From patchwork Tue Aug 16 21:59:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2691 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.8]) by backend30.mail.ord1d.rsapps.net with LMTP id UBbiL9Ml/mJANQAAIUCqbw (envelope-from ) for ; Thu, 18 Aug 2022 07:43:15 -0400 Received: from proxy21.mail.iad3a.rsapps.net ([172.27.255.8]) by director7.mail.ord1d.rsapps.net with LMTP id wOiuL9Ml/mKXJQAAovjBpQ (envelope-from ) for ; Thu, 18 Aug 2022 07:43:15 -0400 Received: from smtp53.gate.iad3a ([172.27.255.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy21.mail.iad3a.rsapps.net with LMTPS id eFd+KtMl/mKPOgAASBQwCQ (envelope-from ) for ; Thu, 18 Aug 2022 07:43:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: patchwork@openvpn.net X-Originating-Ip: [192.26.174.232] Authentication-Results: smtp53.gate.iad3a.rsapps.net; iprev=pass policy.iprev="192.26.174.232"; spf=pass smtp.mailfrom="arne@rfc2549.org" smtp.helo="mail.blinkt.de"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: NO X-Classification-ID: a1c6b972-1eea-11ed-b120-5254009c3572-1-1 Received: from [192.26.174.232] ([192.26.174.232:47978] helo=mail.blinkt.de) by smtp53.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id EE/0B-12814-D452EF26; Thu, 18 Aug 2022 07:41:01 -0400 Received: from [195.70.183.100] (helo=[192.168.12.111]) by mail.blinkt.de with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oOdtU-0000SH-07 for patchwork@openvpn.net; Thu, 18 Aug 2022 13:41:00 +0200 Resent-From: Arne Schwabe Resent-To: patchwork@openvpn.net Resent-Date: Thu, 18 Aug 2022 13:40:58 +0200 Resent-Message-ID: Received: from mail.blinkt.de ([unix socket]) by mail.blinkt.de (Cyrus 3.4.4) with LMTPA; Wed, 17 Aug 2022 10:00:55 +0200 X-Cyrus-Session-Id: mail.blinkt.de-1660723255-72383-1-6315116702661309718 X-Sieve: CMU Sieve 3.0 Received: from lists.sourceforge.net ([216.105.38.7]) by mail.blinkt.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oODyw-000Ipw-7J for arne@rfc2549.org; Wed, 17 Aug 2022 10:00:55 +0200 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oODxj-0003PV-HA; Wed, 17 Aug 2022 07:59:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oODxh-0003PP-Qy for openvpn-devel@lists.sourceforge.net; Wed, 17 Aug 2022 07:59:37 +0000 Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oODxg-0002g7-EE for openvpn-devel@lists.sourceforge.net; Wed, 17 Aug 2022 07:59:37 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oODxV-000Ip0-8s for openvpn-devel@lists.sourceforge.net; Wed, 17 Aug 2022 09:59:25 +0200 Received: (nullmailer pid 815230 invoked by uid 10006); Wed, 17 Aug 2022 07:59:25 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 17 Aug 2022 09:59:25 +0200 Message-Id: <20220817075925.815184-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Headers-End: 1oODxg-0002g7-EE Subject: [Openvpn-devel] [PATCH] Rename OPT_P_IPWIN32 to OPT_P_DHCPDNS and include --dns in it X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-Spam-Bar: + X-getmail-retrieved-from-mailbox: Inbox The dns options are very similar to dhcp-option and should fall under the same option mask. For that rename the OPT_P_IPWIN32 mask to OPT_P_DHCPDNS and include dns in it. This effects currently route-nopull which block all host side network/dns configuration but did not block the new dns option. Acked-by: Gert Doering --- src/openvpn/init.c | 4 ++-- src/openvpn/options.c | 20 ++++++++++---------- src/openvpn/options.h | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 4d4c71923..05c2ee9bc 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2271,7 +2271,7 @@ pull_permission_mask(const struct context *c) if (!c->options.route_nopull) { - flags |= (OPT_P_ROUTE | OPT_P_IPWIN32); + flags |= (OPT_P_ROUTE | OPT_P_DHCPDNS); } return flags; @@ -2395,7 +2395,7 @@ do_deferred_options(struct context *c, const unsigned int found) { msg(D_PUSH, "OPTIONS IMPORT: route-related options modified"); } - if (found & OPT_P_IPWIN32) + if (found & OPT_P_DHCPDNS) { msg(D_PUSH, "OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified"); } diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 14cb4cc4e..bd6db8262 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -226,7 +226,7 @@ static const char usage_message[] = "--route-noexec : Don't add routes automatically. Instead pass routes to\n" " --route-up script using environmental variables.\n" "--route-nopull : When used with --client or --pull, accept options pushed\n" - " by server EXCEPT for routes and dhcp options.\n" + " by server EXCEPT for routes, dns, and dhcp options.\n" "--allow-pull-fqdn : Allow client to pull DNS names from server for\n" " --ifconfig, --route, and --route-gateway.\n" "--redirect-gateway [flags]: Automatically execute routing\n" @@ -7744,7 +7744,7 @@ add_option(struct options *options, const int index = ascii2ipset(p[1]); struct tuntap_options *to = &options->tuntap_options; - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); if (index < 0) { @@ -7798,7 +7798,7 @@ add_option(struct options *options, #endif /* ifdef _WIN32 */ else if (streq(p[0], "dns") && p[1]) { - VERIFY_PERMISSION(OPT_P_DEFAULT); + VERIFY_PERMISSION(OPT_P_DHCPDNS); if (streq(p[1], "search-domains") && p[2]) { @@ -7906,7 +7906,7 @@ add_option(struct options *options, else if (streq(p[0], "dhcp-option") && p[1]) { struct tuntap_options *o = &options->tuntap_options; - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); bool ipv6dns = false; if ((streq(p[1], "DOMAIN") || streq(p[1], "ADAPTER_DOMAIN_SUFFIX")) @@ -8014,7 +8014,7 @@ add_option(struct options *options, else if (streq(p[0], "tap-sleep") && p[1] && !p[2]) { int s; - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); s = atoi(p[1]); if (s < 0 || s >= 256) { @@ -8025,12 +8025,12 @@ add_option(struct options *options, } else if (streq(p[0], "dhcp-renew") && !p[1]) { - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); options->tuntap_options.dhcp_renew = true; } else if (streq(p[0], "dhcp-pre-release") && !p[1]) { - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); options->tuntap_options.dhcp_pre_release = true; options->tuntap_options.dhcp_renew = true; } @@ -8057,12 +8057,12 @@ add_option(struct options *options, } else if (streq(p[0], "register-dns") && !p[1]) { - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); options->tuntap_options.register_dns = true; } else if (streq(p[0], "block-outside-dns") && !p[1]) { - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); options->block_outside_dns = true; } else if (streq(p[0], "rdns-internal") && !p[1]) @@ -8130,7 +8130,7 @@ add_option(struct options *options, } else if (streq(p[0], "dhcp-option") && p[1] && !p[3]) { - VERIFY_PERMISSION(OPT_P_IPWIN32); + VERIFY_PERMISSION(OPT_P_DHCPDNS); setenv_foreign_option(options, (const char **)p, 3, es); } else if (streq(p[0], "route-method") && p[1] && !p[2]) /* ignore when pushed to non-Windows OS */ diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 212f4b05d..83c97ded1 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -691,7 +691,7 @@ struct options #define OPT_P_GENERAL (1<<0) #define OPT_P_UP (1<<1) #define OPT_P_ROUTE (1<<2) -#define OPT_P_IPWIN32 (1<<3) +#define OPT_P_DHCPDNS (1<<3) /* includes ip windows options like */ #define OPT_P_SCRIPT (1<<4) #define OPT_P_SETENV (1<<5) #define OPT_P_SHAPER (1<<6)