David Sommerseth wrote: > In commit 4e1cc5f6dda22e9 the create_temp_filename() function was > reviewed and hardened, which in the end renamed this function to > create_temp_file() in commit 495e3cec5d156. > > With these changes it became more evident that OpenVPN needs a directory > where it can create temporary files. The create_temp_file() will create > such files f.ex. if --client-connect or --plugin which makes use of > the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY hook, such as openvpn-auth-pam.so. > > When this happens, OpenVPN will normally create these files in the directory > OpenVPN was started. In many cases, this will fail due to restricted access. > By using --tmp-dir and pointing it to a directory writeable to the user > running OpenVPN, it works again. > > This patch makes OpenVPN use a more suitable temproary directory by default, > instead of the current working directory. On non-Windows platforms this > default value is set to '/tmp', but can be modified at compile-time by > running ./configure --with-tmp-dir-path=<TEMP DIR PATH>. On Windows, it > will use GetTempPath() to find temporary paths recommended by the OS. If > this fails, it will fallback to the old behaviour, using the directory > where OpenVPN was started. > > In any cases, this default value can be overridden in the configuration > file by using the --tmp-dir option, as before. > > To check what the default is at runime, you can see this easily by doing > this: > > $ ./openvpn --verb 4 --dev tun | grep tmp_dir > > Signed-off-by: David Sommerseth <dav...@redhat.com> > Tested-by: Jan Just Keijser <janj...@nikhef.nl>
The above commit message doesn't really fit the patch anymore. :) > diff --git a/options.c b/options.c > index 36e8393..7303cb4 100644 > --- a/options.c > +++ b/options.c > @@ -766,11 +766,23 @@ init_options (struct options *o, const bool init_gc) > #ifdef ENABLE_X509ALTUSERNAME > o->x509_username_field = X509_USERNAME_FIELD_DEFAULT; > #endif > -#endif > -#endif > +#endif /* USE_SSL */ > +#endif /* USE_CRYPTO */ > #ifdef ENABLE_PKCS11 > o->pkcs11_pin_cache_period = -1; > #endif /* ENABLE_PKCS11 */ The above hunk is not really related, right? Looks fine otherwise! //Peter
