From patchwork Thu Dec 12 07:47:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 3993 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:750c:b0:5e7:b9eb:58e8 with SMTP id r12csp1399831mai; Wed, 11 Dec 2024 23:48:11 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWBoLs7zX+9rndEC2DEhDaMnlHO69tHimozQdBhIJc8wRWMIjpuB83UzE8yOhTQNp2xEVS9zrMTt0o=@openvpn.net X-Google-Smtp-Source: AGHT+IEc2vsEDZf6IkhI+SLfN3+9Stnm8gFvTanVUlImXykSE+SQXNx17N5+A1EyHpwT0u9T0Sod X-Received: by 2002:a05:6808:3d7:b0:3eb:6e12:add6 with SMTP id 5614622812f47-3eb85d2f395mr2978482b6e.31.1733989691102; Wed, 11 Dec 2024 23:48:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1733989691; cv=none; d=google.com; s=arc-20240605; b=gp+q0EyWDE+34cHGjUgYeSC3W9mT5yMVkiJf3SP02bly+Tn/9eRpbuEo/Rauyk7VsF Ok09I3kQMhP13/eQfKCLpSA3jYZvpcyNEeu4errllZC8NhHN65/MJKEJydAPW487zUbA 233bC5raHZRfs/h2yT0Yd1Kxlb1PgzV8S7SWodoWvXoOAmOsJqswefiHgPZ9fLYTIAqi OpgG6Zo4nrstWfMRC6K0D1pbrN5adcPDBMEQmoiOfBOpmHwN73p6RDppgtsDNu7lIUfi U7pHq/URQJ9OW9KFHS5LOXLWKNp+Ljmm6fVVYvicWY+8d+FiNml85lQRejwen1GpqH50 avSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=qu3OjQzlmcDE24kP83IpvuZjPkISxAV7xarUy9hEelE=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=I5bOBdHIBa98itdLA1bv/83Xw47nPswfscqYJHi5OQNVPoCrQ7AgKogRrewsnyoXmx MBmQ1U4ONnxXk1xf77QKKTHVGNQjriEGi5a/u3sbXd8YhHZ+nCUSAMKc9fZxNJY/IwSS u8NatSKHSLsbCGD8G6HMXIy/s4yUB4u80VC1VbAYTU8rslBMYNeXgsGVpcZMA0EcLdRA AJjpheQFHJ41/lSLuD/ANnYJhB+fO1Z2kC+j6VDun7fsQUgIFdghwThK5IKPcTz0j9bJ ktqde4nDldsy0eM4u60oU+u9QWHpOwPN3nSGN3fhvxK9f7dQwUVLbKnrHGqAevOfoJPO PVBg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OgHXd+gO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PfKe5+OY; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=dEkYUzHA; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3eb8d0e4bb1si1472963b6e.253.2024.12.11.23.48.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Dec 2024 23:48:11 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=OgHXd+gO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PfKe5+OY; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=dEkYUzHA; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tLdvb-0001kT-PD; Thu, 12 Dec 2024 07:48:07 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tLdvZ-0001jz-8q for openvpn-devel@lists.sourceforge.net; Thu, 12 Dec 2024 07:48:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=K/3mVdUAcJJQmg/RfWsHK8NGlq8wo+aJwxnHZr4iwVU=; b=OgHXd+gOuK8+TP12VSmW182E7+ 3hWLoD+H5J9Lo+y7ll/C03tqvfrfPlStV/1O2+EL5o5Sd5rqA4dDeHNaRHQ+t9+PyZAvLvm7uiII2 eH5lwf7zMT5Eh1nnvtKF5EmyDRM8qdCUddp9/0bny9PH4BTqXCG22xMW6zKst7RF1d94=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=K/3mVdUAcJJQmg/RfWsHK8NGlq8wo+aJwxnHZr4iwVU=; b=P fKe5+OYVzca9gBhf4cwIr7TmUbKoQhRtdcDyPjYXx5qMDMdkwGUeSCB0x+LpgzSmZInBYrxx5EFLe EsmB/Ivx+ns5fk3XvOPDRUP0d8wEuYl7NuGIgGM3qYLFJaXI/NBHhu4pviKP2ggixqCr++78lHcZ+ qgwcNxWTlfsv31dU=; Received: from mail-wm1-f46.google.com ([209.85.128.