Merge tag 'upstream/2.4_rc1'

Upstream version 2.4~rc1
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-12-07 13:14:25 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-12-07 13:14:25 +0100
commit: 820804a01d365f6d4f9305b9e072f8393f443fcb (patch)
tree: fa122587cf4af5ccd339fa4c127c5374ea9fe3b3 /src/openvpn/options.c
parent: 354d158b7ea85b6e60c0de67000b1673361904a0 (diff)
parent: d53dba59e78da865c4fe820386ff2f4f76925f3b (diff)
1 files changed, 86 insertions, 8 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 7f128c3..47acd97 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -704,7 +704,8 @@ static const char usage_message[] =
   "                    which allow multiple addresses,\n"
   "                    --dhcp-option must be repeated.\n"
   "                    DOMAIN name : Set DNS suffix\n"
-  "                    DNS addr    : Set domain name server address(es)\n"
+  "                    DNS addr    : Set domain name server address(es) (IPv4)\n"
+  "                    DNS6 addr   : Set domain name server address(es) (IPv6)\n"
   "                    NTP         : Set NTP server address(es)\n"
   "                    NBDD        : Set NBDD server address(es)\n"
   "                    WINS addr   : Set WINS server address(es)\n"
@@ -716,8 +717,8 @@ static const char usage_message[] =
   "--dhcp-pre-release : Ask Windows to release the previous TAP adapter lease on\n"
 "                       startup.\n"
   "--dhcp-release     : Ask Windows to release the TAP adapter lease on shutdown.\n"
-  "--register-dns  : Run net stop dnscache, net start dnscache, ipconfig /flushdns\n"
-  "                  and ipconfig /registerdns on connection initiation.\n"
+  "--register-dns  : Run ipconfig /flushdns and ipconfig /registerdns\n"
+  "                  on connection initiation.\n"
   "--tap-sleep n   : Sleep for n seconds after TAP adapter open before\n"
   "                  attempting to set adapter properties.\n"
   "--pause-exit         : When run from a console window, pause before exiting.\n"
@@ -1642,6 +1643,8 @@ show_settings (const struct options *o)
   SHOW_STR (shared_secret_file);
   SHOW_INT (key_direction);
   SHOW_STR (ciphername);
+  SHOW_BOOL (ncp_enabled);
+  SHOW_STR (ncp_ciphers);
   SHOW_STR (authname);
   SHOW_STR (prng_hash);
   SHOW_INT (prng_nonce_secret_len);
@@ -2523,6 +2526,22 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)
 
 }
 
+#ifdef _WIN32
+/* If iservice is in use, we need def1 method for redirect-gateway */
+static void
+remap_redirect_gateway_flags (struct options *opt)
+{
+  if (opt->routes
+      && opt->route_method == ROUTE_METHOD_SERVICE
+      && opt->routes->flags & RG_REROUTE_GW
+      && !(opt->routes->flags & RG_DEF1))
+    {
+      msg (M_INFO, "Flag 'def1' added to --redirect-gateway (iservice is in use)");
+      opt->routes->flags |= RG_DEF1;
+    }
+}
+#endif
+
 static void
 options_postprocess_mutate_invariant (struct options *options)
 {
@@ -2552,6 +2571,8 @@ options_postprocess_mutate_invariant (struct options *options)
       options->tuntap_options.ip_win32_type = IPW32_SET_MANUAL;
       options->ifconfig_noexec = false;
     }
+
+  remap_redirect_gateway_flags (options);
 #endif
 
 #if P2MP_SERVER
@@ -3444,6 +3465,36 @@ options_string_version (const char* s, struct gc_arena *gc)
 
