From patchwork Wed Nov 20 17:42:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3950 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:1e84:b0:5d9:9f4c:3bc7 with SMTP id hq4csp156135mab; Wed, 20 Nov 2024 09:43:11 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWz23Y8PY98HN6/XrX6aV409VcgyX5F4fBOGUP6ab1yWHTW2A6XlGe23PWGqDLkGSP5184B72N6+mU=@openvpn.net X-Google-Smtp-Source: AGHT+IFSampGubmpkR811BII2t+YhJz0dXMcInaAs7IFXjKTbrACbtvaH5CeUvi10SdS4ARV9HM9 X-Received: by 2002:a05:6602:48b:b0:83a:b7a2:74e6 with SMTP id ca18e2360f4ac-83eb5e0e10cmr475212439f.0.1732124591543; Wed, 20 Nov 2024 09:43:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1732124591; cv=none; d=google.com; s=arc-20240605; b=OxGqOn4BAXnUnywj+uyPt4HHO3dyi8ZIZQLULuBgbof65cEM5lb9yJAU79AnQ7wC9+ fm3t06mX9yb8qGFcBMJfubcXEYEBw6Md4Ca7Ref3oJYR0xj82K3EMCF2P+U4bz6lseZh my95PChuu44qTfgwdwsN4VqPw9nVGrzPkZmfWlicbsglwpE9wQ0ZRNU9v9xvpQzCoVWd ZsO3IX63qS1amYWo5/LzlAkn+rLwiNfC2hKPLOBJ2roXoNf2hyvFMgtVRfGf8AVMuMSv qLK46EYscBEkU3VLIgigRUwJE+AjOUjZRzJ3UACoP1FQZCvOx2bnIcsYyuZPaLDfFFkc 0tGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=lacbMoS3ohip4NC0LgLjZVJVnOgaDJqjapry2AMQ7sE=; fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=; b=fwp0mAm7cG5BbQqJDAgDrxsNlYh19hBnZpv7LLqQYqwUOFJzQoo5RDqHmoqB7y1WrK IuWQTf1MnNVEtroHD9gzoKk2tDf1tHHeQ1EuJpXMNmnZ/7Hk4RrFl38cFlgtluCLMNln VDKMyETMx1Y3V49Jr/3qXfqwSJejnZVEkIJ81/u8A67VXTNJT/N+nblRk0uiHstwhjqn ul90GPT4wOYTvf7We99lFtXkQcAvD/IGqdmKHxjuWDREPr1L+f3kTsP+79oiYw31irmO x9TaDKC1mRpPhbv8mojIt+YEZtCKq737eFaSzlERl0/rQT0xJHMg4fKV66s+Zw9oLtzY rGZQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UIljDFjX; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VoS2PdKR; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=XsQbB+0Q; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id ca18e2360f4ac-83ec0c76411si28641039f.120.2024.11.20.09.43.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Nov 2024 09:43:11 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UIljDFjX; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VoS2PdKR; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=XsQbB+0Q; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tDojG-0002fP-Jq; Wed, 20 Nov 2024 17:43:02 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tDojE-0002f4-6M for openvpn-devel@lists.sourceforge.net; Wed, 20 Nov 2024 17:43:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BjULpW1lOymjNVFVeMycEd4uowGfnleq4smmKIg6z7U=; b=UIljDFjXAxNhMxNSL5Ke+xg635 JO/0q7EPnDXDFlC9hLvcwt+WB/UFEl3dqyR83cvrhLq8zmmCAjbMHOuBW1PoWjtXCCxAt5P3qzS1U Yh5L1sTGGSzLEmAV1o7JnxLwNVUzoIZEflKHO0e7pN3B0qoOo2tkajKO8BXnPIPa7KAQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=BjULpW1lOymjNVFVeMycEd4uowGfnleq4smmKIg6z7U=; b=V oS2PdKRYdS5Rx78B9zOreMT2DUcFowifu9fnLbmQVmQf2+W9aN/ieqmm/Pk2Hkn3b0uAmIiAanPaW oxlGj/yOHMM1Vl9L9aAJA5OFQmS3Y1OBuY+QXMPALI7HxOpUwFwRG5qJADJpcI1bwevgWthj65FX+ nuiBlQsg+O11kETg=; Received: from mail-wm1-f44.google.com ([209.85.128.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tDoj5-0005dj-5j for openvpn-devel@lists.sourceforge.net; Wed, 20 Nov 2024 17:42:53 +0000 Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4315e62afe0so22190505e9.1 for ; Wed, 20 Nov 2024 09:42:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1732124560; x=1732729360; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=BjULpW1lOymjNVFVeMycEd4uowGfnleq4smmKIg6z7U=; b=XsQbB+0Q8R44mnSTCnN3XRn4W++1y0NSoZZ5XHu5gjpZkSD5lhKk9jpDcVW946g7aB uX3nvEbyTn2FMOSbNF/fAjz8o1dbu4mWqVHiJGFH75dKeZU14uGpdcr6N/IhHooMkk1D 1LI8F2bInfI9cB6fEobFoYr/L3FaLMGWLpo9TY7GrAvLEEUez7p4ScOyAV4Ff8GKmMUz 20kBrzRocsEln7qghNleQcUejoOijIr1PZz5prPV+AQIxHXWji2aYP44ZlwK9HLZvD32 NTEyH9Uu0EXoMX8mfXW/DJV8KvPBFTKsKzJ+1/5XblkpKKZt+qA+KQzlRqeGwIOFcizH kuJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732124560; x=1732729360; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BjULpW1lOymjNVFVeMycEd4uowGfnleq4smmKIg6z7U=; b=kKhOMjy93tQ/e1ujGnn3LqrpCjkC8OagvQIFE4A67i5DZQT93DA9CmVN+CJBD1yVkd yWqhOZaVGFt2BpvPZ4jk4gqI6UXml30Gq/TlHUUav/Cp9cpywXqttHT7KIXDanvCPqqX 9MwSM1gmJvpOlPjHOBf5kCPO+G7+pBMR8pfsDPDYSk5fhy4XakXrXEOKGUcLIXlY+/nf QPXxbuZ/gidKkgOHE4cJlTiHnToxO8sPpSwck7IVYOz4BrjQGIT39vjRkBJGxOHvli7g hThVlxD/7E+XI5Qg63lp32otoo2UQVC3iAbprAHtDQqX93gON8Ab12cQGJ/5bSm6zEPF uUWg== X-Gm-Message-State: AOJu0Yyo/0LMBexoNsSRCTEubVdtyUd8kv73Kk1SfDaaxEKqLm1+Wzpn KiZiPd0C40SN6vJisPTvyN2PyBmASyPJa9zIdePy8r8UhNjHTy/V2HSWkBCatH/4thudwm2Lfqh 3 X-Received: by 2002:a05:600c:1c15:b0:426:5269:1a50 with SMTP id 5b1f17b1804b1-433489b3f29mr31953915e9.11.1732124559397; Wed, 20 Nov 2024 09:42:39 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-433b46359b9sm25932635e9.36.2024.11.20.09.42.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Nov 2024 09:42:39 -0800 (PST) From: "mrbff (Code Review)" X-Google-Original-From: "mrbff (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 20 Nov 2024 17:42:38 +0000 To: plaisthos , flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I507180d7397b6959844a30908010132bc3411067 X-Gerrit-Change-Number: 809 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 2ae3080866005c4ca14b2bbc493feb5e42697f89 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.44 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.44 listed in bl.score.senderscore.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.44 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.44 listed in list.dnswl.org] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tDoj5-0005dj-5j Subject: [Openvpn-devel] [L] Change in openvpn[master]: PUSH_UPDATE: Added remove_option() and do_update(). X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: marco@mandelbit.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1816264275661891490?= X-GMAIL-MSGID: =?utf-8?q?1816264275661891490?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/809?usp=email to review the following change. Change subject: PUSH_UPDATE: Added remove_option() and do_update(). ...................................................................... PUSH_UPDATE: Added remove_option() and do_update(). * Added remove_option() function and some utility functions to remove options at runtime following the push-update logic. * Added do_update() function to close and reopen the tun and apply option updates. Change-Id: I507180d7397b6959844a30908010132bc3411067 Signed-off-by: Marco Baffo --- M src/openvpn/init.c M src/openvpn/init.h M src/openvpn/options.c M src/openvpn/push.c M src/openvpn/route.c M src/openvpn/route.h 6 files changed, 355 insertions(+), 62 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/09/809/1 diff --git a/src/openvpn/init.c b/src/openvpn/init.c index f8d9d06..b95a61a 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2567,6 +2567,47 @@ return true; } +bool +do_update(struct context *c, unsigned int option_types_found) +{ + /* Not necessary since to receive the update the openvpn + * instance must be up and running but just in case + */ + if (!c->c2.do_up_ran) + { + return false; + } + + bool tt_dco_win = tuntap_is_dco_win(c->c1.tuntap); + if (tt_dco_win) + { + msg(M_NONFATAL, "dco-win doesn't yet support reopening TUN device"); + return false; + } + + if (!do_deferred_options(c, option_types_found)) + { + msg(D_PUSH_ERRORS, "ERROR: Failed to apply push options"); + return false; + } + + do_close_tun(c, true); + + management_sleep(1); + int error_flags = 0; + c->c2.did_open_tun = do_open_tun(c, &error_flags); + update_time(); + + if (c->c2.did_open_tun) + { + initialization_sequence_completed(c, error_flags); + } + + CLEAR(c->c1.pulled_options_digest_save); + + return