Check whether in pull_mode before warning about previous connection blocks

In particular, this eliminates the message that says "explicit-exit-notify
is ignored by previous <connection> blocks" when the option is pushed.

Note: pull_mode is identified as "allowed & OPT_P_PULL_MODE" matching
with the definition in add_options().

Reported by: Eike Lohmann e.lohmann@ic3s.de
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg04052.h
tml

v2: move the check to verify_permissions() as suggested by
    Gert <gert@greenie.muc.de>

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1505501175-9016-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15452.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 422ecdac4a2738cd269361e048468d8b58793c4e)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 4a9c0e779a37ef3faab7129b410687e8b0dfc4ce..be25899ca01431ba18cb8473208f29bd088a3f9c 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4845,11 +4845,13 @@ verify_permission(const char *name,
 #ifndef ENABLE_SMALL
     /* Check if this options is allowed in connection block,
      * but we are currently not in a connection block
+     * unless this is a pushed option.
      * Parsing a connection block uses a temporary options struct without
      * connection_list
      */
 
-    if ((type & OPT_P_CONNECTION) && options->connection_list)
+    if ((type & OPT_P_CONNECTION) && options->connection_list
+        && !(allowed & OPT_P_PULL_MODE))
     {
         if (file)
         {