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tLdvX-00065M-AF for openvpn-devel@lists.sourceforge.net; Thu, 12 Dec 2024 07:48:05 +0000 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-434a852bb6eso2760695e9.3 for ; Wed, 11 Dec 2024 23:48:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1733989672; x=1734594472; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=K/3mVdUAcJJQmg/RfWsHK8NGlq8wo+aJwxnHZr4iwVU=; b=dEkYUzHApq8v2t2qrWLWnoUSPVO6acLCZzaQmmNXDtZTHlDSegBaJzH4BqTPDBSvZv DqzO8naUR73RLDCM0qALg7i5H3IuetbuQSa+o9fNLaDTT5Kr1OOoBM9DHDoH5mYzr/VY bOtW+eJfw8JGpcIkfScZwnYgnQ7Puyr49vXqWplU8Mz2S8qPq4oPmiDrnNxb7nJF+eO/ UrkEcKtaajrSKIxcUc6uMdBkD3x8NenkSn2v0mBMQbmOeM99B3CgDInigcmdhoZ5LvxF wngLqIzYGE6j3uf+a3SYwp8Tz4B+1GCiErdpGO5QFqwRoMPAN9XXkqgL9IAFezhkvV4v IwNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733989672; x=1734594472; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=K/3mVdUAcJJQmg/RfWsHK8NGlq8wo+aJwxnHZr4iwVU=; b=ZOpODx0+LXrqAFyTx7QCSh0YMSysoypBic3u2ziLcHYMCzRtzaIyvLWkoRG+Qw5OVf VTPHvxWwiXnN3H01HLQuxy3f2Nfb5Y6bm0e19GBBh7qZlvIchi5CvQ3J3flVDhuDcIuc x06VQohJqbphapJ1L9pAbn2FE9r3FhOLEieVKoqzRrGChrVI4DC5XAJz6hgJzncTWSSo As2wp743VMTkBm9QKW/xagcowfuDaf/ZyBXwSojXidvojogQLaVtyj+R7zTCHlMBBRnP Gdh6T0KDG5Ta1vmLTPlJcXUkTGoN1z5UAzY1zdYLPgzBJaqvY2CBfV+AEo3ioIX0t1lT 7pBQ== X-Gm-Message-State: AOJu0Yyy9ZSfppHWHNJYgoTDWR2AcrzRuO4y9G100cTyCIojobypOjMg j4j1zdZM1q/nKKHcJvLPjWY+8qjxQcZ2ly4ETRl7OF1gbxIZNoPRO1hZyHhg9eiQpUXuuzHIu+h D X-Gm-Gg: ASbGnctRGhNl76xD2ipqB9Wzvi18UNg1kn9gDcv4W5OOvBskx4BKSq7CEvg+YioHPJ5 Cw7WMW+c6LtcsdvRI5LPPG6pTue4sK0524kfgl7dwdoEgE+GBkX0V/L5QwSxltguG6g6AnFw8fM BAehSguNlHuivwuPwl5wHtvRO1IcwYjZLJ5ILZdZBna4qFE4Rs+r7beAcDoqDO2uDoaR0AdVlNP uOdwdFCts4UARCsD9OfOfsGiZqm9AVheRnbotWLhBJq34DSQdS5dz2Ho18BNYV4t5CDtHmmVe/k /LfVTSayZp37dDZA5YHO0Z079Fku8c4E+jgIwKpMMOt2otjO X-Received: by 2002:a05:600c:a011:b0:434:f623:a004 with SMTP id 5b1f17b1804b1-4361c3a157cmr48203025e9.16.1733989671609; Wed, 11 Dec 2024 23:47:51 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436255531dasm8300695e9.8.2024.12.11.23.47.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Dec 2024 23:47:51 -0800 (PST) From: "d12fk (Code Review)" X-Google-Original-From: "d12fk (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 12 Dec 2024 07:47:50 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I3fb01ab76cf3df0874ba92e08f371d17607a8369 X-Gerrit-Change-Number: 840 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 24b54385ca3b75a92de67f3cc11b96611ee619b8 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.46 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.46 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.46 listed in bl.score.senderscore.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.46 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tLdvX-00065M-AF Subject: [Openvpn-devel] [L] Change in openvpn[master]: dns: don't publish env vars to non-dns scripts X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: heiko@openvpn.net, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818219974201045861?= X-GMAIL-MSGID: =?utf-8?q?1818219974201045861?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/840?usp=email to review the following change. Change subject: dns: don't publish env vars to non-dns scripts ...................................................................... dns: don't publish env vars to non-dns scripts With --dns-script in place we no longer need DNS related vars in the environment for other script hooks. Code for doing that is removed and the function to set --dns stuff made static, for internal use only. Another thing: since --dns setting overrule DNS related --dhcp-options, remove the latter when