Attention is currently required from: cron2, d12fk, flichtenheld, plaisthos.
Hello cron2, flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/840?usp=email
to look at the new patch set (#17).
Change subject: dns: don't publish env vars to non-dns scripts
......................................................................
dns: don't publish env vars to non-dns scripts
With --dns-updown in place we no longer need --dns option related vars in
the environment for other script hooks. Code for doing that is removed and
the function to set --dns stuff made static, for internal use only.
Change-Id: I3fb01ab76cf3df0874ba92e08f371d17607a8369
Signed-off-by: Heiko Hund <he...@ist.eigentlich.net>
---
M src/openvpn/dns.c
M src/openvpn/dns.h
M src/openvpn/options.c
3 files changed, 87 insertions(+), 101 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/40/840/17
diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
index b45c290..0ad8e44 100644
--- a/src/openvpn/dns.c
+++ b/src/openvpn/dns.c
@@ -350,93 +350,6 @@
}
}
-static void
-setenv_dns_option(struct env_set *es,
- const char *format, int i, int j,
- const char *value)
-{
- char name[64];
- bool name_ok = false;
-
- if (j < 0)
- {
- name_ok = snprintf(name, sizeof(name), format, i);
- }
- else
- {
- name_ok = snprintf(name, sizeof(name), format, i, j);
- }
-
- if (!name_ok)
- {
- msg(M_WARN, "WARNING: dns option setenv name buffer overflow");
- }
-
- setenv_str(es, name, value);
-}
-
-void
-setenv_dns_options(const struct dns_options *o, struct env_set *es)
-{
- struct gc_arena gc = gc_new();
- const struct dns_server *s;
- const struct dns_domain *d;
- int i, j;
-
- for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next)
- {
- setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name);
- }
-
- for (i = 1, s = o->servers; s != NULL; i++, s = s->next)
- {
- for (j = 0; j < s->addr_count; ++j)
- {
- if (s->addr[j].family == AF_INET)
- {
- setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,
- print_in_addr_t(s->addr[j].in.a4.s_addr,
IA_NET_ORDER, &gc));
- }
- else
- {
- setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,
- print_in6_addr(s->addr[j].in.a6, 0, &gc));
- }
- if (s->addr[j].port)
- {
- setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1,
- print_in_port_t(s->addr[j].port, &gc));
- }
- }
-
- if (s->domains)
- {
- for (j = 1, d = s->domains; d != NULL; j++, d = d->next)
- {
- setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j,
d->name);
- }
- }
-
- if (s->dnssec)
- {
- setenv_dns_option(es, "dns_server_%d_dnssec", i, -1,
- dnssec_value(s->dnssec));
- }
-
- if (s->transport)
- {
- setenv_dns_option(es, "dns_server_%d_transport", i, -1,
- transport_value(s->transport));
- }
- if (s->sni)
- {
- setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni);
- }
- }
-
- gc_free(&gc);
-}
-
#ifdef _WIN32
static void
@@ -554,6 +467,93 @@
#else /* ifdef _WIN32 */
static void
+setenv_dns_option(struct env_set *es,
+ const char *format, int i, int j,
+ const char *value)
+{
+ char name[64];
+ bool name_ok = false;
+
+ if (j < 0)
+ {
+ name_ok = snprintf(name, sizeof(name), format, i);
+ }
+ else
+ {
+ name_ok = snprintf(name, sizeof(name), format, i, j);
+ }
+
+ if (!name_ok)
+ {
+ msg(M_WARN, "WARNING: dns option setenv name buffer overflow");
+ }
+
+ setenv_str(es, name, value);
+}
+
+static void
+setenv_dns_options(const struct dns_options *o, struct env_set *es)
+{
+ struct gc_arena gc = gc_new();
+ const struct dns_server *s;
+ const struct dns_domain *d;
+ int i, j;
+
+ for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next)
+ {
+ setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name);
+ }
+
+ for (i = 1, s = o->servers; s != NULL; i++, s = s->next)
+ {
+ for (j = 0; j < s->addr_count; ++j)
+ {
+ if (s->addr[j].family == AF_INET)
+ {
+ setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,
+ print_in_addr_t(s->addr[j].in.a4.s_addr,
IA_NET_ORDER, &gc));
+ }
+ else
+ {
+ setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,
+ print_in6_addr(s->addr[j].in.a6, 0, &gc));
+ }
+ if (s->addr[j].port)
+ {
+ setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1,
+ print_in_port_t(s->addr[j].port, &gc));
+ }
+ }
+
+ if (s->domains)
+ {
+ for (j = 1, d = s->domains; d != NULL; j++, d = d->next)
+ {
+ setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j,
d->name);
+ }
+ }
+
+ if (s->dnssec)
+ {
+ setenv_dns_option(es, "dns_server_%d_dnssec", i, -1,
+ dnssec_value(s->dnssec));
+ }
+
+ if (s->transport)
+ {
+ setenv_dns_option(es, "dns_server_%d_transport", i, -1,
+ transport_value(s->transport));
+ }
+ if (s->sni)
+ {
+ setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni);
+ }
+ }
+
+ gc_free(&gc);
+}
+
+static void
updown_env_set(bool up, const struct dns_options *o, const struct tuntap *tt,
struct env_set *es)
{
setenv_str(es, "dev", tt->actual_name);
diff --git a/src/openvpn/dns.h b/src/openvpn/dns.h
index c21b33a..b2ec2e7 100644
--- a/src/openvpn/dns.h
+++ b/src/openvpn/dns.h
@@ -168,14 +168,6 @@
struct dns_updown_runner_info *duri);
/**
- * Puts the DNS options into an environment set.
- *
- * @param o Pointer to the DNS options to set
- * @param es Pointer to the env_set to set the options into
- */
-void setenv_dns_options(const struct dns_options *o, struct env_set *es);
-
-/**
* Prints configured DNS options.
*
* @param o Pointer to the DNS options to print
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index e8ec6570..1a9c337 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1061,11 +1061,6 @@
setenv_local_entry(es, o->ce.local_list->array[i], i+1);
}
}
-
- if (!o->pull)
- {
- setenv_dns_options(&o->dns_options, es);
- }
}
#ifndef _WIN32
@@ -4190,7 +4185,6 @@
if (success)
{
dns_options_postprocess_pull(&o->dns_options);
- setenv_dns_options(&o->dns_options, es);
#if defined(_WIN32) || defined(TARGET_ANDROID)
tuntap_options_copy_dns(o);
#else
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/840?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I3fb01ab76cf3df0874ba92e08f371d17607a8369
Gerrit-Change-Number: 840
Gerrit-PatchSet: 17
Gerrit-Owner: d12fk <he...@openvpn.net>
Gerrit-Reviewer: cron2 <g...@greenie.muc.de>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-CC: stipa <lstipa...@gmail.com>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: cron2 <g...@greenie.muc.de>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Attention: d12fk <he...@openvpn.net>
Gerrit-MessageType: newpatchset
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
