cron2 has uploaded a new patch set (#4) to the change originally created by d12fk. ( http://gerrit.openvpn.net/c/openvpn/+/1065?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: run forced --dns-updown without --script-security ...................................................................... run forced --dns-updown without --script-security Due to a shortcut in the `--dns-updown force' implementation, running the default dns-updown script required `--script-security 2'. This makes the forced default script run without --script-security set. Change-Id: I55940b78e35f0e3d74aa6cba14378afed97a444e Signed-off-by: Heiko Hund <he...@ist.eigentlich.net> Acked-by: Frank Lichtenheld <fr...@lichtenheld.com> Message-Id: <20250626093006.24789-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31994.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M src/openvpn/dns.c M src/openvpn/dns.h M src/openvpn/options.c 3 files changed, 39 insertions(+), 12 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/65/1065/4 diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index 939ae09..ea3d91b 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -264,7 +264,7 @@ clone.servers = clone_dns_servers(o->servers, gc); clone.servers_prepull = clone_dns_servers(o->servers_prepull, gc); clone.updown = o->updown; - clone.user_set_updown = o->user_set_updown; + clone.updown_flags = o->updown_flags; return clone; } @@ -580,7 +580,7 @@ argv_printf(&argv, "%s", o->updown); argv_msg(M_INFO, &argv); int res; - if (o->user_set_updown) + if (dns_updown_user_set(o)) { res = openvpn_run_script(&argv, es, S_EXITCODE, "dns updown"); } @@ -692,7 +692,7 @@ run_up_down_command(bool up, struct options *o, const struct tuntap *tt, struct dns_updown_runner_info *updown_runner) { struct dns_options *dns = &o->dns_options; - if (!dns->updown || (o->up_script && !dns->user_set_updown)) + if (!dns->updown || (o->up_script && !dns_updown_user_set(dns) && !dns_updown_forced(dns))) { return; } diff --git a/src/openvpn/dns.h b/src/openvpn/dns.h index 688daa7..d33f64e 100644 --- a/src/openvpn/dns.h +++ b/src/openvpn/dns.h @@ -42,13 +42,18 @@ DNS_TRANSPORT_TLS }; +enum dns_updown_flags { + DNS_UPDOWN_NO_FLAGS, + DNS_UPDOWN_USER_SET, + DNS_UPDOWN_FORCED +}; + struct dns_domain { struct dns_domain *next; const char *name; }; -struct dns_server_addr -{ +struct dns_server_addr { union { struct in_addr a4; struct in6_addr a6; @@ -103,7 +108,7 @@ struct dns_server *servers; struct gc_arena gc; const char *updown; - bool user_set_updown; + enum dns_updown_flags updown_flags; }; /** @@ -195,4 +200,26 @@ */ void show_dns_options(const struct dns_options *o); +/** + * Returns whether dns-updown is user defined + * + * @param o Pointer to the DNS options struct + */ +static inline bool +dns_updown_user_set(const struct dns_options *o) +{ + return o->updown_flags == DNS_UPDOWN_USER_SET; +} + +/** + * Returns whether dns-updown is forced to run + * + * @param o Pointer to the DNS options struct + */ +static inline bool +dns_updown_forced(const struct dns_options *o) +{ + return o->updown_flags == DNS_UPDOWN_FORCED; +} + #endif /* ifndef DNS_H */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7e26069..af097f8 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3593,7 +3593,7 @@ struct gc_arena gc = gc_new(); struct dns_options *dns = &o->dns_options; - if (dns->servers || dns->user_set_updown) + if (dns->servers || dns_updown_user_set(dns) || dns_updown_forced(dns)) { /* Clean up env from --dhcp-option DNS config */ struct buffer name = alloc_buf_gc(OPTION_PARM_SIZE, &gc); @@ -3667,7 +3667,7 @@ } } } - else if (o->up_script && !dns->user_set_updown) + else if (o->up_script && !dns_updown_user_set(dns) && !dns_updown_forced(dns)) { /* Set foreign option env vars from --dns config */ const char *p[] = { "dhcp-option", NULL, NULL }; @@ -8182,15 +8182,15 @@ if (streq(p[1], "disable")) { dns->updown = NULL; - dns->user_set_updown = false; + dns->updown_flags = DNS_UPDOWN_NO_FLAGS; } else if (streq(p[1], "force")) { /* force dns-updown run, even if a --up script is defined */ - if (dns->user_set_updown == false) + if (!dns_updown_user_set(dns)) { dns->updown = DEFAULT_DNS_UPDOWN; - dns->user_set_updown = true; + dns->updown_flags = DNS_UPDOWN_FORCED; } } else @@ -8201,7 +8201,7 @@ dns->updown = NULL; } set_user_script(options, &dns->updown, p[1], p[0], false); - dns->user_set_updown = true; + dns->updown_flags = DNS_UPDOWN_USER_SET; } } else if (streq(p[0], "dns") && p[1]) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1065?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I55940b78e35f0e3d74aa6cba14378afed97a444e Gerrit-Change-Number: 1065 Gerrit-PatchSet: 4 Gerrit-Owner: d12fk <he...@openvpn.net> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: newpatchset
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel