aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-04 21:42:56 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-11-04 21:42:56 +0000
commit373faab1faf0a7c90cbe08c0223dcae5d34be269 (patch)
tree435e343b49d2169848e36043305894e869e24270
parentFixed revoke-full to deal with issue arising from addition (diff)
downloadopenvpn-373faab1faf0a7c90cbe08c0223dcae5d34be269.tar.xz
Added config file option "setenv FORWARD_COMPATIBLE 1" to relax
config file syntax checking to allow directives for future OpenVPN versions to be ignored. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3476 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--openvpn.815
-rw-r--r--options.c18
-rw-r--r--options.h3
3 files changed, 33 insertions, 3 deletions
diff --git a/openvpn.8 b/openvpn.8
index 0e85983..921f8fb 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -26,7 +26,7 @@
.\" LP paragraph
.\" IP indented paragraph
.\" TP hanging label
-.TH openvpn 8 "3 August 2005"
+.TH openvpn 8 "4 November 2008"
.\"*********************************************************
.SH NAME
openvpn \- secure IP tunnel daemon.
@@ -2010,6 +2010,19 @@ Set a custom environmental variable
to pass to script.
.\"*********************************************************
.TP
+.B --setenv FORWARD_COMPATIBLE 1
+Relax config file syntax checking so that unknown directives
+will trigger a warning but not a fatal error,
+on the assumption that a given unknown directive might be valid
+in future OpenVPN versions.
+
+This option should be used with caution, as there are good security
+reasons for having OpenVPN fail if it detects problems in a
+config file. Having said that, there are valid reasons for wanting
+new software features to gracefully degrade when encountered by
+older software versions.
+.\"*********************************************************
+.TP
.B --setenv-safe name value
Set a custom environmental variable
.B OPENVPN_name=value
diff --git a/options.c b/options.c
index 95d81a0..7187d6e 100644
--- a/options.c
+++ b/options.c
@@ -191,6 +191,8 @@ static const char usage_message[] =
" flag to add a direct route to DHCP server, bypassing tunnel.\n"
" Add 'bypass-dns' flag to similarly bypass tunnel for DNS.\n"
"--setenv name value : Set a custom environmental variable to pass to script.\n"
+ "--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow\n"
+ " directives for future OpenVPN versions to be ignored.\n"
"--script-security level : 0 -- strictly no calling of external programs\n"
" 1 -- (default) only call built-ins such as ifconfig\n"
" 2 -- allow calling of built-ins and scripts\n"
@@ -3267,6 +3269,12 @@ no_more_than_n_args (const int msglevel,
return true;
}
+static inline int
+msglevel_forward_compatible (struct options *options)
+{
+ return options->forward_compatible ? M_WARN : msglevel;
+}
+
static void
add_option (struct options *options,
char *p[],
@@ -3280,6 +3288,7 @@ add_option (struct options *options,
{
struct gc_arena gc = gc_new ();
const bool pull_mode = BOOL_CAST (permission_mask & OPT_P_PULL_MODE);
+ int msglevel_fc = msglevel_forward_compatible (options);
ASSERT (MAX_PARMS >= 5);
if (!file)
@@ -4377,6 +4386,11 @@ add_option (struct options *options,
else if (streq (p[0], "setenv") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
+ if (streq (p[1], "FORWARD_COMPATIBLE") && p[2] && streq (p[2], "1"))
+ {
+ options->forward_compatible = true;
+ msglevel_fc = msglevel_forward_compatible (options);
+ }
setenv_str (es, p[1], p[2] ? p[2] : "");
}
else if (streq (p[0], "setenv-safe") && p[1])
@@ -5540,9 +5554,9 @@ add_option (struct options *options,
else
{
if (file)
- msg (msglevel, "Unrecognized option or missing parameter(s) in %s:%d: %s (%s)", file, line, p[0], PACKAGE_VERSION);
+ msg (msglevel_fc, "Unrecognized option or missing parameter(s) in %s:%d: %s (%s)", file, line, p[0], PACKAGE_VERSION);
else
- msg (msglevel, "Unrecognized option or missing parameter(s): --%s (%s)", p[0], PACKAGE_VERSION);
+ msg (msglevel_fc, "Unrecognized option or missing parameter(s): --%s (%s)", p[0], PACKAGE_VERSION);
}
err:
gc_free (&gc);
diff --git a/options.h b/options.h
index 1770bc8..c6d4e47 100644
--- a/options.h
+++ b/options.h
@@ -150,6 +150,9 @@ struct options
# define MODE_SERVER 1
int mode;
+ /* enable forward compatibility for post-2.1 features */
+ bool forward_compatible;
+
/* persist parms */
bool persist_config;
int persist_mode;