[Openvpn-devel] Allow DNS autoconf by passing hostname by IV variables when using push-peer-info
| Message ID | CAJXQW9Vzf_ypQGSez8X96imiy2Hat0buoY2fp3gmsYs1EXdcpg@mail.gmail.com |
|---|---|
| State | Changes Requested |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id SKEhDjpzJmOgegAAIUCqbw (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Sat, 17 Sep 2022 21:24:10 -0400 Received: from proxy15.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id ENb3DTpzJmNBfAAAIcMcQg (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Sat, 17 Sep 2022 21:24:10 -0400 Received: from smtp29.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.ord1d.rsapps.net with LMTPS id CLbFDTpzJmO0RQAAAY1PeQ (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Sat, 17 Sep 2022 21:24:10 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp29.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 985a61f4-36f0-11ed-b13b-525400f257a9-1-1 Received: from [216.105.38.7] ([216.105.38.7:40100] helo=lists.sourceforge.net) by smtp29.gate.ord1d.rsapps.net (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9A/34-22057-93376236; Sat, 17 Sep 2022 21:24:10 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1oZj1l-0008Ae-KT; Sun, 18 Sep 2022 01:23:34 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <ricardo.manriquez@gmail.com>) id 1oZj1k-0008AY-EU for openvpn-devel@lists.sourceforge.net; Sun, 18 Sep 2022 01:23:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:To:Subject:Message-ID:Date:From: MIME-Version:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=sTzhLuFnPWKvHxbWsO2/r5lDIdyJgpT78rXoJ6gvcKg=; b=m+YkFKvvC6spFRc2pxeBGRbL4S 6n3BaYjiZI4Sr5aQdkxyTFark3ROaZ1a+ACHS5Ko38UKjs0QhAyAjlI8xP6a8xyOW2FN3xMG2Yfgh pTWWZL7DitJjngXQ8osZk8LBsbohkExfQw2mtjlbdXYG9dT4wb0FbXRFmbow/5ntNXeg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:To:Subject:Message-ID:Date:From:MIME-Version:Sender:Reply-To :Cc:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=sTzhLuFnPWKvHxbWsO2/r5lDIdyJgpT78rXoJ6gvcKg=; b=W anAs5u2tDmBdg+kfg/6aXHtCY1+CofEzVdzlAiT+FSsLwCR9botXEmkxNGYygTZN2XaK7Z4CFhHBv cUJCqQNY3XSw4PHojVr0VVt5bfAWs2pqVUy5S+s9N7rf1m77E/92lUXOpVJfPqDA8EnxJQSXSADcc fzXhRG8P7EeByU30=; Received: from mail-lj1-f173.google.com ([209.85.208.173]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1oZj1w-00Bk89-D1 for openvpn-devel@lists.sourceforge.net; Sun, 18 Sep 2022 01:23:32 +0000 Received: by mail-lj1-f173.google.com with SMTP id s10so29381166ljp.5 for <openvpn-devel@lists.sourceforge.net>; Sat, 17 Sep 2022 18:23:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date; bh=sTzhLuFnPWKvHxbWsO2/r5lDIdyJgpT78rXoJ6gvcKg=; b=JBSboSqy6dz+iqRKJKdBnfkwZ+nzWF3d5BiaaOj8/39R8ezAQssQVDSvbOKoooQL/t ajq+O2s4MoY7lQgXm4jP4tiPswbNFLKvLIWlGr5HlQr2zJvHj7APxDfYAsxHbXecbQKO 6auhpBvBlOFLj5tSmZOWxAZZqWUM6vAsdS2NsLyMcWBv6vcPRTbNamDzFxPco2XF5pJv uC7GodUobDbdrZ59/Wm7AC8VpoxUCUGyV3comNDHuLH82vFStx5HQCotGVLWLF5YH4mg yUVX2hsoGjLTZ6RXg+7Xl7l12vUYSD8VncLWAG8jRDSb5pc9X29yf2VmKvyOX9Ia9Nug GXOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date; bh=sTzhLuFnPWKvHxbWsO2/r5lDIdyJgpT78rXoJ6gvcKg=; b=f/prt/cIMbJLokGILdja3I6GkqcPQS/xizFuorEWbI5TD2Kx9RspItoIggSa9tpvum VAc1ohrcJB8tRAOXQBjrOZXZ1XKVOgIEwKc0gmPXHLm8WZUGCaXoUBUJ5HFSx9puGjlZ qGJBfV4chukAltK8e+tqB3U6EWAVm49Yg/NyZkQy4wO5j/UHebQLW20wyNm6PSmVsper ITLzJFcpRRjhkv8jkCYm0fscptc3JK5pWGWKtV6Gv4FgiTM+9mbM7lFT3EPMA/e1An4p isTQiLMgjTfdPyZWonTGRaSuo34d5kisRytSLAa5RvXrr6LKI/mjEsEslg+xNURk5nUM 3WsQ== X-Gm-Message-State: ACrzQf00vleSj3K0LVekdw7+7C/nevck36Pj8GBFTXreGQ+LMHrdcMVa rvgkeINufdswE62Pvwbi8Hrwtc9G1Vod64M2/D0geDpxF1o= X-Google-Smtp-Source: AMsMyM5wJapPXwwwQasMnEBpcL8/zvxdr0Mjk9ZqO9XimgSRNJtNe+iNomWkg7qoMu1UaaKMlTGYRACwfiWFOIZcJY0= X-Received: by 2002:a2e:8088:0:b0:26c:fab:2ee1 with SMTP id i8-20020a2e8088000000b0026c0fab2ee1mr3261370ljg.76.1663464205537; Sat, 17 Sep 2022 18:23:25 -0700 (PDT) MIME-Version: 1.0 From: Ricardo Manriquez <ricardo.manriquez@gmail.com> Date: Sun, 18 Sep 2022 10:23:14 +0900 Message-ID: <CAJXQW9Vzf_ypQGSez8X96imiy2Hat0buoY2fp3gmsYs1EXdcpg@mail.gmail.com> To: openvpn-devel@lists.sourceforge.net X-Spam-Report: =?unknown-8bit?q?Spam_detection_software=2C_running_on_the_sy?