IpcServerProcess permit list

client/defines.h

@@ -4,7 +4,7 @@
 #define APPLICATION_NAME    "AmneziaVPN"
 #define SERVICE_NAME        "AmneziaVPN-service"
 #define ORGANIZATION_NAME   "AmneziaVPN.ORG"
-#define APP_MAJOR_VERSION   "2.0.10"
+#define APP_MAJOR_VERSION   "2.1.0"
-#define APP_VERSION         "2.0.10.0"
+#define APP_VERSION         "2.1.0.0"
 
 #endif // DEFINES_H

client/protocols/ikev2_vpn_protocol_windows.cpp

@@ -199,7 +199,7 @@ ErrorCode Ikev2Protocol::start()
             setLastError(ErrorCode::AmneziaServiceConnectionFailed);
             return ErrorCode::AmneziaServiceConnectionFailed;
         }
-        certInstallProcess->setProgram("certutil");
+        certInstallProcess->setProgram(PermittedProcess::CertUtil);
         QStringList arguments({"-f" , "-importpfx",
                                "-p", m_config[config_key::password].toString(),
                                certFile.fileName(), "NoExport"

client/protocols/openvpnprotocol.cpp

@@ -132,24 +132,13 @@ void OpenVpnProtocol::updateRouteGateway(QString line)
     qDebug() << "Set VPN route gateway" << m_routeGateway;
 }
 
-QString OpenVpnProtocol::openVpnExecPath() const
-{
-#ifdef Q_OS_WIN
-    return Utils::executable("openvpn/openvpn", true);
-#elif defined Q_OS_LINUX
-    return Utils::usrExecutable("openvpn");
-#else
-    return Utils::executable("/openvpn", true);
-#endif
-}
-
 ErrorCode OpenVpnProtocol::start()
 {
 #ifndef Q_OS_IOS
     //qDebug() << "Start OpenVPN connection";
     OpenVpnProtocol::stop();
 
-    if (!QFileInfo::exists(openVpnExecPath())) {
+    if (!QFileInfo::exists(Utils::openVpnExecPath())) {
         setLastError(ErrorCode::OpenVpnExecutableMissing);
         return lastError();
     }
@@ -183,7 +172,7 @@ ErrorCode OpenVpnProtocol::start()
         setLastError(ErrorCode::AmneziaServiceConnectionFailed);
         return ErrorCode::AmneziaServiceConnectionFailed;
     }
-    m_openVpnProcess->setProgram(openVpnExecPath());
+    m_openVpnProcess->setProgram(PermittedProcess::OpenVPN);
     QStringList arguments({"--config" , configPath(),
                       "--management", m_managementHost, QString::number(m_managementPort),
                       "--management-client"/*, "--log", vpnLogFileNamePath */

client/protocols/openvpnprotocol.h

@@ -30,7 +30,6 @@ protected slots:
 
 private:
     QString configPath() const;
-    QString openVpnExecPath() const;
     bool openVpnProcessIsRunning() const;
     bool sendTermSignal();
     void readOpenVpnConfiguration(const QJsonObject &configuration);

client/protocols/wireguardprotocol.cpp

@@ -30,7 +30,7 @@ void WireguardProtocol::stop()
     //qDebug() << "WireguardProtocol::stop() 1";
 
 #ifndef Q_OS_IOS
-    if (!QFileInfo::exists(wireguardExecPath())) {
+    if (!QFileInfo::exists(Utils::wireguardExecPath())) {
         qCritical() << "Wireguard executable missing!";
         setLastError(ErrorCode::ExecutableMissing);
         return;
@@ -51,7 +51,7 @@ void WireguardProtocol::stop()
         return;
     }
 
-    m_wireguardStopProcess->setProgram(wireguardExecPath());
+    m_wireguardStopProcess->setProgram(PermittedProcess::Wireguard);
 
 
     QStringList arguments({"--remove", configPath()});
@@ -117,17 +117,6 @@ void WireguardProtocol::updateRouteGateway(QString line)
     qDebug() << "Set VPN route gateway" << m_routeGateway;
 }
 
-QString WireguardProtocol::wireguardExecPath() const
-{
-#ifdef Q_OS_WIN
-    return Utils::executable("wireguard/wireguard-service", true);
-#elif defined Q_OS_LINUX
-    return Utils::usrExecutable("wg");
-#else
-    return Utils::executable("/wireguard", true);
-#endif
-}
-
 ErrorCode WireguardProtocol::start()
 {
     //qDebug() << "WireguardProtocol::start() 1";
@@ -141,7 +130,7 @@ ErrorCode WireguardProtocol::start()
     //qDebug() << "Start Wireguard connection";
     WireguardProtocol::stop();
 
-    if (!QFileInfo::exists(wireguardExecPath())) {
+    if (!QFileInfo::exists(Utils::wireguardExecPath())) {
         setLastError(ErrorCode::ExecutableMissing);
         return lastError();
     }
@@ -168,7 +157,7 @@ ErrorCode WireguardProtocol::start()
         return ErrorCode::AmneziaServiceConnectionFailed;
     }
 
-    m_wireguardStartProcess->setProgram(wireguardExecPath());
+    m_wireguardStartProcess->setProgram(PermittedProcess::Wireguard);
 
 
     QStringList arguments({"--add", configPath()});

client/protocols/wireguardprotocol.h

@@ -23,8 +23,6 @@ public:
 
 private:
     QString configPath() const;
-    QString wireguardExecPath() const;
-    //bool openVpnProcessIsRunning() const;
     void readWireguardConfiguration(const QJsonObject &configuration);
 
     void updateRouteGateway(QString line);

client/utils.cpp

@@ -214,6 +214,38 @@ QStringList Utils::summarizeRoutes(const QStringList &ips, const QString cidr)
     return QStringList();
 }
 
