From patchwork Fri Mar 10 05:08:14 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Heiko Hund <heiko@ist.eigentlich.net>
X-Patchwork-Id: 3121
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp874452dye;
        Thu, 9 Mar 2023 21:09:06 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set+PjPLw/tiFmNKmrKTuuU4y1iV2iRKAME7v1IMmfbFyHW5ud5gMfbxvjOxEgYSlmP5cfKSz
X-Received: by 2002:aa7:9f1a:0:b0:5a8:d360:de72 with SMTP id
 g26-20020aa79f1a000000b005a8d360de72mr19662458pfr.29.1678424946559;
        Thu, 09 Mar 2023 21:09:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678424946; cv=none;
        d=google.com; s=arc-20160816;
        b=NKlO3s73ArbrTAgy9sCYAeOwmx4siYZL1ACD5V9JmNiL/HDIVzNm1fNXxiaPvQsGs4
         3fBwYp/AK5wjX8cbnUTYzra9lypvSoSvtbJDF/q6YZlu3Amajo9+bupmpwU/0s/jnrFk
         uhunDa+D0CUIOmOve6GSvKDsQ4qS2ukH2qakf2F5PGZbdNxnY7L2YBQKRYs1isbgG89s
         okcFODkgOl6ciz0dV9abwi31m/7Jrsq5gdIJk3dzGSUXA0yUMcmIs92ap41wnDItcTdt
         A4pd1ykoJOG+nGuZRG1c7BRDlZFxxxWFK6I/LIRT/lAuFQB39V6l+k2HrKyx/C8DxPWg
         PqRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature;
        bh=Q7+lWmQfL1lp0lYgG0xBSeIFtXRej04tuo3JPpO6z6A=;
        b=rwZny2gdxhfzHKvpcbw6QWgJaWevX3yld2IfArt95y0XDF2VGaUEWoTsqh4zgm5jc3
         d7zb503H7z+wP9ADP/rPem958DIXbhIAz68J5kQEIwf2t0IIrGiNDdRNCspMWjseu7BQ
         FWrKPLcY8LD4gaW2MAeilCESDtN7pbx2/a1P1l65ixHqDGASTsdWH64oveuCWS2DPP85
         RtaunF3uWKpT8ydZ5vooXtV7foB9pk3yXYetuP2zh3q/YlK8BbzWGM/8nsTu4ch5/kFG
         Rkv4+zNYsGU0vTONbhGx2u9S9GXdimw7t2hdQblh1H9cTdycOJDgOC/YzVGv51DNO+9W
         9cIw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=LzDfOYbr;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=eTIhc7UW;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 t128-20020a625f86000000b005a8bcdced0fsi991010pfb.222.2023.03.09.21.09.06
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 09 Mar 2023 21:09:06 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=LzDfOYbr;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=eTIhc7UW;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1paUzg-0003uy-Tv;
	Fri, 10 Mar 2023 05:08:42 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <SRS0=DDKq=7C=ist.eigentlich.net=heiko@exit0.net>)
 id 1paUzb-0003ur-Gw for openvpn-devel@lists.sourceforge.net;
 Fri, 10 Mar 2023 05:08:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=/zzMAYzGoh4Qn+nHBGV3edL/CUZlQOJsMRwl2o7+QyA=; b=LzDfOYbrTFO4QHsfvNx6/gIskn
 6FveW4+iHCWP+6soUa0xHHayUuy14Gvioh2KUH6N8EzbRQMxBrvv/ch31FqFTjnGKQbLS5p8z7lxG
 hrSGyvSA7FS7HZ87PbGYw3GqRNk+1KunnKIpqY9Yc4QzZEVBn3ZrY6mXR0LlSBBS40n0=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=/zzMAYzGoh4Qn+nHBGV3edL/CUZlQOJsMRwl2o7+QyA=; b=eTIhc7UWAfACl08QVsIvXm4c7J
 5vu9UlZdNgj+JUSX1TvAFhIywzUCvE6nvQsj0K1HgrTHUKFgHNSrjeqN5CANnFhgCbbYn9++a1hdj
 l/UnFcRwlKDf0SKPJhqe2+BNNLPtAoZjpqV3SiyDOKznwL2z8Vd0Fuq74LvWcA7mthsA=;
Received: from exit0.net ([85.25.119.185])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1paUzY-0039vz-CO for openvpn-devel@lists.sourceforge.net;
 Fri, 10 Mar 2023 05:08:36 +0000
Received: from coruscant.fritz.box (i577BF783.versanet.de [87.123.247.131])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by exit0.net (Postfix) with ESMTPSA id B8F3F648043C
 for <openvpn-devel@lists.sourceforge.net>;
 Fri, 10 Mar 2023 06:08:19 +0100 (CET)
From: Heiko Hund <heiko@ist.eigentlich.net>
To: openvpn-devel@lists.sourceforge.net
Date: Fri, 10 Mar 2023 06:08:14 +0100
Message-Id: <20230310050814.67246-3-heiko@ist.eigentlich.net>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20230310050814.67246-1-heiko@ist.eigentlich.net>
References: <20230310050814.67246-1-heiko@ist.eigentlich.net>
MIME-Version: 1.0
X-Spam-Score: 0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: With the discovery that most of the time only one DNS
 server's
 settings can be applied on various systems, the priority value will likely
 serve no purpose most of the time. This is to make it optional to give a
 --dns server priority,
 for cases where you only specify one DNS server anyway.
 We keep the priority because it still serves the case where you want to
 override pu [...]
 Content analysis details:   (0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
 mail domains are different
X-Headers-End: 1paUzY-0039vz-CO
Subject: [Openvpn-devel] [PATCH 3/3] dns option: make server id/priority
 optional
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1759956116563029130?=
X-GMAIL-MSGID: =?utf-8?q?1759956116563029130?=

