mirror of
https://github.com/deneraraujo/OpenVPNAdapter.git
synced 2026-04-06 00:00:03 +08:00
a01ecd6c88
cc90cde57 win: use 'MSVC 2017 Professional' as default compiler 4b072bce1 [OVPN3-311] function.hpp: fix Windows build 48b9b78de [OVPN3-310] logging: fix 'OPENVPN_LOG_NTNL': identifier not found 5a4a87552 cosmetics: helper function to check registry errors fc52fd8a5 [OC-78] proxy: support PROXY_AUTO_CONFIG_URL on Windows f5178cff9 [OC-77] proxy: refactor proxy settings code 18e50ec3f ReplyParser: added undefined status 8178ae06f unix file utils: added update_file_mod_time_nanoseconds() 8f20f7693 build: use LZ4_SYS=1 default when target is Linux 4bd996e61 timestr: added date_time_utc() and nanosec_time_to_string() 0eaa2586f string: added remove_spaces() method d47ae03cc OptionList: added get_c_str() method 1eb9cd657 unix file utils: added mtime_ns parameter to write_binary_unix() and write_binary_atomic() bf00c6e3e Time::delta_str(): use "INF" to denote infinite time 0e598a87b kovpn.hpp: asio must be included before sys/ and linux/ headers to avoid redefinition conflicts 1d2ce460d BufferType: added read_alloc_buf() method 148ae6085 BufferType: added reset_offset() method 6218ed618 Factor out IP::random_addr_v4() and IP::random_addr_v6() from IP::random_addr(). 5468670b9 pool: minor changes 36a885a82 route: allow for specialized IPv4/v6 RouteType 5e29e6628 BufferType: added typedef T value_type d92021c99 strerror.hpp: added #include <errno.h> for benefit of users 363cbece3 Function: misc cleanup d88435ecd IP::Route: added defined() method 3371cb745 kovpn.hpp: fix centos build with DCO enabled dc9e48d98 Fix bug in macos tunnel interface setup. Second ip address should be gateway address bcdb27993 Merged in schwabe/fix_clang_warnings (pull request #25) ede5e90ff Merged in schabe/fix_swig_ipadr (pull request #27) c0d580d24 Merged in schwabe/fix_openvpn_extern (pull request #26) 0965882e5 Merged in schwabe/stats_morecpus (pull request #23) 5f1f8470b Revert bugfix for not compiling IA32 ASM of 2.7.5 bde2c41be dep: switch from mbeTLS 2.7.0 to 2.7.5 9d06b5c97 [OC-77] proxy: support PROXY_AUTO_CONFIG_URL on macOS 3f2ad8e8c Hide const std::string IP methods from SWIG ba264862a Send also kovpn statistics of CPU Cores >= 16 via status message 2991d38b3 Fix warnings reported by LLVM/Clang 02d2a7975 Fix multiple inclusion of OpenVPN3 header with OPENPVN_EXTERN git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn git-subtree-split: cc90cde5769dcf9e13fdd9e85d6d0857963dabce
137 lines
3.7 KiB
C++
137 lines
3.7 KiB
C++
// OpenVPN -- An application to securely tunnel IP networks
|
|
// over a single port, with support for SSL/TLS-based
|
|
// session authentication and key exchange,
|
|
// packet encryption, packet authentication, and
|
|
// packet compression.
|
|
//
|
|
// Copyright (C) 2012-2018 OpenVPN Inc.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License Version 3
|
|
// as published by the Free Software Foundation.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program in the COPYING file.
