Due to a shortcut in the `--dns-updown force' implementation, running the
default dns-updown script required `--script-security 2'. This makes the
forced default script run without --script-security set.
Change-Id: I55940b78e35f0e3d74aa6cba14378afed97a444e
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <
20250626093006.24789-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31994.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
clone.servers = clone_dns_servers(o->servers, gc);
clone.servers_prepull = clone_dns_servers(o->servers_prepull, gc);
clone.updown = o->updown;
- clone.user_set_updown = o->user_set_updown;
+ clone.updown_flags = o->updown_flags;
return clone;
}
argv_printf(&argv, "%s", o->updown);
argv_msg(M_INFO, &argv);
int res;
- if (o->user_set_updown)
+ if (dns_updown_user_set(o))
{
res = openvpn_run_script(&argv, es, S_EXITCODE, "dns updown");
}
run_up_down_command(bool up, struct options *o, const struct tuntap *tt, struct dns_updown_runner_info *updown_runner)
{
struct dns_options *dns = &o->dns_options;
- if (!dns->updown || (o->up_script && !dns->user_set_updown))
+ if (!dns->updown || (o->up_script && !dns_updown_user_set(dns) && !dns_updown_forced(dns)))
{
return;
}
DNS_TRANSPORT_TLS
};
+enum dns_updown_flags {
+ DNS_UPDOWN_NO_FLAGS,
+ DNS_UPDOWN_USER_SET,
+ DNS_UPDOWN_FORCED
+};
+
struct dns_domain {
struct dns_domain *next;
const char *name;
};
-struct dns_server_addr
-{
+struct dns_server_addr {
union {
struct in_addr a4;
struct in6_addr a6;
struct dns_server *servers;
struct gc_arena gc;
const char *updown;
- bool user_set_updown;
+ enum dns_updown_flags updown_flags;
};
/**
*/
void show_dns_options(const struct dns_options *o);
+/**
+ * Returns whether dns-updown is user defined
+ *
+ * @param o Pointer to the DNS options struct
+ */
+static inline bool
+dns_updown_user_set(const struct dns_options *o)
+{
+ return o->updown_flags == DNS_UPDOWN_USER_SET;
+}
+
+/**
+ * Returns whether dns-updown is forced to run
+ *
+ * @param o Pointer to the DNS options struct
+ */
+static inline bool
+dns_updown_forced(const struct dns_options *o)
+{
+ return o->updown_flags == DNS_UPDOWN_FORCED;
+}
+
#endif /* ifndef DNS_H */
struct gc_arena gc = gc_new();
struct dns_options *dns = &o->dns_options;
- if (dns->servers || dns->user_set_updown)
+ if (dns->servers || dns_updown_user_set(dns) || dns_updown_forced(dns))
{
/* Clean up env from --dhcp-option DNS config */
struct buffer name = alloc_buf_gc(OPTION_PARM_SIZE, &gc);
}
}
}
- else if (o->up_script && !dns->user_set_updown)
+ else if (o->up_script && !dns_updown_user_set(dns) && !dns_updown_forced(dns))
{
/* Set foreign option env vars from --dns config */
const char *p[] = { "dhcp-option", NULL, NULL };
if (streq(p[1], "disable"))
{
dns->updown = NULL;
- dns->user_set_updown = false;
+ dns->updown_flags = DNS_UPDOWN_NO_FLAGS;
}
else if (streq(p[1], "force"))
{
/* force dns-updown run, even if a --up script is defined */
- if (dns->user_set_updown == false)
+ if (!dns_updown_user_set(dns))
{
dns->updown = DEFAULT_DNS_UPDOWN;
- dns->user_set_updown = true;
+ dns->updown_flags = DNS_UPDOWN_FORCED;
}
}
else
dns->updown = NULL;
}
set_user_script(options, &dns->updown, p[1], p[0], false);
- dns->user_set_updown = true;
+ dns->updown_flags = DNS_UPDOWN_USER_SET;
}
}
else if (streq(p[0], "dns") && p[1])
projects / thirdparty / openvpn.git / commitdiff
