~smoser/ubuntu/oneiric/openvpn/lp-794916

Viewing changes to options.c

Committer: Bazaar Package Importer
Author(s): Alberto Gonzalez Iniesta
Date: 2008-08-16 13:34:24 UTC
mfrom: (1.1.10 upstream)
Revision ID: james.westby@ubuntu.com-20080816133424-0i83yb6dw4hjglo1

Tags: 2.1~rc9-3

http://bugs.debian.org/495082

http://bugs.debian.org/494998

* debian/rules: run ./configure with path to 'route', for
those build daemons without 'route'. (Closes: #495082)
* Created NEWS.Debian with info on new option script-security.
(Closes: #494998)

files added:
debian/NEWS

plugin/examples/log.c

files modified:
COPYING

ChangeLog

INSTALL

Makefile.am

Makefile.in

PORTS

README

basic.h

buffer.c

buffer.h

circ_list.h

common.h

config-win32.h

config-win32.h.in

config.h.in

configure

configure.ac

contrib/pull-resolv-conf/client.down

contrib/pull-resolv-conf/client.up

crypto.c

crypto.h

cryptoapi.c

debian/changelog

debian/examples

debian/patches/attemping_typo

debian/patches/close_socket_before_scripts.patch

debian/patches/debian_openssl_vulnkeys.patch

debian/patches/manpage_dash_escaping.patch

debian/rules

debug/valgrind-suppress

easy-rsa/2.0/pkitool

easy-rsa/Windows/vars.bat.sample

errlevel.h

error.c

error.h

event.c

event.h

fdmisc.c

fdmisc.h

forward-inline.h

forward.c

forward.h

fragment.c

fragment.h

gremlin.c

gremlin.h

helper.c

helper.h

images/Makefile.am

images/Makefile.in

init.c

init.h

install-win32/Makefile.am

install-win32/Makefile.in

install-win32/getopenssl

install-win32/openssl/openssl098.patch

install-win32/openvpn.nsi

integer.h

interval.c

interval.h

list.c

list.h

lladdr.c

lzo.c

lzo.h

manage.c

manage.h

mbuf.c

mbuf.h

memdbg.h

misc.c

misc.h

mroute.c

mroute.h

mss.c

mss.h

mtcp.c

mtcp.h

mtu.c

mtu.h

mudp.c

mudp.h

multi.c

multi.h

ntlm.c

occ-inline.h

occ.c

occ.h

openvpn-plugin.h

openvpn.8

openvpn.c

openvpn.h

openvpn.spec

options.c

options.h

otime.c

otime.h

packet_id.c

packet_id.h

perf.c

perf.h

pf-inline.h

pf.c

pf.h

ping-inline.h

ping.c

ping.h

pkcs11.c

pkcs11.h

plugin.c

plugin.h

plugin/auth-pam/auth-pam.c

plugin/defer/simple.c

plugin/down-root/down-root.c

plugin/examples/simple.c

pool.c

pool.h

proto.c

proto.h

proxy.c

proxy.h

ps.c

ps.h

push.c

push.h

reliable.c

reliable.h

route.c

route.h

schedule.c

schedule.h

service-win32/Makefile.am

service-win32/Makefile.in

service-win32/openvpnserv.c

session_id.c

session_id.h

shaper.c

shaper.h

sig.c

sig.h

socket.c

socket.h

socks.c

socks.h

ssl.c

ssl.h

status.c

status.h

syshead.h

tap-win32/common.h

tap-win32/constants.h

tap-win32/dhcp.c

tap-win32/dhcp.h

tap-win32/endian.h

tap-win32/error.c

tap-win32/error.h

tap-win32/hexdump.c

tap-win32/hexdump.h

tap-win32/i386/OemWin2k.inf.in

tap-win32/instance.c

tap-win32/lock.h

tap-win32/macinfo.c

tap-win32/macinfo.h

tap-win32/mem.c

tap-win32/proto.h

tap-win32/prototypes.h

tap-win32/resource.rc

tap-win32/tapdrvr.c

tap-win32/types.h

thread.c

thread.h

tun.c

tun.h

version.m4

win32.c

win32.h

Show diffs side-by-side

added added

removed removed

options.c

* packet encryption, packet authentication, and

* packet compression.

* This program is free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License version 2

189

" flag to add a direct route to DHCP server, bypassing tunnel.\n"

190

" Add 'bypass-dns' flag to similarly bypass tunnel for DNS.\n"

191

"--setenv name value : Set a custom environmental variable to pass to script.\n"

192

"--script-security level : 0 -- strictly no calling of external programs\n"

193

" 1 -- (default) only call built-ins such as ifconfig\n"

194

" 2 -- allow calling of built-ins and scripts\n"

195

" 3 -- allow password to be passed to scripts via env\n"

192

196

"--shaper n : Restrict output to peer to n bytes per second.\n"

193

197

"--keepalive n m : Helper option for setting timeouts in server mode. Send\n"

194

198

" ping once every n seconds, restart if ping not received\n"

