diff options
author | Jörg Frings-Fürst <debian@jff.email> | 2021-11-29 20:46:00 +0100 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff.email> | 2021-11-29 20:46:00 +0100 |
commit | f2b3dda12a731c2e0971cb7889728edaf23f6cb0 (patch) | |
tree | fdf8833416567ca3842f347b2126cdbb13c746bd /src/openvpn/options.c | |
parent | 4ee98f284a93c3b855092d35ac21371d9dcad65b (diff) |
New upstream version 2.5.4upstream/2.5.4
Diffstat (limited to 'src/openvpn/options.c')
-rw-r--r-- | src/openvpn/options.c | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0d99e99..a536ebe 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> - * Copyright (C) 2008-2013 David Sommerseth <dazo@users.sourceforge.net> + * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net> + * Copyright (C) 2008-2021 David Sommerseth <dazo@eurephia.org> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -625,7 +625,7 @@ static const char usage_message[] = " see --secret option for more info.\n" "--tls-crypt-v2 key : For clients: use key as a client-specific tls-crypt key.\n" " For servers: use key to decrypt client-specific keys. For\n" - " key generation (--tls-crypt-v2-genkey): use key to\n" + " key generation (--genkey tls-crypt-v2-client): use key to\n" " encrypt generated client-specific key. (See --tls-crypt.)\n" "--genkey tls-crypt-v2-client [keyfile] [base64 metadata]: Generate a\n" " fresh tls-crypt-v2 client key, and store to\n" @@ -1700,7 +1700,7 @@ show_settings(const struct options *o) SHOW_BOOL(tls_client); SHOW_STR_INLINE(ca_file); SHOW_STR(ca_path); - SHOW_STR(dh_file); + SHOW_STR_INLINE(dh_file); #ifdef ENABLE_MANAGEMENT if ((o->management_flags & MF_EXTERNAL_CERT)) { @@ -3328,14 +3328,8 @@ check_file_access_chroot(const char *chroot, const int type, const char *file, c { struct gc_arena gc = gc_new(); struct buffer chroot_file; - int len = 0; - - /* Build up a new full path including chroot directory */ - len = strlen(chroot) + strlen(PATH_SEPARATOR_STR) + strlen(file) + 1; - chroot_file = alloc_buf_gc(len, &gc); - buf_printf(&chroot_file, "%s%s%s", chroot, PATH_SEPARATOR_STR, file); - ASSERT(chroot_file.len > 0); + chroot_file = prepend_dir(chroot, file, &gc); ret = check_file_access(type, BSTR(&chroot_file), mode, opt); gc_free(&gc); } @@ -3597,6 +3591,14 @@ pre_pull_save(struct options *o) o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc); o->pre_pull->client_nat_defined = true; } + + o->pre_pull->route_default_gateway = o->route_default_gateway; + o->pre_pull->route_ipv6_default_gateway = o->route_ipv6_default_gateway; + + /* Ping related options should be reset to the config values on reconnect */ + o->pre_pull->ping_rec_timeout = o->ping_rec_timeout; + o->pre_pull->ping_rec_timeout_action = o->ping_rec_timeout_action; + o->pre_pull->ping_send_timeout = o->ping_send_timeout; } } @@ -3632,6 +3634,9 @@ pre_pull_restore(struct options *o, struct gc_arena *gc) o->routes_ipv6 = NULL; } + o->route_default_gateway = pp->route_default_gateway; + o->route_ipv6_default_gateway = pp->route_ipv6_default_gateway; + if (pp->client_nat_defined) { cnol_check_alloc(o); @@ -3643,6 +3648,10 @@ pre_pull_restore(struct options *o, struct gc_arena *gc) } o->foreign_option_index = pp->foreign_option_index; + + o->ping_rec_timeout = pp->ping_rec_timeout; + o->ping_rec_timeout_action = pp->ping_rec_timeout_action; + o->ping_send_timeout = pp->ping_send_timeout; } o->push_continuation = 0; @@ -4377,7 +4386,7 @@ usage_version(void) show_windows_version( M_INFO|M_NOPREFIX ); #endif msg(M_INFO|M_NOPREFIX, "Originally developed by James Yonan"); - msg(M_INFO|M_NOPREFIX, "Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>"); + msg(M_INFO|M_NOPREFIX, "Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>"); #ifndef ENABLE_SMALL #ifdef CONFIGURE_DEFINES msg(M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES); @@ -5310,7 +5319,7 @@ add_option(struct options *options, { /* only message-related ECHO are logged, since other ECHOs * can potentially include security-sensitive strings */ - if (strncmp(p[1], "msg", 3) == 0) + if (p[1] && strncmp(p[1], "msg", 3) == 0) { msg(M_INFO, "%s:%s", pull_mode ? "ECHO-PULL" : "ECHO", @@ -6008,6 +6017,12 @@ add_option(struct options *options, { VERIFY_PERMISSION(OPT_P_MESSAGES); options->verbosity = positive_atoi(p[1]); + if (options->verbosity >= (D_TLS_DEBUG_MED & M_DEBUG_LEVEL)) + { + /* We pass this flag to the SSL library to avoid + * mbed TLS always generating debug level logging */ + options->ssl_flags |= SSLF_TLS_DEBUG_ENABLED; + } #if !defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL) /* Warn when a debug verbosity is supplied when built without debug support */ if (options->verbosity >= 7) @@ -8263,6 +8278,11 @@ add_option(struct options *options, } #endif } + else if (streq(p[0], "auth-token-user") && p[1] && !p[2]) + { + VERIFY_PERMISSION(OPT_P_ECHO); + ssl_set_auth_token_user(p[1]); + } else if (streq(p[0], "single-session") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL); |