= =?unknown-8bit?q?stem_=22util-spamd-1=2Ev13=2Elw=2Esourceforge=2Ecom=22=2C?= =?unknown-8bit?q?_has_NOT_identified_this_incoming_email_as_spam=2E__The_ori?= =?unknown-8bit?q?ginal?= =?unknown-8bit?q?_message_has_been_attached_to_this_so_you_can_view_it_or_la?= =?unknown-8bit?q?bel?= =?unknown-8bit?q?_similar_future_email=2E__If_you_have_any_questions=2C_see?= =?unknown-8bit?q?_the_administrator_of_that_system_for_details=2E?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_Content_preview=3A__Author=3A_Ricardo_Manr=C3=ADquez_To_en?= =?unknown-8bit?q?able_the_possibility_of_DNS?= =?unknown-8bit?q?_autoconfiguration_the_IP_address_and_hostname_of_the_clien?= =?unknown-8bit?q?t_are_needed_to?= =?unknown-8bit?q?_register_at_the_DNS_level=2C_this_patch_adds_this_informat?= =?unknown-8bit?q?ion_when_using_push-peer-info=2E?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_Content_analysis_details=3A___=28-0=2E2_points=2C_6=2E0_re?= =?unknown-8bit?q?quired=29?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_pts_rule_name______________description?= =?unknown-8bit?q?_----_----------------------_------------------------------?= =?unknown-8bit?q?--------------------?= =?unknown-8bit?q?_-0=2E0_RCVD=5FIN=5FDNSWL=5FNONE_____RBL=3A_Sender_listed_a?= =?unknown-8bit?q?t_https=3A//www=2Ednswl=2Eorg/=2C?= =?unknown-8bit?q?_no_trust?= =?unknown-8bit?q?_=5B209=2E85=2E208=2E173_listed_in_list=2Ednswl=2Eorg=5D?= =?unknown-8bit?q?_0=2E0_FREEMAIL=5FFROM__________Sender_email_is_commonly_ab?= =?unknown-8bit?q?used_enduser_mail?= =?unknown-8bit?q?_provider?= =?unknown-8bit?b?IFtyaWNhcmRvLm1hbnJpcXVlelthdF1nbWFpbC5jb21d?= =?unknown-8bit?q?_0=2E0_SPF=5FHELO=5FNONE__________SPF=3A_HELO_does_not_publ?= =?unknown-8bit?q?ish_an_SPF_Record?= =?unknown-8bit?q?_-0=2E0_SPF=5FPASS_______________SPF=3A_sender_matches_SPF_?= =?unknown-8bit?q?record?= =?unknown-8bit?q?_0=2E0_HTML=5FMESSAGE___________BODY=3A_HTML_included_in_me?= =?unknown-8bit?q?ssage?= =?unknown-8bit?q?_-0=2E0_RCVD=5FIN=5FMSPIKE=5FH2______RBL=3A_Average_reputat?= =?unknown-8bit?q?ion_=28+2=29?= =?unknown-8bit?q?_=5B209=2E85=2E208=2E173_listed_in_wl=2Emailspike=2Enet=5D?= =?unknown-8bit?q?_0=2E1_DKIM=5FSIGNED____________Message_has_a_DKIM_or_DK_si?= =?unknown-8bit?q?gnature=2C_not_necessarily?= =?unknown-8bit?q?_valid?= =?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FEF__________Message_has_a_valid_DKIM?= =?unknown-8bit?q?_or_DK_signature_from?= =?unknown-8bit?q?_envelope-from_domain?= =?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FAU__________Message_has_a_valid_DKIM?= =?unknown-8bit?q?_or_DK_signature_from?= =?unknown-8bit?q?_author=27s_domain?= =?unknown-8bit?q?_-0=2E1_DKIM=5FVALID_____________Message_has_at_least_one_v?= =?unknown-8bit?q?alid_DKIM_or_DK_signature?= X-Headers-End: 1oZj1w-00Bk89-D1 Subject: [Openvpn-devel] [PATCH] Allow DNS autoconf by passing hostname by IV variables when using push-peer-info X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> Content-Type: multipart/mixed; boundary="===============6932511468904024800==" Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox |
| Series |
[Openvpn-devel] Allow DNS autoconf by passing hostname by IV variables when using push-peer-info
|
|
Commit Message
Ricardo Manriquez
Sept. 17, 2022, 3:23 p.m. UTC
Author: Ricardo Manríquez <ricardo.manriquez@gmail.com>
To enable the possibility of DNS autoconfiguration the IP address and
hostname of the client are needed to register at the DNS level, this patch
adds this information when using push-peer-info.
