diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2013-12-17 11:22:47 +0100 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2013-12-17 13:49:44 +0100 |
| commit | d931524fad9aebc2de1acf4fe66ac594b30e33ef (patch) | |
| tree | ae7c937d4da5cbc4a4349c0c8edf75117ab9d850 /src/openvpn/options.c | |
| parent | c79fa3b0bb63bf7833f5a1c163bd30433c213b6a (diff) | |
| download | openvpn-d931524fad9aebc2de1acf4fe66ac594b30e33ef.tar.gz openvpn-d931524fad9aebc2de1acf4fe66ac594b30e33ef.tar.xz openvpn-d931524fad9aebc2de1acf4fe66ac594b30e33ef.zip | |
Add warning for using connection block variables after connection blocks
In 2.3 some options that were allowed only in global config before have
been moved to connection blocks. This changes the behaviour if the
variables were defined after connection block. This patch adds a warning
to catch these mistakes.
Also let warnings errors show [CONNECTION-OPTIONS] instead of [CMD-LINE]
for connection blocks
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1387275767-10303-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8117
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit cd6555e0159987ef264789f4976053ce2aa5fc20)
Diffstat (limited to 'src/openvpn/options.c')
| -rw-r--r-- | src/openvpn/options.c | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index bfcc6da..2879654 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3844,7 +3844,7 @@ read_config_string (const char *prefix, { bypass_doubledash (&p[0]); check_inline_file_via_buf (&multiline, p, &options->gc); - add_option (options, p, NULL, line_num, 0, msglevel, permission_mask, option_types_found, es); + add_option (options, p, prefix, line_num, 0, msglevel, permission_mask, option_types_found, es); } CLEAR (p); } @@ -3964,27 +3964,43 @@ void options_string_import (struct options *options, #if P2MP -#define VERIFY_PERMISSION(mask) { if (!verify_permission(p[0], file, (mask), permission_mask, option_types_found, msglevel)) goto err; } +#define VERIFY_PERMISSION(mask) { if (!verify_permission(p[0], file, line, (mask), permission_mask, option_types_found, msglevel, options)) goto err; } static bool verify_permission (const char *name, const char* file, + int line, const unsigned int type, const unsigned int allowed, unsigned int *found, - const int msglevel) + const int msglevel, + struct options* options) { if (!(type & allowed)) { msg (msglevel, "option '%s' cannot be used in this context (%s)", name, file); return false; } - else + + if (found) + *found |= type; + +#ifndef ENABLE_SMALL + /* Check if this options is allowed in connection block, + * but we are currently not in a connection block + * Parsing a connection block uses a temporary options struct without + * connection_list + */ + + if ((type & OPT_P_CONNECTION) && options->connection_list) { - if (found) - *found |= type; - return true; + if (file) + msg (M_WARN, "Option '%s' in %s:%d is ignored by previous <connection> blocks ", name, file, line); + else + msg (M_WARN, "Option '%s' is ignored by previous <connection> blocks", name); } +#endif + return true; } #else |