aboutsummaryrefslogtreecommitdiff
path: root/options.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-04 20:35:09 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-04 20:35:09 +0000
commit0a838de8adf3b06590e73cff6415275d9b1cd4fe (patch)
tree17d8ef48307d970ad53efb4e9d7f61bf62a6e292 /options.c
parentFixed minor compile issue in ntlm.c (mid-block declaration). (diff)
downloadopenvpn-0a838de8adf3b06590e73cff6415275d9b1cd4fe.tar.xz
Added --allow-pull-fqdn option which allows client to pull DNS names
from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--options.c32
1 files changed, 20 insertions, 12 deletions
diff --git a/options.c b/options.c
index 69f3731..ca9b9e1 100644
--- a/options.c
+++ b/options.c
@@ -180,6 +180,8 @@ static const char usage_message[] =
" --route-up script using environmental variables.\n"
"--route-nopull : When used with --client or --pull, accept options pushed\n"
" by server EXCEPT for routes.\n"
+ "--allow-pull-fqdn : Allow client to pull DNS names from server for\n"
+ " --ifconfig, --route, and --route-gateway.\n"
"--redirect-gateway [flags]: (Experimental) Automatically execute routing\n"
" commands to redirect all outgoing IP traffic through the\n"
" VPN. Add 'local' flag if both " PACKAGE_NAME " servers are directly\n"
@@ -890,7 +892,7 @@ dhcp_option_address_parse (const char *name, const char *parm, in_addr_t *array,
}
else
{
- if (ip_addr_dotted_quad_safe (parm))
+ if (ip_addr_dotted_quad_safe (parm)) /* FQDN -- IP address only */
{
bool error = false;
const in_addr_t addr = get_ip_addr (parm, msglevel, &error);
@@ -1227,6 +1229,7 @@ show_settings (const struct options *o)
SHOW_BOOL (route_delay_defined);
SHOW_BOOL (route_nopull);
SHOW_BOOL (route_gateway_via_dhcp);
+ SHOW_BOOL (allow_pull_fqdn);
if (o->routes)
print_route_options (o->routes, D_SHOW_PARMS);
@@ -3433,7 +3436,7 @@ add_option (struct options *options,
else if (streq (p[0], "lladdr") && p[1])
{
VERIFY_PERMISSION (OPT_P_UP);
- if (ip_addr_dotted_quad_safe (p[1]))
+ if (ip_addr_dotted_quad_safe (p[1])) /* FQDN -- IP address only */
options->lladdr = p[1];
else
{
@@ -3461,14 +3464,14 @@ add_option (struct options *options,
else if (streq (p[0], "ifconfig") && p[1] && p[2])
{
VERIFY_PERMISSION (OPT_P_UP);
- if (ip_addr_dotted_quad_safe (p[1]) && ip_addr_dotted_quad_safe (p[2]))
+ if (ip_or_dns_addr_safe (p[1], options->allow_pull_fqdn) && ip_or_dns_addr_safe (p[2], options->allow_pull_fqdn)) /* FQDN -- may be DNS name */
{
options->ifconfig_local = p[1];
options->ifconfig_remote_netmask = p[2];
}
else
{
- msg (msglevel, "ifconfig parms '%s' and '%s' must be IP addresses", p[1], p[2]);
+ msg (msglevel, "ifconfig parms '%s' and '%s' must be valid addresses", p[1], p[2]);
goto err;
}
}
@@ -4217,19 +4220,19 @@ add_option (struct options *options,
rol_check_alloc (options);
if (pull_mode)
{
- if (!ip_addr_dotted_quad_safe (p[1]) && !is_special_addr (p[1]))
+ if (!ip_or_dns_addr_safe (p[1], options->allow_pull_fqdn) && !is_special_addr (p[1])) /* FQDN -- may be DNS name */
{
- msg (msglevel, "route parameter network/IP '%s' is not an IP address", p[1]);
+ msg (msglevel, "route parameter network/IP '%s' must be a valid address", p[1]);
goto err;
}
- if (p[2] && !ip_addr_dotted_quad_safe (p[2]))
+ if (p[2] && !ip_addr_dotted_quad_safe (p[2])) /* FQDN -- must be IP address */
{
- msg (msglevel, "route parameter netmask '%s' is not an IP address", p[2]);
+ msg (msglevel, "route parameter netmask '%s' must be an IP address", p[2]);
goto err;
}
- if (p[3] && !ip_addr_dotted_quad_safe (p[3]) && !is_special_addr (p[3]))
+ if (p[3] && !ip_or_dns_addr_safe (p[3], options->allow_pull_fqdn) && !is_special_addr (p[3])) /* FQDN -- may be DNS name */
{
- msg (msglevel, "route parameter gateway '%s' is not an IP address", p[3]);
+ msg (msglevel, "route parameter gateway '%s' must be a valid address", p[3]);
goto err;
}
}
@@ -4244,13 +4247,13 @@ add_option (struct options *options,
}
else
{
- if (ip_addr_dotted_quad_safe (p[1]) || is_special_addr (p[1]))
+ if (ip_or_dns_addr_safe (p[1], options->allow_pull_fqdn) || is_special_addr (p[1])) /* FQDN -- may be DNS name */
{
options->route_default_gateway = p[1];
}
else
{
- msg (msglevel, "route-gateway parm '%s' must be an IP address", p[1]);
+ msg (msglevel, "route-gateway parm '%s' must be a valid address", p[1]);
goto err;
}
}
@@ -4294,6 +4297,11 @@ add_option (struct options *options,
VERIFY_PERMISSION (OPT_P_GENERAL);
options->route_nopull = true;
}
+ else if (streq (p[0], "allow-pull-fqdn"))
+ {
+ VERIFY_PERMISSION (OPT_P_GENERAL);
+ options->allow_pull_fqdn = true;
+ }
else if (streq (p[0], "redirect-gateway"))
{
int j;