Remove the ip-remote-hint option.

The ip-remote-hint option overrides the remote hostname of every
remote/connection entry unless management-query-remote is also defined and
the management interfaces overrides the option with remote MOD.

The remote name is even overridden when when management interface issues
remote ACCEPT after being presented with the non overridden remote.

Overriding all remote options can also be done by  management-query-remote
and issuing remote MOD or by changing alll remote statements in the
configuration.

Also: remove unused variable newcycle

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1385382680-5912-3-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8057
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 676a7fede72156585c611c3d1f4f3b99cb543a8e..2076aadb80b6c647adcd3e75b79d3a6ffef42bc9 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -245,7 +245,7 @@ management_callback_remote_cmd (void *arg, const char **p)
 }
 
 static bool
-ce_management_query_remote (struct context *c, const char *remote_ip_hint)
+ce_management_query_remote (struct context *c)
 {
   struct gc_arena gc = gc_new ();
   volatile struct connection_entry *ce = &c->options.ce;
@@ -270,8 +270,6 @@ ce_management_query_remote (struct context *c, const char *remote_ip_hint)
     }
   {
     const int flags = ((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT) & CE_MAN_QUERY_REMOTE_MASK);
-    if (flags == CE_MAN_QUERY_REMOTE_ACCEPT && remote_ip_hint)
-      ce->remote = remote_ip_hint;
     ret = (flags != CE_MAN_QUERY_REMOTE_SKIP);
   }
   gc_free (&gc);
@@ -321,9 +319,6 @@ next_connection_entry (struct context *c)
       int n_cycles = 0;
 
       do {
-       const char *remote_ip_hint = NULL;
-       bool newcycle = false;
-
        ce_defined = true;
        if (l->no_advance && l->current >= 0)
          {
@@ -338,16 +333,10 @@ next_connection_entry (struct context *c)
                if (++n_cycles >= 2)
                  msg (M_FATAL, "No usable connection profiles are present");
              }
-
-           if (l->current == 0)
-             newcycle = true;
          }
 
        ce = l->array[l->current];
 
-       if (c->options.remote_ip_hint && !l->n_cycles)
-         remote_ip_hint = c->options.remote_ip_hint;
-
        if (ce->flags & CE_DISABLED)
          ce_defined = false;
 
@@ -356,14 +345,12 @@ next_connection_entry (struct context *c)
        if (ce_defined && management && management_query_remote_enabled(management))
          {
            /* allow management interface to override connection entry details */
-           ce_defined = ce_management_query_remote(c, remote_ip_hint);
+           ce_defined = ce_management_query_remote(c);
            if (IS_SIG (c))
              break;
          }
         else
 #endif
-       if (remote_ip_hint)
-         c->options.ce.remote = remote_ip_hint;
 
 #ifdef ENABLE_MANAGEMENT
         if (ce_defined && management && management_query_proxy_enabled (management))

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 809bfa0525ad49331b5c83e18aed08c5e53524b8..aa12cbd6654e9431b7b32a05b244e7f8b7e925a2 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4435,11 +4435,6 @@ add_option (struct options *options,
 
       options->ignore_unknown_option[i] = NULL;
     }
-  else if (streq (p[0], "remote-ip-hint") && p[1])
-    {
-      VERIFY_PERMISSION (OPT_P_GENERAL);
-      options->remote_ip_hint = p[1];
-    }
 #if HTTP_PROXY_OVERRIDE
   else if (streq (p[0], "http-proxy-override") && p[1] && p[2])
     {

diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 659d05bacef7b1bdcca87a83b3c05ae1b91b12b9..b320ca150b3bcb45d990023d7309ac56ec955028 100644 (file)
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -210,7 +210,6 @@ struct options
 
   /* Networking parms */
   struct connection_entry ce;
-  char *remote_ip_hint;
   struct connection_list *connection_list;
   struct remote_list *remote_list;
   bool force_connection_list;