+QString Utils::openVpnExecPath()
+{
+#ifdef Q_OS_WIN
+    return Utils::executable("openvpn/openvpn", true);
+#elif defined Q_OS_LINUX
+    return Utils::usrExecutable("openvpn");
+#else
+    return Utils::executable("/openvpn", true);
+#endif
+}
+
+QString Utils::wireguardExecPath()
+{
+#ifdef Q_OS_WIN
+    return Utils::executable("wireguard/wireguard-service", true);
+#elif defined Q_OS_LINUX
+    return Utils::usrExecutable("wg");
+#else
+    return Utils::executable("/wireguard", true);
+#endif
+}
+
+QString Utils::certUtilPath()
+{
+#ifdef Q_OS_WIN
+    QString winPath = QString::fromUtf8(qgetenv("windir"));
+    return winPath + "system32\\certutil.exe";
+#else
+    return "";
+#endif
+}
+
 #ifdef Q_OS_WIN
 // Inspired from http://stackoverflow.com/a/15281070/1529139
 // and http://stackoverflow.com/q/40059902/1529139

client/utils.h

@@ -44,6 +44,11 @@ public:
 
     static QStringList summarizeRoutes(const QStringList &ips, const QString cidr);
 
+    static QString openVpnExecPath();
+    static QString wireguardExecPath();
+    static QString certUtilPath();
+
+
 #ifdef Q_OS_WIN
     static bool signalCtrl(DWORD dwProcessId, DWORD dwCtrlEvent);
 #endif

ipc/ipc.h

@@ -4,10 +4,32 @@
 #include <QObject>
 #include <QString>
 
+#include "../client/utils.h"
+
 #define IPC_SERVICE_URL "local:AmneziaVpnIpcInterface"
 
 namespace amnezia {
 
+enum PermittedProcess {
+    OpenVPN,
+    Wireguard,
+    CertUtil
+};
+
+inline QString permittedProcessPath(PermittedProcess pid)
+{
+    if (pid == PermittedProcess::OpenVPN) {
+        return Utils::openVpnExecPath();
+    }
+    if (pid == PermittedProcess::Wireguard) {
+        return Utils::wireguardExecPath();
+    }
+    else if (pid == PermittedProcess::CertUtil) {
+        return Utils::certUtilPath();
+    }
+}
+
+
 inline QString getIpcServiceUrl() {
 #ifdef Q_OS_WIN
     return IPC_SERVICE_URL;

ipc/ipc_process_interface.rep

@@ -3,7 +3,7 @@
 
 class IpcProcessInterface
 {
-    SLOT( start(const QString &program, const QStringList &args) );
+    //SLOT( start(const QString &program, const QStringList &args) );
     SLOT( start() );
     SLOT( close() );
 
@@ -11,7 +11,7 @@ class IpcProcessInterface
     SLOT( setInputChannelMode(QProcess::InputChannelMode mode) );
     SLOT( setNativeArguments(const QString &arguments) );
     SLOT( setProcessChannelMode(QProcess::ProcessChannelMode mode) );
-    SLOT( setProgram(const QString &program) );
+    SLOT( setProgram(int programId) );
     SLOT( setWorkingDirectory(const QString &dir) );
 
     SLOT( QByteArray readAll() );

ipc/ipcserverprocess.cpp

@@ -1,4 +1,5 @@
 #include "ipcserverprocess.h"
+#include "ipc.h"
 #include <QProcess>
 
 #ifndef Q_OS_IOS
@@ -38,16 +39,19 @@ IpcServerProcess::~IpcServerProcess()
     qDebug() << "IpcServerProcess::~IpcServerProcess";
 }
 
-void IpcServerProcess::start(const QString &program, const QStringList &arguments)
+//void IpcServerProcess::start(const QString &program, const QStringList &arguments)
-{
+//{
-    m_process->start(program, arguments);
+//    m_process->start(program, arguments);
-    qDebug() << "IpcServerProcess started, " << arguments;
+//    qDebug() << "IpcServerProcess started, " << arguments;
 
-    m_process->waitForStarted();
+//    m_process->waitForStarted();
-}
+//}
 
 void IpcServerProcess::start()
 {
+    if (m_process->program().isEmpty()) {
+        qDebug() << "IpcServerProcess failed to start, program is empty";
+    }
     m_process->start();
     qDebug() << "IpcServerProcess started, " << m_process->program() << m_process->arguments();
 
@@ -81,9 +85,9 @@ void IpcServerProcess::setProcessChannelMode(QProcess::ProcessChannelMode mode)
     m_process->setProcessChannelMode(mode);
 }
 
-void IpcServerProcess::setProgram(const QString &program)
+void IpcServerProcess::setProgram(int programId)
 {
-    m_process->setProgram(program);
+    m_process->setProgram(amnezia::permittedProcessPath(static_cast<amnezia::PermittedProcess>(programId)));
 }
 
 void IpcServerProcess::setWorkingDirectory(const QString &dir)

ipc/ipcserverprocess.h

@@ -13,7 +13,7 @@ public:
     explicit IpcServerProcess(QObject *parent = nullptr);
     virtual ~IpcServerProcess();
 
-    void start(const QString &program, const QStringList &arguments) override;
+    //void start(const QString &program, const QStringList &arguments) override;
     void start() override;
     void close() override;
 
@@ -21,7 +21,7 @@ public:
     void setInputChannelMode(QProcess::InputChannelMode mode) override;
     void setNativeArguments(const QString &arguments) override;
     void setProcessChannelMode(QProcess::ProcessChannelMode mode) override;
-    void setProgram(const QString &program) override;
+    void setProgram(int programId) override;
     void setWorkingDirectory(const QString &dir) override;
 
     QByteArray readAll() override;