true; +} + /* * These are the option categories which will be accepted by pull. */ diff --git a/src/openvpn/init.h b/src/openvpn/init.h index ea7eb30..3d0206e 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -86,6 +86,8 @@ bool pulled_options, unsigned int option_types_found); +bool do_update(struct context *c, unsigned int option_types_found); + unsigned int pull_permission_mask(const struct context *c); const char *format_common_name(struct context *c, struct gc_arena *gc); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e772a54..5b4419d 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1055,6 +1055,40 @@ gc_free(&gc); } } + +static void +delete_all_dhcp_fo(struct options *o, struct env_item **list) +{ + struct env_item *current, *prev; + + ASSERT(list); + + for (current = *list, prev = NULL; current != NULL; current = current->next) + { + char *tmp_value = NULL; + if (!strncmp(current->string, "foreign_option_", sizeof("foreign_option_")-1)) + { + tmp_value = strchr(current->string, '='); + if (tmp_value && ++tmp_value) + { + if (!strncmp(tmp_value, "dhcp-option ", sizeof("dhcp-option ")-1)) + { + if (prev) + { + prev->next = current->next; + } + else + { + *list = current->next; + } + o->foreign_option_index--; + } + } + } + prev = current; + } +} + #endif /* ifndef _WIN32 */ static in_addr_t @@ -3260,8 +3294,16 @@ msg(M_INFO, "Flag 'def1' added to --redirect-gateway (iservice is in use)"); opt->routes->flags |= RG_DEF1; } + else if ((!opt->routes + || opt->route_method != ROUTE_METHOD_SERVICE + || !(opt->routes->flags & RG_REROUTE_GW)) + && (opt->routes->flags & RG_DEF1)) + { + msg(M_INFO, "Flag 'def1' removed from --redirect-gateway"); + opt->routes->flags &= ~RG_DEF1; + } } -#endif +#endif /* ifdef _WIN32 */ /* * Save/Restore certain option defaults before --pull is applied. @@ -5452,67 +5494,6 @@ } } -bool -apply_push_options(struct options *options, - struct buffer *buf, - unsigned int permission_mask, - unsigned int *option_types_found, - struct env_set *es) -{ - char line[OPTION_PARM_SIZE]; - int line_num = 0; - const char *file = "[PUSH-OPTIONS]"; - const int msglevel = D_PUSH_ERRORS|M_OPTERR; - - while (buf_parse(buf, ',', line, sizeof(line))) - { - char *p[MAX_PARMS+1]; - CLEAR(p); - ++line_num; - if (!apply_pull_filter(options, line)) - { - return false; /* Cause push/pull error and stop push processing */ - } - if (parse_line(line, p, SIZE(p)-1, file, line_num, msglevel, &options->gc)) - { - add_option(options, p, false, file, line_num, 0, msglevel, - permission_mask, option_types_found, es); - } - } - return true; -} - -void -options_server_import(struct options *o, - const char *filename, - int msglevel, - unsigned int permission_mask, - unsigned int *option_types_found, - struct env_set *es) -{ - msg(D_PUSH, "OPTIONS IMPORT: reading client specific options from: %s", filename); - read_config_file(o, - filename, - 0, - filename, - 0, - msglevel, - permission_mask, - option_types_found, - es); -} - -void -options_string_import(struct options *options, - const char *config, - const int msglevel, - const unsigned int permission_mask, - unsigned int *option_types_found, - struct env_set *es) -{ - read_config_string("[CONFIG-STRING]", options, config, msglevel, permission_mask, option_types_found, es); -} - #define VERIFY_PERMISSION(mask) { \ if (!verify_permission(p[0], file, line, (mask), permission_mask, \ option_types_found, msglevel, options, is_inline)) \ @@ -5614,6 +5595,170 @@ { return options->forward_compatible ? M_WARN : msglevel; } + +static void +remove_option(struct context *c, + struct options *options, + char *p[], + bool is_inline, + const char *file, + int line, + const int msglevel, + const unsigned int permission_mask, + unsigned int *option_types_found, + struct