we got some via --dns. Change-Id: I3fb01ab76cf3df0874ba92e08f371d17607a8369 Signed-off-by: Heiko Hund --- M src/openvpn/dns.c M src/openvpn/dns.h M src/openvpn/options.c 3 files changed, 110 insertions(+), 257 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/40/840/1 diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index 14c1270..10f9bdc 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -349,93 +349,6 @@ } } -static void -setenv_dns_option(struct env_set *es, - const char *format, int i, int j, - const char *value) -{ - char name[64]; - bool name_ok = false; - - if (j < 0) - { - name_ok = snprintf(name, sizeof(name), format, i); - } - else - { - name_ok = snprintf(name, sizeof(name), format, i, j); - } - - if (!name_ok) - { - msg(M_WARN, "WARNING: dns option setenv name buffer overflow"); - } - - setenv_str(es, name, value); -} - -void -setenv_dns_options(const struct dns_options *o, struct env_set *es) -{ - struct gc_arena gc = gc_new(); - const struct dns_server *s; - const struct dns_domain *d; - int i, j; - - for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next) - { - setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name); - } - - for (i = 1, s = o->servers; s != NULL; i++, s = s->next) - { - for (j = 0; j < s->addr_count; ++j) - { - if (s->addr[j].family == AF_INET) - { - setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, - print_in_addr_t(s->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc)); - } - else - { - setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, - print_in6_addr(s->addr[j].in.a6, 0, &gc)); - } - if (s->addr[j].port) - { - setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1, - print_in_port_t(s->addr[j].port, &gc)); - } - } - - if (s->domains) - { - for (j = 1, d = s->domains; d != NULL; j++, d = d->next) - { - setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j, d->name); - } - } - - if (s->dnssec) - { - setenv_dns_option(es, "dns_server_%d_dnssec", i, -1, - dnssec_value(s->dnssec)); - } - - if (s->transport) - { - setenv_dns_option(es, "dns_server_%d_transport", i, -1, - transport_value(s->transport)); - } - if (s->sni) - { - setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni); - } - } - - gc_free(&gc); -} - #ifdef _WIN32 static void @@ -524,6 +437,93 @@ #else /* ifdef _WIN32 */ static void +setenv_dns_option(struct env_set *es, + const char *format, int i, int j, + const char *value) +{ + char name[64]; + bool name_ok = false; + + if (j < 0) + { + name_ok = snprintf(name, sizeof(name), format, i); + } + else + { + name_ok = snprintf(name, sizeof(name), format, i, j); + } + + if (!name_ok) + { + msg(M_WARN, "WARNING: dns option setenv name buffer overflow"); + } + + setenv_str(es, name, value); +} + +static void +setenv_dns_options(const struct dns_options *o, struct env_set *es) +{ + struct gc_arena gc = gc_new(); + const struct dns_server *s; + const struct dns_domain *d; + int i, j; + + for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next) + { + setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name); + } + + for (i = 1, s = o->servers; s != NULL; i++, s = s->next) + { + for (j = 0; j < s->addr_count; ++j) + { + if (s->addr[j].family == AF_INET) + { + setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, + print_in_addr_t(s->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc)); + } + else + { + setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, + print_in6_addr(s->addr[j].in.a6, 0, &gc)); + } + if (s->addr[j].port) + { + setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1, + print_in_port_t(s->addr[j].port, &gc)); + } + } + + if (s->domains) + { + for (j = 1, d = s->domains; d != NULL; j++, d = d->next) + { + setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j, d->name); + } + } + + if (s->dnssec) + { + setenv_dns_option(es, "dns_server_%d_dnssec", i, -1, + dnssec_value(s->dnssec)); + } + + if (s->transport) + { + setenv_dns_option(es, "dns_server_%d_transport", i, -1, + transport_value(s->transport)); + } + if (s->sni) + { + setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni); + } + } + + gc_free(&gc); +} + +static void script_env_set(bool up, const struct dns_options *o, const struct tuntap *tt, struct env_set *es) { setenv_str(es, "dev", tt->actual_name); diff --git a/src/openvpn/dns.h b/src/openvpn/dns.h index 47f7e5d..bdf49fd 100644 --- a/src/openvpn/dns.h +++ b/src/openvpn/dns.h @@ -167,14 +167,6 @@ struct dns_script_runner_info *dsri); /** - * Puts the DNS options into an environment set. - * - * @param o Pointer to the DNS options to set - * @param es Pointer to the env_set to set the options into - */ -void setenv_dns_options(const struct dns_options *o, struct env_set *es); - -/** * Prints configured DNS options. * * @param o Pointer to the DNS options to print diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 319f370..27a2476 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1029,11 +1029,6 @@ { setenv_connection_entry(es, &o->ce, 1); } - - if (!o->pull) - { - setenv_dns_options(&o->dns_options, es); - } } #ifndef _WIN32 @@ -1347,149 +1342,6 @@ } } } - -/* - * If DNS options are set use these for TUN/TAP options as well. - * Applies to DNS, DNS6 and DOMAIN-SEARCH. - * Existing options will be discarded. - */ -static void -tuntap_options_copy_dns(struct options *o) -{ - struct tuntap_options *tt = &o->tuntap_options; - struct dns_options *dns = &o->dns_options; - - if (dns->search_domains) - { - tt->domain_search_list_len = 0; - const struct dns_domain *domain = dns->search_domains; - while (domain && tt->domain_search_list_len < N_SEARCH_LIST_LEN) - { - tt->domain_search_list[tt->domain_search_list_len++] = domain->name; - domain = domain->next; - } - if (domain) - { - msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to --dhcp-option"); - } - tt->dhcp_options |= DHCP_OPTIONS_DHCP_REQUIRED; - } - - if (dns->servers) - { - tt->dns_len = 0; - tt->dns6_len = 0; - bool overflow = false; - const struct dns_server *server = dns->servers; - while (server) - { - for (int i = 0; i < server->addr_count; ++i) - { - if (server->addr[i].family == AF_INET) - { - if (tt->dns_len >= N_DHCP_ADDR) - { - overflow = true; - continue; - } - tt->dns[tt->dns_len++] = server->addr[i].in.a4.s_addr; - } - else - { - if (tt->dns6_len >= N_DHCP_ADDR) - { - overflow = true; - continue; - } - tt->dns6[tt->dns6_len++] = server->addr[i].in.a6; - } - } - server = server->next; - } - if (overflow) - { - msg(M_WARN, "WARNING: couldn't copy all --dns server addresses to --dhcp-option"); - } - tt->dhcp_options |= DHCP_OPTIONS_DHCP_OPTIONAL; - } -} -#else /* if