Include CE_DISABLED status of remote in "remote-entry-get" response

- The response to the management command "remote-entry-get" is
  amended to include the status of the remote entry. The status
  reads "disabled" if (ce->flag & DISABLED) is true, "enabled"
  otherwise.

- Update and correct the description of this option in
  management-notes.txt

  Example responses:
  In response to "remote-entry-get 0"

  0,vpn.example.com,udp,enabled
  END

  Or, in response to "remote-entry-get all"

  0,vpn.example.org,udp,enabled
  1,vpn.example.com,udp,enabled
  2,vpn.example.net,tcp-client,disabled
  END

This helps the management client to show only enabled remotes
to the user.
An alternative would require the  UI/GUI to have knowledge of
what makes the daemon set CE_DISABLED (--proto-force,
--htttp-proxy-override etc.).

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230111062910.1846688-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/search?l=mid&q=20230111062910.1846688-1-selva.nair@gmail.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index 6daa811afc08ccb09956109a93e273bca587614e..34f301db7e0e45ac2ccc3fe96a3925e98aa3477e 100644 (file)
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -806,9 +806,12 @@ COMMAND -- remote-entry-get (OpenVPN 2.6+ management version > 3)
 
   remote-entry-get <start> [<end>]
 
-Retrieve remote entry (host, port and protocol) for index
-<start> or indices from <start> to <end>+1. Alternatively
-<start> = "all" retrieves all remote entries.
+Retrieve remote entry (host, port, protocol, and status) for index
+<start> or indices from <start> to <end>-1. Alternatively
+<start> = "all" retrieves all remote entries. The index is 0-based.
+If the entry is disabled due to protocol or proxy restrictions
+(i.e., ce->flag & CE_DISABLED == 1), the status is returned as "disabled",
+otherwise it reads "enabled" without quotes.
 
 Example 1:
 
@@ -818,8 +821,8 @@ Example 1:
 
   OpenVPN daemon responds with
 
-  1,vpn.example.com,1194,udp
-  END
+    1,vpn.example.com,1194,udp,enabled
+    END
 
 Example 2:
 
@@ -829,8 +832,8 @@ Example 2:
 
   OpenVPN daemon responds with
 
-    1,vpn.example.com,1194,udp
-    2,vpn.example.net,443,tcp-client
+    1,vpn.example.com,1194,udp,enabled
+    2,vpn.example.net,443,tcp-client,disabled
     END
 
 Example 3:
@@ -840,9 +843,9 @@ Example 3:
 
   OpenVPN daemon with 3 connection entries responds with
 
-    1,vpn.example.com,1194,udp
-    2,vpn.example.com,443,tcp-client
-    3,vpn.example.net,443,udp
+    0,vpn.example.com,1194,udp,enabled
+    1,vpn.example.com,443,tcp-client,enabled
+    2,vpn.example.net,443,udp,enabled
     END
 
 COMMAND -- remote  (OpenVPN AS 2.1.5/OpenVPN 2.3 or higher)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 45badcd3ca236f871eddcdd59731a079a9b69029..773588305e1ed822a15f3f65ba73e876866b8ccd 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -353,13 +353,15 @@ management_callback_remote_entry_get(void *arg, unsigned int index, char **remot
     {
         struct connection_entry *ce = l->array[index];
         const char *proto = proto2ascii(ce->proto, ce->af, false);
+        const char *status = (ce->flags & CE_DISABLED) ? "disabled" : "enabled";
 
-        /* space for output including 2 commas and a nul */
-        int len = strlen(ce->remote) + strlen(ce->remote_port) + strlen(proto) + 2 + 1;
+        /* space for output including 3 commas and a nul */
+        int len = strlen(ce->remote) + strlen(ce->remote_port) + strlen(proto)
+                  + strlen(status) + 3 + 1;
         char *out = malloc(len);
         check_malloc_return(out);
 
-        openvpn_snprintf(out, len, "%s,%s,%s", ce->remote, ce->remote_port, proto);
+        openvpn_snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status);
         *remote = out;
     }
     else