With the discovery that most of the time only one DNS server's settings
can be applied on various systems, the priority value will likely serve
no purpose most of the time.

This is to make it optional to give a --dns server priority, for cases
where you only specify one DNS server anyway. We keep the priority
because it still serves the case where you want to override pushed
server settings with local ones and when you run backends which do
support multiple server's settings like dnsmasq(8).

Change-Id: I1f97d8e5ae8f049d72db5c12ce627f601d87505c
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
---
 doc/man-sections/client-options.rst | 11 ++++----
 src/openvpn/dns.c                   |  9 +++++--
 src/openvpn/dns.h                   |  4 ++-
 src/openvpn/options.c               | 41 +++++++++++++++--------------
 4 files changed, 37 insertions(+), 28 deletions(-)

diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst
index 4555534e..df8ac433 100644
--- a/doc/man-sections/client-options.rst
+++ b/doc/man-sections/client-options.rst
@@ -168,11 +168,11 @@ configuration.
   ::
 
      dns search-domains domain [domain ...]
-     dns server n address addr[:port] [addr[:port] ...]
-     dns server n resolve-domains domain [domain ...]
-     dns server n dnssec yes|optional|no
-     dns server n transport DoH|DoT|plain
-     dns server n sni server-name
+     dns server [n] address addr[:port] [addr[:port] ...]
+     dns server [n] resolve-domains domain [domain ...]
+     dns server [n] dnssec yes|optional|no
+     dns server [n] transport DoH|DoT|plain
+     dns server [n] sni server-name
 
   The ``--dns search-domains`` directive takes one or more domain names
   to be added as DNS domain suffixes. If it is repeated multiple times within
@@ -180,6 +180,7 @@ configuration.
   a server will amend locally defined ones.
 
   The ``--dns server`` directive is used to configure DNS server ``n``.
+  If the ``n`` parameter is omitted the directive configures DNS server ``0``.
   The server id ``n`` must be a value between -128 and 127. For pushed
   DNS server options it must be between 0 and 127. The server id is used
   to group options and also for ordering the list of configured DNS servers;
diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
index 51fca2fb..5f5e06b6 100644
--- a/src/openvpn/dns.c
+++ b/src/openvpn/dns.c
@@ -159,13 +159,18 @@ dns_domain_list_append(struct dns_domain **entry, char **domains, struct gc_aren
 }
 
 bool
-dns_server_priority_parse(long *priority, const char *str, bool pulled)
+dns_server_priority_parse(long *priority, size_t *subidx, const char *str, bool pulled)
 {
     char *endptr;
     const long min = pulled ? 0 : INT8_MIN;
     const long max = INT8_MAX;
     long prio = strtol(str, &endptr, 10);
-    if (*endptr != '\0' || prio < min || prio > max)
+    if (endptr == str)
+    {
+        /* No priority found, str isn't numeric */
+        *subidx -= 1;
+    }
+    else if (*endptr != '\0' || prio < min || prio > max)
     {
         return false;
     }
diff --git a/src/openvpn/dns.h b/src/openvpn/dns.h
index e4978579..d0258f75 100644
--- a/src/openvpn/dns.h
+++ b/src/openvpn/dns.h
@@ -78,11 +78,13 @@ struct dns_options {
  * Parses a string DNS server priority and validates it.
  *
  * @param   priority    Pointer to where the priority should be stored
+ * @param   subidx      Pointer to the sub-option index, decremented if no
+ *                      priority value could be found
  * @param   str         Priority string to parse
  * @param   pulled      Whether this was pulled from a server
  * @return              True if priority in string is valid
  */
-bool dns_server_priority_parse(long *priority, const char *str, bool pulled);
+bool dns_server_priority_parse(long *priority, size_t *subidx, const char *str, bool pulled);
 
