From patchwork Thu May 26 15:24:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heiko Hund X-Patchwork-Id: 2494 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id EFi/BcIokGLGRgAAqwncew (envelope-from ) for ; Thu, 26 May 2022 21:26:26 -0400 Received: from proxy19.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id eLEQJcIokGLANgAAeJ7fFg (envelope-from ) for ; Thu, 26 May 2022 21:26:26 -0400 Received: from smtp25.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.ord1d.rsapps.net with LMTPS id YCTAJMIokGKQVAAAyH2SIw (envelope-from ) for ; Thu, 26 May 2022 21:26:26 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp25.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=ist.eigentlich.net X-Suspicious-Flag: YES X-Classification-ID: 05ed3578-dd5c-11ec-aede-b8ca3a673c88-1-1 Received: from [216.105.38.7] ([216.105.38.7:48270] helo=lists.sourceforge.net) by smtp25.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CA/74-03477-1C820926; Thu, 26 May 2022 21:26:25 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nuOjE-0005M8-Hh; Fri, 27 May 2022 01:25:23 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nuOjC-0005Lw-QG for openvpn-devel@lists.sourceforge.net; Fri, 27 May 2022 01:25:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=9xdYWWzrPdNJ2v8zuKb7JVc3aBYDBxxCmz+M8HAEgNc=; b=X5c/cTWSndJ+kI66BiBfXJePFO gHNeuLqsslBirjKafOpkSPimZIuZ7OKLY4kQSscTIC46DKLif4iD59RhS7d2OTtIxZsAho6/iT/Dq ei2pR3qkndlHZx8xlQAX0f7y559Gy2svPXcy/wjZA9Z5N4OK9KhKnCrDmiq94l7r0Qmg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=9xdYWWzrPdNJ2v8zuKb7JVc3aBYDBxxCmz+M8HAEgNc=; b=mzQT8mJo6RE0MO9UFKLHhJXwm8 +u0c3+KgiXmmAhexq7GMoq3jXTXmzie1LifWGbDO43kytPnIaumipRg+pybv8OMkueai0xg/GFvpn 92I9R0j36eokwEFW2SFTC8YfNuNdszNTzMFfnJYbNlAF+Zgr1z2LRRJ/NwO2F2t7gZlQ=; Received: from exit0.net ([85.25.119.185]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nuOj7-00037c-0W for openvpn-devel@lists.sourceforge.net; Fri, 27 May 2022 01:25:21 +0000 Received: from coruscant.fritz.box (unknown [87.123.247.142]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by exit0.net (Postfix) with ESMTPSA id 21E5C6480279 for ; Fri, 27 May 2022 03:25:08 +0200 (CEST) From: Heiko Hund To: openvpn-devel@lists.sourceforge.net Date: Fri, 27 May 2022 03:24:57 +0200 Message-Id: <20220527012457.1819262-5-heiko@ist.eigentlich.net> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220527012457.1819262-1-heiko@ist.eigentlich.net> References: <20220527012457.1819262-1-heiko@ist.eigentlich.net> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Override DNS related foreign_options with values set by the --dns option. This is done, so that scripts looking for these options continue to work if only --dns option were pushed, or the values in th [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1nuOj7-00037c-0W Subject: [Openvpn-devel] [PATCH 4/4] dns: also (re)place foreign dhcp options in env X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Override DNS related foreign_options with values set by the --dns option. This is done, so that scripts looking for these options continue to work if only --dns option were pushed, or the values in the --dhcp-options differ fron what's pushed in --dns. Signed-off-by: Heiko Hund Acked-By: Frank Lichtenheld --- src/openvpn/openvpn.c | 2 +- src/openvpn/options.c | 88 ++++++++++++++++++++++++++++++++++++++++--- src/openvpn/options.h | 2 +- 3 files changed, 85 insertions(+), 7 deletions(-) diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index a6389fed..15e21452 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -248,7 +248,7 @@ openvpn_main(int argc, char *argv[]) } /* sanity check on options */ - options_postprocess(&c.options); + options_postprocess(&c.options, c.es); /* show