From: Lev Stipakov <lev@openvpn.net>
Date: Mon, 15 Sep 2025 13:03:38 +0000 (+0200)
Subject: win: replace wmic invocation with powershell
X-Git-Tag: v2.7_beta2~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5681535b1927c339398196707b359a94786fd2c0;p=thirdparty%2Fopenvpn.git

win: replace wmic invocation with powershell

Since wmic has been recently deprecated and is absent on new
systems, replace setting DNS domain "old-style" with powershell.

This is based on 2.6 patch which replaces wmic with powershell

    d383d6e "win: replace wmic invocation with powershell"

except that here we only touch openvpn process code. There is no
wmic calls in 2.7 service.

Github: fixes OpenVPN/openvpn#642

Change-Id: Ibb126e9ca4548aeb8b60df226e37c9b414698247
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1187
Message-Id: <20250915130344.2906-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32951.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 29f74a2f5..ee0733ae5 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -405,7 +405,7 @@ out:
 }
 
 static void
-do_dns_domain_wmic(bool add, const struct tuntap *tt)
+do_dns_domain_pwsh(bool add, const struct tuntap *tt)
 {
     if (!tt->options.domain)
     {
@@ -413,10 +413,13 @@ do_dns_domain_wmic(bool add, const struct tuntap *tt)
     }
 
     struct argv argv = argv_new();
-    argv_printf(&argv, "%s%s nicconfig where (InterfaceIndex=%ld) call SetDNSDomain '%s'",
-                get_win_sys_path(), WMIC_PATH_SUFFIX, tt->adapter_index,
+    argv_printf(&argv,
+                "%s%s -NoProfile -NonInteractive -Command Set-DnsClient -InterfaceIndex %lu -ConnectionSpecificSuffix '%s'",
+                get_win_sys_path(),
+                POWERSHELL_PATH_SUFFIX,
+                tt->adapter_index,
                 add ? tt->options.domain : "");
-    exec_command("WMIC", &argv, 1, M_WARN);
+    exec_command("PowerShell", &argv, 1, M_WARN);
 
     argv_free(&argv);
 }
@@ -1208,7 +1211,7 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, const struc
 
         if (!tt->did_ifconfig_setup)
         {
-            do_dns_domain_wmic(true, tt);
+            do_dns_domain_pwsh(true, tt);
         }
     }
 #else  /* platforms we have no IPv6 code for */
@@ -1527,7 +1530,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, const struc
                            NI_IP_NETMASK | NI_OPTIONS);
         }
 
-        do_dns_domain_wmic(true, tt);
+        do_dns_domain_pwsh(true, tt);
     }
 
 
@@ -6547,7 +6550,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx)
         {
             if (!tt->did_ifconfig_setup)
             {
-                do_dns_domain_wmic(false, tt);
+                do_dns_domain_pwsh(false, tt);
             }
 
             netsh_delete_address_dns(tt, true, &gc);
@@ -6574,7 +6577,7 @@ close_tun(struct tuntap *tt, openvpn_net_ctx_t *ctx)
         }
         else
         {
-            do_dns_domain_wmic(false, tt);
+            do_dns_domain_pwsh(false, tt);
 
             if (tt->options.ip_win32_type == IPW32_SET_NETSH)
             {
diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h
index dbfa5bc74..ff3145ae6 100644
--- a/src/openvpn/win32.h
+++ b/src/openvpn/win32.h
@@ -40,7 +40,7 @@
 #define WIN_ROUTE_PATH_SUFFIX    "\\system32\\route.exe"
 #define WIN_IPCONFIG_PATH_SUFFIX "\\system32\\ipconfig.exe"
 #define WIN_NET_PATH_SUFFIX      "\\system32\\net.exe"
-#define WMIC_PATH_SUFFIX         "\\system32\\wbem\\wmic.exe"
+#define POWERSHELL_PATH_SUFFIX   "\\system32\\WindowsPowerShell\\v1.0\\powershell.exe"
 
 /*
  * Win32-specific OpenVPN code, targeted at the mingw