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
#pragma once
|
|
|
|
#include <Windows.h>
|
|
#include <Lmcons.h>
|
|
#include <wtsapi32.h>
|
|
|
|
#include <openvpn/win/winerr.hpp>
|
|
|
|
namespace openvpn {
|
|
namespace Win {
|
|
class ImpersonateAsUser {
|
|
public:
|
|
ImpersonateAsUser() : local_system(is_local_system_())
|
|
{
|
|
if (local_system)
|
|
OPENVPN_LOG("ImpersonateAsUser: running under SYSTEM account, need to impersonate");
|
|
else
|
|
{
|
|
OPENVPN_LOG("ImpersonateAsUser: running under user account, no need to impersonate");
|
|
return;
|
|
}
|
|
|
|
DWORD sessId = WTSGetActiveConsoleSessionId();
|
|
if (sessId == 0xFFFFFFFF)
|
|
{
|
|
const Win::LastError err;
|
|
OPENVPN_LOG("ImpersonateAsUser: WTSGetActiveConsoleSessionId() failed: " << err.message());
|
|
return;
|
|
}
|
|
|
|
HANDLE hToken;
|
|
if (!WTSQueryUserToken(sessId, &hToken))
|
|
{
|
|
const Win::LastError err;
|
|
OPENVPN_LOG("ImpersonateAsUser: WTSQueryUserToken() failed: " << err.message());
|
|
return;
|
|
}
|
|
|
|
if (!ImpersonateLoggedOnUser(hToken))
|
|
{
|
|
CloseHandle(hToken);
|
|
|
|
const Win::LastError err;
|
|
OPENVPN_LOG("ImpersonateAsUser: ImpersonateLoggedOnUser() failed: " << err.message());
|
|
return;
|
|
}
|
|
|
|
CloseHandle(hToken);
|
|
|
|
impersonated = true;
|
|
|
|
char uname[UNLEN + 1];
|
|
DWORD len = UNLEN + 1;
|
|
GetUserNameA(uname, &len);
|
|
OPENVPN_LOG("ImpersonateAsUser: impersonated as " << uname);
|
|
}
|
|
|
|
~ImpersonateAsUser() {
|
|
if (impersonated)
|
|
{
|
|
if (!RevertToSelf())
|
|
{
|
|
const Win::LastError err;
|
|
OPENVPN_LOG("ImpersonateAsUser: RevertToSelf() failed: " << err.message());
|
|
}
|
|
}
|
|
}
|
|
|
|
bool is_local_system() const
|
|
{
|
|
return local_system;
|
|
}
|
|
|
|
private:
|
|
// https://stackoverflow.com/a/4024388/227024
|
|
BOOL is_local_system_() const
|
|
{
|
|
HANDLE hToken;
|
|
UCHAR bTokenUser[sizeof(TOKEN_USER) + 8 + 4 * SID_MAX_SUB_AUTHORITIES];
|
|
PTOKEN_USER pTokenUser = (PTOKEN_USER)bTokenUser;
|
|
ULONG cbTokenUser;
|
|
SID_IDENTIFIER_AUTHORITY siaNT = SECURITY_NT_AUTHORITY;
|
|
PSID pSystemSid;
|
|
BOOL bSystem;
|
|
|
|
// open process token
|
|
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
|
|
return FALSE;
|
|
|
|
// retrieve user SID
|
|
if (!GetTokenInformation(hToken, TokenUser, pTokenUser, sizeof(bTokenUser), &cbTokenUser))
|
|
{
|
|
CloseHandle(hToken);
|
|
return FALSE;
|
|
}
|
|
|
|
CloseHandle(hToken);
|
|
|
|
// allocate LocalSystem well-known SID
|
|
if (!AllocateAndInitializeSid(&siaNT, 1, SECURITY_LOCAL_SYSTEM_RID,
|
|
0, 0, 0, 0, 0, 0, 0, &pSystemSid)) return FALSE;
|
|
|
|
// compare the user SID from the token with the LocalSystem SID
|
|
bSystem = EqualSid(pTokenUser->User.Sid, pSystemSid);
|
|
|
|
FreeSid(pSystemSid);
|
|
|
|
return bSystem;
|
|
}
|
|
|
|
bool impersonated = false;
|
|
bool local_system = false;
|
|
};
|
|
}
|
|
}
|