
if (!CreateProcess(settings.exe_path,
command_line,
NULL,
NULL,
TRUE,
settings.priority | CREATE_NEW_CONSOLE,
NULL,
settings.config_dir,
&start_info,
&proc_info))
{
error = MsgToEventLog(M_SYSERR, TEXT("CreateProcess failed, exe='%s' cmdline='%s' dir='%s'"),
settings.exe_path,
command_line,
settings.config_dir);
FindClose(find_handle);
CloseHandle(log_handle);
goto finish;
}
/* close unneeded handles */
Sleep(1000); /* try to prevent race if we close logfile
* handle before child process DUPs it */
if (!CloseHandle(proc_info.hProcess)
|| !CloseHandle(proc_info.hThread)
|| !CloseHandle(log_handle))
{
error = MsgToEventLog(M_SYSERR, TEXT("CloseHandle failed"));
goto finish;
}
}
/* more files to process? */
more_files = FindNextFile(find_handle, &find_obj);
} while (more_files);
FindClose(find_handle);
}
/* we are now fully started */
status.dwCurrentState = SERVICE_RUNNING;
status.dwWaitHint = 0;
if (!ReportStatusToSCMgr(service, &status))
{
MsgToEventLog(M_ERR, TEXT("ReportStatusToSCMgr SERVICE_RUNNING failed"));
goto finish;
}
/* wait for our shutdown signal */
if (WaitForSingleObject(exit_event, INFINITE) != WAIT_OBJECT_0)
{
MsgToEventLog(M_ERR, TEXT("wait for shutdown signal failed"));
}
finish:
if (exit_event)
{
CloseHandle(exit_event);
}
status.dwCurrentState = SERVICE_STOPPED;
status.dwWin32ExitCode = error;
ReportStatusToSCMgr(service, &status);
}