From patchwork Wed Aug 2 11:52:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Merten Fermont X-Patchwork-Id: 3312 X-Patchwork-Delegate: davids@openvpn.net Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:370e:b0:d7:3b0f:3938 with SMTP id jv14csp498571dyb; Wed, 2 Aug 2023 04:53:22 -0700 (PDT) X-Google-Smtp-Source: APBJJlGXI5KPugMC3AlgiUlowp5chxH+VFxN9C5gSOPw3XHKH7fW10mD6nSg50E3n+/Of8jMehLf X-Received: by 2002:a05:6a20:2c98:b0:137:8599:691e with SMTP id g24-20020a056a202c9800b001378599691emr14446121pzj.49.1690977202068; Wed, 02 Aug 2023 04:53:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690977202; cv=none; d=google.com; s=arc-20160816; b=O8bJoYAS9nAfXHpNjojJ/GGM/e++e8EqTKlBAHmlFyBYAUBTpWgaYVsODL3CRXAz41 yArG9Aav/tkUAftdxaT9zuqT/3eMtePxZuuKRl2bDiFviwAaJc2bHMqLH2j+0HoPErAj QHHQaUhJ7FfqGc8xIVqNgzxVBAV19J7eHhN+3d14eZeeCT7ocZBl/PRY0gcm8gon/CBK ThECfjVhp1XhwsyFK8uHg4PxidXuENEaAXy0SxH15T7Q1P13HNkFtbOblNc0xDyUZ/E0 qQrMh/mbTIJmojjf6OYSbjvEuink91y06dwCS5nCJ6z7fINHkhCfUUipfcCTlARsRktL DQEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=fS/6aECIeJEoxBK/4HGWt85Dk0Zb0jnpVqikfgfANSY=; fh=KE3yUXVNZa498OzucsxRY+t0SgLs9kudBTuxhseS6Go=; b=kGZGCYgXLaEwR0A99/qVXG/JHpre7GealZIifciT4QtkyXpCJNEazZxKzsYQMf4civ UPTNEtRC8QyE/vsAOYquY/IcxeTVt9Zp/gvlq84txfY0SCwieS8fzvZwgQATIF4JoSHc So1EKz5JZAujvdLvlEXhSMwE+xyoFnzNvRRpZRg3ts5QUoSSjpwPvJfqiAevxFFflGtE EdyozLTOuBbdDgF5StYvhHL6xZF1TXnb9n9N3o5NRhdqiICF5JxPDSrHcGfMSwno60Lw 1Pu4rkpXJqfMoE0lpS+T8C5l/rOV4xxr0HBqxJLvKgwhDQM/gZ9CXfyvqM1rnKi+4HrL Umkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=RxJAdPqR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=az5ZKMnI; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=ouNTcVVF; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id x64-20020a638643000000b00563fce1544dsi10567634pgd.460.2023.08.02.04.53.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Aug 2023 04:53:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=RxJAdPqR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=az5ZKMnI; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=ouNTcVVF; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1qRAOy-0004ee-Jl; Wed, 02 Aug 2023 11:52:29 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qRAOx-0004eX-97 for openvpn-devel@lists.sourceforge.net; Wed, 02 Aug 2023 11:52:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=SbMrYiRp9WW2mIqUCkt1Izn/9ESWFVm1MxauUOKd7rY=; b=RxJAdPqRLe1kzGzCDwESs4up1E gRSNEMpzlOpoJE+s8m3ZkWL6VB34W6r1UkeGqExfva2zeompuztE8I8bLTkOAwKBAIH7LTSpT/p0l OwsLlMxGIZl32TAuXwshTrGyH7HV/8u8/DgZqqeX9Oajo9l35RlyXZFu2DlyO4SjAwhU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=SbMrYiRp9WW2mIqUCkt1Izn/9ESWFVm1MxauUOKd7rY=; b=az5ZKMnIT2CK9eMX8m5pzzfVdW eSL37OxZmGt+Beac8oCtnDQSEP2B2iYJg2W53QjQb8YvirFWF2z/wV4Mdhs0tKXrqHiIFBBCzeE/T IM1d2enKRSQMPNHheTNSFwStJdFc7a0tl4o6Cr+pOhlDoDtmeMoCgajz+gxVA9JNzLS4=; Received: from mail-wm1-f49.google.com ([209.85.128.49]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1qRAOx-00068C-MX for openvpn-devel@lists.sourceforge.net; Wed, 02 Aug 2023 11:52:28 +0000 Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-3fe12baec61so42394515e9.2 for ; Wed, 02 Aug 2023 04:52:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690977141; x=1691581941; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SbMrYiRp9WW2mIqUCkt1Izn/9ESWFVm1MxauUOKd7rY=; b=ouNTcVVFlTsd+0TxBM0qLq4fgvkzHlJS/frMmsW8UVQuIY/TxbvUqR+zc6GXcdPwsq ZFvcxBfvHlr03zJTH9k8irb8U9rWX595NBaJ/es+R2S1Iy8hGfY4fhM6cjNYwneiM9kQ aTTIPHBk5YD6BVOPBN2dN9kUYljLmrUmh/D3aHkaPa03ByGcBCEFlvtVW4xXNeM8SQS3 Ujyp9XPi337LAmmB/7D1wu0/ktzuG+VUuvUWUifpr+XlIKmszGrnMr6xS7mjYVT4lNd4 f05agB4j0uQpL9ZobDkM1UumyY9mOVXgJT68m0bdzU/qHF3/p3/z9+Bpl9lx1kl5xmLI dsmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690977141; x=1691581941; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SbMrYiRp9WW2mIqUCkt1Izn/9ESWFVm1MxauUOKd7rY=; b=AxlU20MuWFddzbnZ9jh9bAW2iX2INDvlZOEB+k6R8JRz8duhbEks+6mO3NcoHkMVC2 