defined(_WIN32) || defined(TARGET_ANDROID) */ -static void -foreign_options_copy_dns(struct options *o, struct env_set *es) -{ - const struct dns_domain *domain = o->dns_options.search_domains; - const struct dns_server *server = o->dns_options.servers; - if (!domain && !server) - { - return; - } - - /* reset the index since we're starting all over again */ - int opt_max = o->foreign_option_index; - o->foreign_option_index = 0; - - for (int i = 1; i <= opt_max; ++i) - { - char name[32]; - snprintf(name, sizeof(name), "foreign_option_%d", i); - - const char *env_str = env_set_get(es, name); - const char *value = strchr(env_str, '=') + 1; - if ((domain && strstr(value, "dhcp-option DOMAIN-SEARCH") == value) - || (server && strstr(value, "dhcp-option DNS") == value)) - { - setenv_del(es, name); - } - else - { - setenv_foreign_option(o, &value, 1, es); - } - } - - struct gc_arena gc = gc_new(); - - while (server) - { - for (int i = 0; i < server->addr_count; ++i) - { - if (server->addr[i].family == AF_INET) - { - const char *argv[] = { - "dhcp-option", - "DNS", - print_in_addr_t(server->addr[i].in.a4.s_addr, 0, &gc) - }; - setenv_foreign_option(o, argv, 3, es); - } - else - { - const char *argv[] = { - "dhcp-option", - "DNS6", - print_in6_addr(server->addr[i].in.a6, 0, &gc) - }; - setenv_foreign_option(o, argv, 3, es); - } - } - server = server->next; - } - while (domain) - { - const char *argv[] = { "dhcp-option", "DOMAIN-SEARCH", domain->name }; - setenv_foreign_option(o, argv, 3, es); - domain = domain->next; - } - - gc_free(&gc); - - /* remove old leftover entries */ - while (o->foreign_option_index < opt_max) - { - char name[32]; - snprintf(name, sizeof(name), "foreign_option_%d", opt_max--); - setenv_del(es, name); - } -} #endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ #ifndef ENABLE_SMALL @@ -3829,14 +3681,6 @@ { dns_options_preprocess_pull(&o->dns_options); } - else - { -#if defined(_WIN32) || defined(TARGET_ANDROID) - tuntap_options_copy_dns(o); -#else - foreign_options_copy_dns(o, es); -#endif - } if (o->auth_token_generate && !o->auth_token_renewal) { o->auth_token_renewal = o->renegotiate_seconds; @@ -4207,7 +4051,6 @@ /* * Sanity check on options after more options were pulled from server. - * Also time to modify some options based on other options. */ bool options_postprocess_pull(struct options *o, struct env_set *es) @@ -4216,12 +4059,30 @@ if (success) { dns_options_postprocess_pull(&o->dns_options); - setenv_dns_options(&o->dns_options, es); + #if defined(_WIN32) || defined(TARGET_ANDROID) - tuntap_options_copy_dns(o); -#else - foreign_options_copy_dns(o, es); -#endif + /* If there's --dns servers, remove dns related --dhcp-options */ + if (o->dns_options.servers) + { + o->tuntap_options.dns_len = 0; + o->tuntap_options.dns6_len = 0; + o->tuntap_options.domain = NULL; + o->tuntap_options.domain_search_list_len = 0; + } + /* Override search domains with the ones from --dns */ + else if (o->dns_options.search_domains) + { + int i = 0; + struct dns_domain *domain = o->dns_options.search_domains; + while (i < N_SEARCH_LIST_LEN && domain) + { + o->tuntap_options.domain_search_list[i] = domain->name; + domain = domain->next; + ++i; + } + o->tuntap_options.domain_search_list_len = i; + } +#endif /* defined(_WIN32) || defined(TARGET_ANDROID) */ } return success; }