diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-04 20:35:09 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-04 20:35:09 +0000 |
commit | 0a838de8adf3b06590e73cff6415275d9b1cd4fe (patch) | |
tree | 17d8ef48307d970ad53efb4e9d7f61bf62a6e292 /options.c | |
parent | Fixed minor compile issue in ntlm.c (mid-block declaration). (diff) | |
download | openvpn-0a838de8adf3b06590e73cff6415275d9b1cd4fe.tar.xz |
Added --allow-pull-fqdn option which allows client to pull DNS names
from server (rather than only IP address) for --ifconfig, --route, and
--route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names
for these options to be pulled and translated to IP addresses by default.
Now --allow-pull-fqdn will be explicitly required on the client to enable
DNS-name-to-IP-address translation of pulled options.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'options.c')
-rw-r--r-- | options.c | 32 |
1 files changed, 20 insertions, 12 deletions
@@ -180,6 +180,8 @@ static const char usage_message[] = " --route-up script using environmental variables.\n" "--route-nopull : When used with --client or --pull, accept options pushed\n" " by server EXCEPT for routes.\n" + "--allow-pull-fqdn : Allow client to pull DNS names from server for\n" + " --ifconfig, --route, and --route-gateway.\n" "--redirect-gateway [flags]: (Experimental) Automatically execute routing\n" " commands to redirect all outgoing IP traffic through the\n" " VPN. Add 'local' flag if both " PACKAGE_NAME " servers are directly\n" @@ -890,7 +892,7 @@ dhcp_option_address_parse (const char *name, const char *parm, in_addr_t *array, } else { - if (ip_addr_dotted_quad_safe (parm)) + if (ip_addr_dotted_quad_safe (parm)) /* FQDN -- IP address only */ { bool error = false; const in_addr_t addr = get_ip_addr (parm, msglevel, &error); @@ -1227,6 +1229,7 @@ show_settings (const struct options *o) SHOW_BOOL (route_delay_defined); SHOW_BOOL (route_nopull); SHOW_BOOL (route_gateway_via_dhcp); + SHOW_BOOL (allow_pull_fqdn); if (o->routes) print_route_options (o->routes, D_SHOW_PARMS); @@ -3433,7 +3436,7 @@ add_option (struct options *options, else if (streq (p[0], "lladdr") && p[1]) { VERIFY_PERMISSION (OPT_P_UP); - if (ip_addr_dotted_quad_safe (p[1])) + if (ip_addr_dotted_quad_safe (p[1])) /* FQDN -- IP address only */ options->lladdr = p[1]; else { @@ -3461,14 +3464,14 @@ add_option (struct options *options, else if (streq (p[0], "ifconfig") && p[1] && p[2]) { VERIFY_PERMISSION (OPT_P_UP); - if (ip_addr_dotted_quad_safe (p[1]) && ip_addr_dotted_quad_safe (p[2])) + if (ip_or_dns_addr_safe (p[1], options->allow_pull_fqdn) && ip_or_dns_addr_safe (p[2], options->allow_pull_fqdn)) /* FQDN -- may be DNS name */ { options->ifconfig_local = p[1]; options->ifconfig_remote_netmask = p[2]; } else { - msg (msglevel, "ifconfig parms '%s' and '%s' must be IP addresses", p[1], p[2]); + msg (msglevel, "ifconfig parms '%s' and '%s' must be valid addresses", p[1], p[2]); goto err; } } @@ -4217,19 +4220,19 @@ add_option (struct options *options, rol_check_alloc (options); if (pull_mode) { - if (!ip_addr_dotted_quad_safe (p[1]) && !is_special_addr (p[1])) + if (!ip_or_dns_addr_safe (p[1], options->allow_pull_fqdn) && !is_special_addr (p[1])) /* FQDN -- may be DNS name */ { - msg (msglevel, "route parameter network/IP '%s' is not an IP address", p[1]); + msg (msglevel, "route parameter network/IP '%s' must be a valid address", p[1]); goto err; } - if (p[2] && !ip_addr_dotted_quad_safe (p[2])) + if (p[2] && !ip_addr_dotted_quad_safe (p[2])) /* FQDN -- must be IP address */ { - msg (msglevel, "route parameter netmask '%s' is not an IP address", p[2]); + msg (msglevel, "route parameter netmask '%s' must be an IP address", p[2]); goto err; } - if (p[3] && !ip_addr_dotted_quad_safe (p[3]) && !is_special_addr (p[3])) + if (p[3] && !ip_or_dns_addr_safe (p[3], options->allow_pull_fqdn) && !is_special_addr (p[3])) /* FQDN -- may be DNS name */ { - msg (msglevel, "route parameter gateway '%s' is not an IP address", p[3]); + msg (msglevel, "route parameter gateway '%s' must be a valid address", p[3]); goto err; } } @@ -4244,13 +4247,13 @@ add_option (struct options *options, } else { - if (ip_addr_dotted_quad_safe (p[1]) || is_special_addr (p[1])) + if (ip_or_dns_addr_safe (p[1], options->allow_pull_fqdn) || is_special_addr (p[1])) /* FQDN -- may be DNS name */ { options->route_default_gateway = p[1]; } else { - msg (msglevel, "route-gateway parm '%s' must be an IP address", p[1]); + msg (msglevel, "route-gateway parm '%s' must be a valid address", p[1]); goto err; } } @@ -4294,6 +4297,11 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL); options->route_nopull = true; } + else if (streq (p[0], "allow-pull-fqdn")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + options->allow_pull_fqdn = true; + } else if (streq (p[0], "redirect-gateway")) { int j; |