536

540

#ifdef WIN32

537

541

"\n"

538

542

"Windows Specific:\n"

543

"--win-sys path|'env' : Pathname of Windows system directory, C:\\WINDOWS by default.\n"

544

" If specified as 'env', read the pathname from SystemRoot env var.\n"

539

545

"--ip-win32 method : When using --ifconfig on Windows, set TAP-Win32 adapter\n"

540

546

" IP address using method = manual, netsh, ipapi,\n"

541

547

" dynamic, or adaptive (default = adaptive).\n"

884

890

}

885

891

else

886

892

{

887

bool error = false;

888

const in_addr_t addr = get_ip_addr (parm, msglevel, &error);

889

if (!error)

890

array[(*len)++] = addr;

893

if (ip_addr_dotted_quad_safe (parm))

894

{

895

bool error = false;

896

const in_addr_t addr = get_ip_addr (parm, msglevel, &error);

897

if (!error)

898

array[(*len)++] = addr;

899

}

900

else

901

{

902

msg (msglevel, "dhcp-option parameter %s '%s' must be an IP address", name, parm);

903

}

891

904

}

892

905

}

893

906

2489

2502

struct buffer value = alloc_buf_gc (OPTION_PARM_SIZE, &gc);

2490

2503

int i;

2491

2504

bool first = true;

2505

bool good = true;

2492

2506

2493

buf_printf (&name, "foreign_option_%d", o->foreign_option_index + 1);

2507

good &= buf_printf (&name, "foreign_option_%d", o->foreign_option_index + 1);

2494

2508

++o->foreign_option_index;

2495

2509

for (i = 0; i < len; ++i)

2496

2510

{

2497

2511

if (argv[i])

2498

2512

{

2499

2513

if (!first)

2500

buf_printf (&value, " ");

2501

buf_printf (&value, "%s", argv[i]);

2514

good &= buf_printf (&value, " ");

2515

good &= buf_printf (&value, "%s", argv[i]);

2502

2516

first = false;

2503

2517

}

2504

2518

}

2505

setenv_str (es, BSTR(&name), BSTR(&value));

2519

if (good)

2520

setenv_str (es, BSTR(&name), BSTR(&value));

2521

else

2522

msg (M_WARN, "foreign_option: name/value overflow");

2506

2523

gc_free (&gc);

2507

2524

}

2508

2525

}

2658

2675

{

2659

2676

msg (M_INFO|M_NOPREFIX, "%s", title_string);

2660

2677

msg (M_INFO|M_NOPREFIX, "Developed by James Yonan");

2661

2678

2662

2679

openvpn_exit (OPENVPN_EXIT_STATUS_USAGE); /* exit point */

2663

2680

}

2664

2681

2898

2915

{

2899

2916

if (!strncmp (line, close_tag, strlen (close_tag)))

2900

2917

break;

2901

buf_printf (&buf, line);

2918

buf_printf (&buf, "%s", line);

2902

2919

}

2903

2920

ret = string_alloc (BSTR (&buf), gc);

2904

2921

buf_clear (&buf);

3232

3249

{

3233

3250

struct gc_arena gc = gc_new ();

3234

3251

ASSERT (MAX_PARMS >= 5);

3252

const bool pull_mode = BOOL_CAST (permission_mask & OPT_P_PULL_MODE);

3235

3253

3236

3254

if (!file)

3237

3255

{

3258

3276

3259

3277

read_config_file (options, p[1], level, file, line, msglevel, permission_mask, option_types_found, es);

3260

3278

}

3279

#if 0

3280

else if (streq (p[0], "foreign-option") && p[1])

3281

{

3282

VERIFY_PERMISSION (OPT_P_IPWIN32);

3283

foreign_option (options, p, 3, es);

3284

}

3285

#endif

3261

3286

else if (streq (p[0], "echo") || streq (p[0], "parameter"))

3262

3287

{

3263

3288

struct buffer string = alloc_buf_gc (OPTION_PARM_SIZE, &gc);

3264

3289

int j;

3265

const bool pull_mode = BOOL_CAST (permission_mask & OPT_P_PULL_MODE);

3290

bool good = true;

3266

3291

3267

3292

VERIFY_PERMISSION (OPT_P_ECHO);

3268

3293

3271

3296

if (!p[j])

3272

3297

break;

3273

3298

if (j > 1)

3274

buf_printf (&string, " ");

3275

buf_printf (&string, "%s", p[j]);

3299

good &= buf_printf (&string, " ");

3300

good &= buf_printf (&string, "%s", p[j]);

3276

3301

}

3277

msg (M_INFO, "%s:%s",

3278

pull_mode ? "ECHO-PULL" : "ECHO",

3279

BSTR (&string));

3302

if (good)

3303

{

3304

msg (M_INFO, "%s:%s",

3305

pull_mode ? "ECHO-PULL" : "ECHO",

3306

BSTR (&string));

3280

3307

#ifdef ENABLE_MANAGEMENT

3281

if (management)