all option settings */ show_settings(&c.options); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9a0634a5..750444fe 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1381,6 +1381,80 @@ tuntap_options_copy_dns(struct options *o) } } } +#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */ +static void +foreign_options_copy_dns(struct options *o, struct env_set *es) +{ + const struct dns_domain *domain = o->dns_options.search_domains; + const struct dns_server *server = o->dns_options.servers; + if (!domain && !server) + { + return; + } + + /* reset the index since we're starting all over again */ + int opt_max = o->foreign_option_index; + o->foreign_option_index = 0; + + for (int i = 1; i <= opt_max; ++i) + { + char name[32]; + openvpn_snprintf(name, sizeof(name), "foreign_option_%d", i); + + const char *env_str = env_set_get(es, name); + const char *value = strchr(env_str, '=') + 1; + if ((domain && strstr(value, "dhcp-option DOMAIN-SEARCH") == value) + || (server && strstr(value, "dhcp-option DNS") == value)) + { + setenv_del(es, name); + } + else + { + setenv_foreign_option(o, &value, 1, es); + } + } + + struct gc_arena gc = gc_new(); + + while (server) + { + if (server->addr4_defined) + { + const char *argv[] = { + "dhcp-option", + "DNS", + print_in_addr_t(server->addr4.s_addr, 0, &gc) + }; + setenv_foreign_option(o, argv, 3, es); + } + if (server->addr6_defined) + { + const char *argv[] = { + "dhcp-option", + "DNS6", + print_in6_addr(server->addr6, 0, &gc) + }; + setenv_foreign_option(o, argv, 3, es); + } + server = server->next; + } + while (domain) + { + const char *argv[] = { "dhcp-option", "DOMAIN-SEARCH", domain->name }; + setenv_foreign_option(o, argv, 3, es); + domain = domain->next; + } + + gc_free(&gc); + + /* remove old leftover entries */ + while (o->foreign_option_index < opt_max) + { + char name[32]; + openvpn_snprintf(name, sizeof(name), "foreign_option_%d", opt_max--); + setenv_del(es, name); + } +} #endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ #ifndef ENABLE_SMALL @@ -3368,7 +3442,7 @@ options_set_backwards_compatible_options(struct options *o) } static void -options_postprocess_mutate(struct options *o) +options_postprocess_mutate(struct options *o, struct env_set *es) { int i; /* @@ -3462,12 +3536,14 @@ options_postprocess_mutate(struct options *o) { dns_options_preprocess_pull(&o->dns_options); } -#if defined(_WIN32) || defined(TARGET_ANDROID) else { +#if defined(_WIN32) || defined(TARGET_ANDROID) tuntap_options_copy_dns(o); - } +#else + foreign_options_copy_dns(o, es); #endif + } pre_connect_save(o); } @@ -3803,9 +3879,9 @@ options_postprocess_filechecks(struct options *options) * options. */ void -options_postprocess(struct options *options) +options_postprocess(struct options *options, struct env_set *es) { - options_postprocess_mutate(options); + options_postprocess_mutate(options, es); options_postprocess_verify(options); #ifndef ENABLE_SMALL options_postprocess_filechecks(options); @@ -3826,6 +3902,8 @@ options_postprocess_pull(struct options *o, struct env_set *es) setenv_dns_options(&o->dns_options, es); #if defined(_WIN32) || defined(TARGET_ANDROID) tuntap_options_copy_dns(o); +#else + foreign_options_copy_dns(o, es); #endif } return success; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index c2937dc3..0e50c19e 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -813,7 +813,7 @@ char *options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc); -void options_postprocess(struct options *options); +void options_postprocess(struct options *options, struct env_set *es); bool options_postprocess_pull(struct options *o, struct env_set *es);