 #endif /* ENABLE_OCC */
 
+char *
+options_string_extract_option (const char *options_string,const char *opt_name,
+    struct gc_arena *gc)
+{
+  char *ret = NULL;
+  const size_t opt_name_len = strlen(opt_name);
+
+  const char *p = options_string;
+  while (p)
+    {
+      if (0 == strncmp(p, opt_name, opt_name_len) &&
+	  strlen(p) > (opt_name_len+1) && p[opt_name_len] == ' ')
+	{
+	  /* option found, extract value */
+	  const char *start = &p[opt_name_len+1];
+	  const char *end = strchr (p, ',');
+	  size_t val_len = end ? end - start : strlen (start);
+	  ret = gc_malloc (val_len+1, true, gc);
+	  memcpy (ret, start, val_len);
+	  break;
+	}
+      p = strchr (p, ',');
+      if (p)
+	{
+	  p++; /* skip delimiter */
+	}
+    }
+  return ret;
+}
+
 static void
 foreign_option (struct options *o, char *argv[], int len, struct env_set *es)
 {
@@ -3652,7 +3703,7 @@ usage_version (void)
   show_windows_version( M_INFO|M_NOPREFIX );
 #endif
   msg (M_INFO|M_NOPREFIX, "Originally developed by James Yonan");
-  msg (M_INFO|M_NOPREFIX, "Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>");
+  msg (M_INFO|M_NOPREFIX, "Copyright (C) 2002-2016 OpenVPN Technologies, Inc. <sales@openvpn.net>");
 #ifndef ENABLE_SMALL
 #ifdef CONFIGURE_DEFINES
   msg (M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES);
@@ -3935,7 +3986,7 @@ read_inline_file (struct in_src *is, const char *close_tag, struct gc_arena *gc)
   ret = string_alloc (BSTR (&buf), gc);
   buf_clear (&buf);
   free_buf (&buf);
-  CLEAR (line);
+  secure_memzero (line, sizeof (line));
   return ret;
 }
 
@@ -4050,7 +4101,7 @@ read_config_file (struct options *options,
     {
       msg (msglevel, "In %s:%d: Maximum recursive include levels exceeded in include attempt of file %s -- probably you have a configuration file that tries to include itself.", top_file, top_line, file);
     }
-  CLEAR (line);
+  secure_memzero (line, sizeof (line));
   CLEAR (p);
 }
 
@@ -4082,7 +4133,7 @@ read_config_string (const char *prefix,
 	}
       CLEAR (p);
     }
-  CLEAR (line);
+  secure_memzero (line, sizeof (line));
 }
 
 void
@@ -4374,6 +4425,8 @@ add_option (struct options *options,
    */
   if (streq (p[0], "setenv") && p[1] && streq (p[1], "opt") && !(permission_mask & OPT_P_PULL_MODE))
     {
+      if (!p[2])
+        p[2] = "setenv opt"; /* will trigger an error that includes setenv opt */
       p += 2;
       msglevel_fc = M_WARN;
     }
@@ -5672,6 +5725,10 @@ add_option (struct options *options,
 	      goto err;
 	    }
 	}
+#ifdef _WIN32
+      /* we need this here to handle pushed --redirect-gateway */
+      remap_redirect_gateway_flags (options);
+#endif
       options->routes->flags |= RG_ENABLE;
     }
   else if (streq (p[0], "remote-random-hostname") && !p[1])
@@ -6406,6 +6463,20 @@ add_option (struct options *options,
 	{
 	  dhcp_option_address_parse ("DNS", p[2], o->dns, &o->dns_len, msglevel);
 	}
+      else if (streq (p[1], "DNS6") && p[2] && ipv6_addr_safe(p[2]))
+	{
+	  struct in6_addr addr;
+	  foreign_option (options, p, 3, es);
+	  if (o->dns6_len >= N_DHCP_ADDR)
+	    {
+	      msg (msglevel, "--dhcp-option DNS6: maximum of %d dns servers can be specified",
+		   N_DHCP_ADDR);
+	    }
+	  else if (get_ipv6_addr (p[2], &addr, NULL, msglevel))
+	    {
+	      o->dns6[o->dns6_len++] = addr;
+	    }
+	}
       else if (streq (p[1], "WINS") && p[2])
 	{
 	  dhcp_option_address_parse ("WINS", p[2], o->wins, &o->wins_len, msglevel);
@@ -6427,7 +6498,14 @@ add_option (struct options *options,
 	  msg (msglevel, "--dhcp-option: unknown option type '%s' or missing or unknown parameter", p[1]);
 	  goto err;
 	}
-      o->dhcp_options = true;
+
+      /* flag that we have options to give to the TAP driver's DHCPv4 server
+       *  - skipped for "DNS6", as that's not a DHCPv4 option
+       */
+      if (!streq (p[1], "DNS6"))
+	{
+	  o->dhcp_options = true;
+	}
     }
 #endif
 #ifdef _WIN32
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-12-07 13:14:25 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-12-07 13:14:25 +0100
commit	820804a01d365f6d4f9305b9e072f8393f443fcb (patch)
tree	fa122587cf4af5ccd339fa4c127c5374ea9fe3b3 /src/openvpn/options.c
parent	354d158b7ea85b6e60c0de67000b1673361904a0 (diff)
parent	d53dba59e78da865c4fe820386ff2f4f76925f3b (diff)