19UGMFuGJOt6HLJp6i7UFjub9MlIJoN2e4XHunr4Od6Y692DKTSUmUNxRm6bRummPI/E 1QzZniNXZLshbT/sPQjFsWU8hIE4pQ79Q4aeVleFtt6PKoc6qPSP/aRUki34xt77ExIh 4cvdwa0ArskMxZb16WmAX6kKm6T2+S4GxobshtNKBHFqrEoFceGPdoLlJCKcBoAk30uW KuXQXDoeyBJwmqbDNneDhqNQbQYLNkxivY/xHc8fCltyfdzU90oKZgeK7nO9HlNQbkrf ukBQ== X-Gm-Message-State: ABy/qLZ8E4rXL5lLPMMZj1IMDzD+VzWpTMNEbhzsFGCLWMVwKWaH+DCR D8cynFwsn12j36PG8KSaUCJozUBT0pty9Q== X-Received: by 2002:a05:600c:21c2:b0:3fc:4:a5b5 with SMTP id x2-20020a05600c21c200b003fc0004a5b5mr4586206wmj.29.1690977140662; Wed, 02 Aug 2023 04:52:20 -0700 (PDT) Received: from mertenpc.core.nias.one (mx2.axsguard.com. [212.123.8.82]) by smtp.gmail.com with ESMTPSA id n1-20020a05600c4f8100b003fe15ac0934sm8471522wmq.1.2023.08.02.04.52.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 04:52:20 -0700 (PDT) From: merten.fermont@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 2 Aug 2023 13:52:12 +0200 Message-ID: <20230802115212.25000-1-merten.fermont@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <7e3baf77.AWYAACLanAUAAAAAAAAAAWpzJVQAAYCsnhYAAAAAABXTlQBkyU1m@mailjet.com> References: <7e3baf77.AWYAACLanAUAAAAAAAAAAWpzJVQAAYCsnhYAAAAAABXTlQBkyU1m@mailjet.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Merten Fermont Require 'client' or 'tls-client'+'pull' to be declared in the config. To prevent other errors, 'client' option is added when 'tls-client' and 'pull' are both declared. Fixes error that --pull is a unknown option. --- openvpn/client/cliopt.hpp | 1 - openvpn/client/cliopthelper.hpp | 11 ++++++++++- openvpn/common/options.hpp | 4 ++-- 3 files changed, 12 insertions(+), [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [merten.fermont[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.49 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.49 listed in list.dnswl.org] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1qRAOx-00068C-MX Subject: [Openvpn-devel] [PATCH] Check for client options X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1773118110268439606?= X-GMAIL-MSGID: =?utf-8?q?1773118110268439606?= From: Merten Fermont Require 'client' or 'tls-client'+'pull' to be declared in the config. To prevent other errors, 'client' option is added when 'tls-client' and 'pull' are both declared. Fixes error that --pull is a unknown option. --- openvpn/client/cliopt.hpp | 1 - openvpn/client/cliopthelper.hpp | 11 ++++++++++- openvpn/common/options.hpp | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/openvpn/client/cliopt.hpp b/openvpn/client/cliopt.hpp index 431791f3..ce2e84cc 100644 --- a/openvpn/client/cliopt.hpp +++ b/openvpn/client/cliopt.hpp @@ -802,7 +802,6 @@ class ClientOptions : public RC "replay-persist", /* Makes little sense in TLS mode */ "script-security", "sndbuf", - "tls-client", /* Always enabled */ "tmp-dir", "tun-ipv6", /* ignored in v2 as well */ "txqueuelen", /* so platforms evaluate that in tun, some do not, do not warn about that */ diff --git a/openvpn/client/cliopthelper.hpp b/openvpn/client/cliopthelper.hpp index 95aa6664..ad3b4445 100644 --- a/openvpn/client/cliopthelper.hpp +++ b/openvpn/client/cliopthelper.hpp @@ -367,13 +367,22 @@ class ParseClientConfig bool added = false; // client - if (!options.exists("client")) + if (options.exists("client")) + { + options.touch("tls-client", true); + options.touch("pull", true); + } + else if (options.exists("tls-client") && options.exists("pull")) { Option opt; opt.push_back("client"); options.push_back(std::move(opt)); added = true; } + else + { + throw option_error("No 'client' or 'tls-client'+'pull' directive declared. Other roles are not supported."); + } // dev if (!options.exists("dev")) diff --git a/openvpn/common/options.hpp b/openvpn/common/options.hpp index d594c41a..a813647e 100644 --- a/openvpn/common/options.hpp +++ b/openvpn/common/options.hpp @@ -1460,11 +1460,11 @@ class OptionList : public std::vector