env_set *es) +{ + int msglevel_fc = msglevel_forward_compatible(options, msglevel); + + if (streq(p[0], "ifconfig") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_UP); + options->ifconfig_local = NULL; + options->ifconfig_remote_netmask = NULL; + } + else if (streq(p[0], "ifconfig-ipv6") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_UP); + options->ifconfig_ipv6_local = NULL; + options->ifconfig_ipv6_netbits = 0; + options->ifconfig_ipv6_remote = NULL; + } + else if (streq(p[0], "route") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + if (c->c1.route_list) + { + destroy_routes_v4(c->c1.route_list, c->c1.tuntap, + ROUTE_OPTION_FLAGS(&c->options), + es, &c->net_ctx, options); + } + } + else if (streq(p[0], "route-ipv6") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + if (c->c1.route_ipv6_list) + { + destroy_routes_v6(c->c1.route_ipv6_list, c->c1.tuntap, + ROUTE_OPTION_FLAGS(&c->options), + es, &c->net_ctx, options); + } + } + else if (streq(p[0], "route-gateway") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE_EXTRAS); + options->route_gateway_via_dhcp = false; + options->route_default_gateway = NULL; + } + else if (streq(p[0], "route-metric") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + options->route_default_metric = 0; + } + else if (streq(p[0], "push-continuation") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_PULL_MODE); + options->push_continuation = 0; + } + else if ((streq(p[0], "redirect-gateway") || streq(p[0], "redirect-private")) && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + if (options->routes) + { + options->routes->flags = 0; + } + if (options->routes_ipv6) + { + options->routes_ipv6->flags = 0; + } + } + else if (streq(p[0], "dns") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_DHCPDNS); + gc_free(&options->dns_options.gc); + CLEAR(options->dns_options); + } + else if (streq(p[0], "topology") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_UP); + options->topology = TOP_UNDEF; + helper_setdefault_topology(options); + } + else if (streq(p[0], "tun-mtu") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_PUSH_MTU|OPT_P_CONNECTION); + options->ce.tun_mtu = TUN_MTU_DEFAULT; + options->ce.tun_mtu_defined = false; + options->ce.occ_mtu = 0; + } + else if (streq(p[0], "block-ipv6") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_ROUTE); + options->block_ipv6 = false; + } +#if defined(_WIN32) || defined(TARGET_ANDROID) + else if (streq(p[0], "dhcp-option") && !p[1]) + { + struct tuntap_options *o = &options->tuntap_options; + VERIFY_PERMISSION(OPT_P_DHCPDNS); + + o->domain = NULL; + o->netbios_scope = NULL; + o->netbios_node_type = 0; + o->dns6_len = 0; + memset(o->dns6, 0, sizeof(o->dns6)); + o->dns_len = 0; + memset(o->dns, 0, sizeof(o->dns)); + o->wins_len = 0; + memset(o->wins, 0, sizeof(o->wins)); + o->ntp_len = 0; + memset(o->ntp, 0, sizeof(o->ntp)); + o->nbdd_len = 0; + memset(o->nbdd, 0, sizeof(o->nbdd)); + while (o->domain_search_list_len-- > 0) + { + o->domain_search_list[o->domain_search_list_len] = NULL; + } + o->disable_nbt = 0; + o->dhcp_options = 0; +#if defined(TARGET_ANDROID) + o->http_proxy_port = 0; + o->http_proxy = NULL; +#endif + } +#endif /* if defined(_WIN32) || defined(TARGET_ANDROID) */ +#ifdef _WIN32 + else if (streq(p[0], "block-outside-dns") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_DHCPDNS); + options->block_outside_dns = false; + } +#else /* ifdef _WIN32 */ + else if (streq(p[0], "dhcp-option") && !p[1]) + { + VERIFY_PERMISSION(OPT_P_DHCPDNS); + delete_all_dhcp_fo(options, &es->list); + } +#endif + else + { + int i; + int msglevel_unknown = msglevel_fc; + /* Check if an option is in --ignore-unknown-option and + * set warning level to non fatal */ + for (i = 0; options->ignore_unknown_option && options->ignore_unknown_option[i]; i++) + { + if (streq(p[0], options->ignore_unknown_option[i])) + { + msglevel_unknown = M_WARN; + break; + } + } + msg(msglevel_unknown, "Unrecognized option or missing or extra parameter(s) in %s:%d: -%s (%s)", file, line, p[0], PACKAGE_VERSION); + } + return; +err: + msg(msglevel, "Error occurred trying to remove %s option", p[0]); +} bool apply_push_options(struct context *c, struct options *options, @@ -5647,11 +5792,47 @@ add_option(options, p, false, file, line_num, 0, msglevel, permission_mask, option_types_found, es); } + else if (push_update_option_flags & PUSH_OPT_TO_REMOVE) + { + remove_option(c, options, p, false, file, line_num, msglevel, + permission_mask, option_types_found, es); + } } } return true; } +void +options_server_import(struct options *o, + const char *filename, + int msglevel, + unsigned int permission_mask, + unsigned int *option_types_found, + struct env_set *es) +{ + msg(D_PUSH, "OPTIONS IMPORT: reading client specific options from: %s", filename); + read_config_file(o, + filename, + 0, + filename, + 0, + msglevel, + permission_mask, + option_types_found, + es); +} + +void +options_string_import(struct options *options, + const char *config, + const int msglevel, + const unsigned int permission_mask, + unsigned int *option_types_found, + struct env_set *es) +{ + read_config_string("[CONFIG-STRING]", options, config, msglevel, permission_mask, option_types_found, es); +} + static void set_user_script(struct options *options, const char **script, diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 71a0372..69ea4bf 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -542,6 +542,11 @@ { msg(M_WARN, "No option found"); } + else if (!do_update(c, option_types_found)) + { + msg(D_PUSH_ERRORS, "Failed to update options"); + goto error; + } } } event_timeout_clear(&c->c2.push_request_interval); diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 2e584c7..0cd71d2 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1291,6 +1291,60 @@ } } +void +destroy_routes_v4(struct route_list *rl, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx, struct options *options) +{ + if (rl && (rl->iflags & RL_ROUTES_ADDED)) + { + struct route_ipv4 *r; + for (r = rl->routes; r; r = r->next) + { + delete_route(r, tt, flags, &rl->rgi, es, ctx); + } + rl->iflags &= ~RL_ROUTES_ADDED; + } + + undo_redirect_default_route_to_vpn(rl, tt, flags, es, ctx); + + if (rl) + { + clear_route_list(rl); + } + if (options->routes) + { + options->routes->routes = NULL; + options->routes->flags = 0; + } +} + +void +destroy_routes_v6(struct route_ipv6_list *rl6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx, struct options *options) +{ + if (rl6 && (rl6->iflags & RL_ROUTES_ADDED)) + { + struct route_ipv6 *r6; + for (r6 = rl6->routes_ipv6; r6; r6 = r6->next) + { + delete_route_ipv6(r6, tt, flags, es, ctx); + } + rl6->iflags &= ~RL_ROUTES_ADDED; + } + + if (rl6) + { + clear_route_ipv6_list(rl6); + } + if (options->routes_ipv6) + { + options->routes_ipv6->routes_ipv6 = NULL; + options->routes_ipv6->flags = 0; + } +} + #ifndef ENABLE_SMALL static const char * diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 421e7d2..b798c9d 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -321,6 +321,16 @@ const struct env_set *es, openvpn_net_ctx_t *ctx); +void +destroy_routes_v4(struct route_list *rl, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx, struct options *options); + +void +destroy_routes_v6(struct route_ipv6_list *rl6, const struct tuntap *tt, + unsigned int flags, const struct env_set *es, + openvpn_net_ctx_t *ctx, struct options *options); + void setenv_routes(struct env_set *es, const struct route_list *rl); void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6);