 /**
  * Find or create DNS server with priority in a linked list.
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 3e0cb62b..ea69ea7a 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -510,7 +510,7 @@ static const char usage_message[] =
     "                  ignore or reject causes the option to be allowed, removed or\n"
     "                  rejected with error. May be specified multiple times, and\n"
     "                  each filter is applied in the order of appearance.\n"
-    "--dns server <n> <option> <value> [value ...] : Configure option for DNS server #n\n"
+    "--dns server [n] <option> <value> [value ...] : Configure option for DNS server #n\n"
     "                  Valid options are :\n"
     "                  address <addr[:port]> [addr[:port] ...] : server addresses 4/6\n"
     "                  resolve-domains <domain> [domain ...] : split domains\n"
@@ -7997,10 +7997,11 @@ add_option(struct options *options,
         {
             dns_domain_list_append(&options->dns_options.search_domains, &p[2], &options->dns_options.gc);
         }
-        else if (streq(p[1], "server") && p[2] && p[3] && p[4])
+        else if (streq(p[1], "server") && p[2] && p[3])
         {
             long priority;
-            if (!dns_server_priority_parse(&priority, p[2], pull_mode))
+            size_t subcmd = 3; /* one after priority, if a priority was given */
+            if (!dns_server_priority_parse(&priority, &subcmd, p[2], pull_mode))
             {
                 msg(msglevel, "--dns server: invalid priority value '%s'", p[2]);
                 goto err;
@@ -8008,9 +8009,9 @@ add_option(struct options *options,
 
             struct dns_server *server = dns_server_get(&options->dns_options.servers, priority, &options->dns_options.gc);
 
-            if (streq(p[3], "address") && p[4])
+            if (streq(p[subcmd], "address") && p[subcmd + 1])
             {
-                for (int i = 4; p[i]; ++i)
+                for (int i = subcmd + 1; p[i]; ++i)
                 {
                     if (!dns_server_addr_parse(server, p[i]))
                     {
@@ -8019,57 +8020,57 @@ add_option(struct options *options,
                     }
                 }
             }
-            else if (streq(p[3], "resolve-domains"))
+            else if (streq(p[subcmd], "resolve-domains") && p[subcmd + 1])
             {
-                dns_domain_list_append(&server->domains, &p[4], &options->dns_options.gc);
+                dns_domain_list_append(&server->domains, &p[subcmd + 1], &options->dns_options.gc);
             }
-            else if (streq(p[3], "dnssec") && !p[5])
+            else if (streq(p[subcmd], "dnssec") && p[subcmd + 1] && !p[subcmd + 2])
             {
-                if (streq(p[4], "yes"))
+                if (streq(p[subcmd + 1], "yes"))
                 {
                     server->dnssec = DNS_SECURITY_YES;
                 }
-                else if (streq(p[4], "no"))
+                else if (streq(p[subcmd + 1], "no"))
                 {
                     server->dnssec = DNS_SECURITY_NO;
                 }
-                else if (streq(p[4], "optional"))
+                else if (streq(p[subcmd + 1], "optional"))
                 {
                     server->dnssec = DNS_SECURITY_OPTIONAL;
                 }
                 else
                 {
-                    msg(msglevel, "--dns server %ld: malformed dnssec value '%s'", priority, p[4]);
+                    msg(msglevel, "--dns server %ld: malformed dnssec value '%s'", priority, p[subcmd + 1]);
                     goto err;
                 }
             }
-            else if (streq(p[3], "transport") && !p[5])
+            else if (streq(p[subcmd], "transport") && p[subcmd + 1] && !p[subcmd + 2])
             {
-                if (streq(p[4], "plain"))
+                if (streq(p[subcmd + 1], "plain"))
                 {
                     server->transport = DNS_TRANSPORT_PLAIN;
                 }
-                else if (streq(p[4], "DoH"))
+                else if (streq(p[subcmd + 1], "DoH"))
                 {
                     server->transport = DNS_TRANSPORT_HTTPS;
                 }
-                else if (streq(p[4], "DoT"))
+                else if (streq(p[subcmd + 1], "DoT"))
                 {
                     server->transport = DNS_TRANSPORT_TLS;
                 }
                 else
                 {
-                    msg(msglevel, "--dns server %ld: malformed transport value '%s'", priority, p[4]);
+                    msg(msglevel, "--dns server %ld: malformed transport value '%s'", priority, p[subcmd + 1]);
                     goto err;
                 }
             }
-            else if (streq(p[3], "sni") && !p[5])
+            else if (streq(p[subcmd], "sni") && p[subcmd + 1] && !p[subcmd + 2])
             {
-                server->sni = p[4];
+                server->sni = p[subcmd + 1];
             }
             else
             {
-                msg(msglevel, "--dns server %ld: unknown option type '%s' or missing or unknown parameter", priority, p[3]);
+                msg(msglevel, "--dns server %ld: unknown option type '%s' or missing or unknown parameter", priority, p[subcmd]);
                 goto err;
             }
         }