3282

management_echo (management, BSTR (&string), pull_mode);

3308

if (management)

3309

management_echo (management, BSTR (&string), pull_mode);

3283

3310

#endif

3311

}

3312

else

3313

msg (M_WARN, "echo/parameter option overflow");

3284

3314

}

3285

3315

#ifdef ENABLE_MANAGEMENT

3286

3316

else if (streq (p[0], "management") && p[1] && p[2])

3402

3432

else if (streq (p[0], "lladdr") && p[1])

3403

3433

{

3404

3434

VERIFY_PERMISSION (OPT_P_UP);

3405

options->lladdr = p[1];

3435

if (ip_addr_dotted_quad_safe (p[1]))

3436

options->lladdr = p[1];

3437

else

3438

{

3439

msg (msglevel, "lladdr parm '%s' must be an IP address", p[1]);

3440

goto err;

3441

}

3406

3442

}

3407

3443

else if (streq (p[0], "topology") && p[1])

3408

3444

{

3417

3453

#ifdef CONFIG_FEATURE_IPROUTE

3418

3454

else if (streq (p[0], "iproute") && p[1])

3419

3455

{

3420

VERIFY_PERMISSION (OPT_P_UP);

3456

VERIFY_PERMISSION (OPT_P_GENERAL);

3421

3457

iproute_path = p[1];

3422

3458

}

3423

3459

#endif

3424

3460

else if (streq (p[0], "ifconfig") && p[1] && p[2])

3425

3461

{

3426

3462

VERIFY_PERMISSION (OPT_P_UP);

3427

options->ifconfig_local = p[1];

3428

options->ifconfig_remote_netmask = p[2];

3463

if (ip_addr_dotted_quad_safe (p[1]) && ip_addr_dotted_quad_safe (p[2]))

3464

{

3465

options->ifconfig_local = p[1];

3466

options->ifconfig_remote_netmask = p[2];

3467

}

3468

else

3469

{

3470

msg (msglevel, "ifconfig parms '%s' and '%s' must be IP addresses", p[1], p[2]);

3471

goto err;

3472

}

3429

3473

}

3430

3474

else if (streq (p[0], "ifconfig-noexec"))

3431

3475

{

4170

4214

{

4171

4215

VERIFY_PERMISSION (OPT_P_ROUTE);

4172

4216

rol_check_alloc (options);

4217

if (pull_mode)

4218

{

4219

if (!ip_addr_dotted_quad_safe (p[1]) && !is_special_addr (p[1]))

4220

{

4221

msg (msglevel, "route parameter network/IP '%s' is not an IP address", p[1]);

4222

goto err;

4223

}

4224

if (p[2] && !ip_addr_dotted_quad_safe (p[2]))

4225

{

4226

msg (msglevel, "route parameter netmask '%s' is not an IP address", p[2]);

4227

goto err;

4228

}

4229

if (p[3] && !ip_addr_dotted_quad_safe (p[3]) && !is_special_addr (p[3]))

4230

{

4231

msg (msglevel, "route parameter gateway '%s' is not an IP address", p[3]);

4232

goto err;

4233

}

4234

}

4173

4235

add_route_to_option_list (options->routes, p[1], p[2], p[3], p[4]);

4174

4236

}

4175

4237

else if (streq (p[0], "route-gateway") && p[1])

4176

4238

{

4177

4239

VERIFY_PERMISSION (OPT_P_ROUTE_EXTRAS);

4178

options->route_default_gateway = p[1];

4240

if (ip_addr_dotted_quad_safe (p[1]) || is_special_addr (p[1]))

4241

{

4242

options->route_default_gateway = p[1];

4243

}

4244

else

4245

{

4246

msg (msglevel, "route-gateway parm '%s' must be an IP address", p[1]);

4247

goto err;

4248

}

4179

4249

}

4180

4250

else if (streq (p[0], "route-metric") && p[1])

4181

4251

{

4249

4319

VERIFY_PERMISSION (OPT_P_SETENV);

4250

4320

setenv_str_safe (es, p[1], p[2] ? p[2] : "");

4251

4321

}

4322

else if (streq (p[0], "script-security") && p[1])

4323

{

4324

VERIFY_PERMISSION (OPT_P_GENERAL);

4325

script_security = atoi (p[1]);

4326

}

4252

4327

else if (streq (p[0], "mssfix"))

4253

4328

{

4254

4329

VERIFY_PERMISSION (OPT_P_GENERAL);

4618

4693

}

4619

4694

#endif

4620

4695

#ifdef WIN32

4696

else if (streq (p[0], "win-sys") && p[1])

4697

{

4698

VERIFY_PERMISSION (OPT_P_GENERAL);

4699

if (streq (p[1], "env"))

4700

set_win_sys_path_via_env (es);

4701

else

4702

set_win_sys_path (p[1], es);

4703

}

4621

4704

else if (streq (p[0], "route-method") && p[1])

4622

4705

{

4623

4706

VERIFY_PERMISSION (OPT_P_ROUTE_EXTRAS);

Older »