The motivation is that the domain name is as intrusive as the MAC address
and DNS autoconfiguration is helpful to be able to communicate back to the
clients, this generates a problem when the client connects to the network
directly and then uses the VPN connection, now the DNS records do not match
and when using remote assistance or remote management tools the benefits of
DNS are negated.
Signed-off-by: Ricardo Manríquez <ricardo.manriquez@gmail.com>
---
src/openvpn/ssl.c | 5 +++++
1 file changed, 5 insertions(+)
#if defined(_WIN32)
buf_printf(&out, "IV_PLAT_VER=%s\n",
win32_version_string(&gc, false));
Comments
Hi, On Sun, Sep 18, 2022 at 10:23:14AM +0900, Ricardo Manriquez wrote: > + > + char hostname[64]; > + gethostname(hostname, 63); > + buf_printf(&out, "IV_HOSTNAME=%s\n", hostname ); Without entering the discussion if this is a useful addition, the implementation definitely lacks error handling - gethostname() can fail, and then we have an unintialized buffer passed to buf_printf(). gert
Am 18.09.2022 um 03:23 schrieb Ricardo Manriquez: > Author: Ricardo Manríquez <ricardo.manriquez@gmail.com> > > To enable the possibility of DNS autoconfiguration the IP address and > hostname of the client are needed to register at the DNS level, this > patch adds this information when using push-peer-info. > > The motivation is that the domain name is as intrusive as the MAC > address and DNS autoconfiguration is helpful to be able to communicate > back to the clients, this generates a problem when the client connects > to the network directly and then uses the VPN connection, now the DNS > records do not match and when using remote assistance or remote > management tools the benefits of DNS are negated. Could you expain why this needs to be in OpenVPN itself and cannot be done with something like starting openvpn with an additional parameter like --setenv UV_HOSTNAME "$(hostname)" or derived from another parameter/variable from the client like CN, username etc? Space in the packet carrying IV_/UV_ variables is already limited and I am not sure if spending another 64 for the hostname is a good thing. > --- > src/openvpn/ssl.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c > index 80e0d5acb4..3031566585 100644 > --- a/src/openvpn/ssl.c > +++ b/src/openvpn/ssl.c > @@ -2321,6 +2321,11 @@ push_peer_info(struct buffer *buf, struct tls_session *session) > { > buf_printf(&out, "IV_HWADDR=%s\n", format_hex_ex(rgi.hwaddr, 6, 0, 1, ":", &gc)); > } > + > + char hostname[64]; > + gethostname(hostname, 63); > + buf_printf(&out, "IV_HOSTNAME=%s\n", hostname ); Isn't there a MAX_HOSTNAME define or similar instead of hardcoding 64 here? The handling of the string of hostname is not very well here. The man page of the function (gethostname(2) - Linux manual page (man7.org) <https://man7.org/linux/man-pages/man2/sethostname.2.html>) says null termination is not guaranteed for long hostnames. > + > buf_printf(&out, "IV_SSL=%s\n", get_ssl_library_version() ); > #if defined(_WIN32) > buf_printf(&out, "IV_PLAT_VER=%s\n", win32_version_string(&gc, false)); > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 80e0d5acb4..3031566585 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2321,6 +2321,11 @@ push_peer_info(struct buffer *buf, struct tls_session *session) { buf_printf(&out, "IV_HWADDR=%s\n", format_hex_ex(rgi.hwaddr, 6, 0, 1, ":", &gc)); } + + char hostname[64]; + gethostname(hostname, 63); + buf_printf(&out, "IV_HOSTNAME=%s\n", hostname ); + buf_printf(&out, "IV_SSL=%s\n", get_ssl_library_version() );