On Mon, 2 May 2005, Claas Hilbrecht wrote: > --Am Samstag, 30. April 2005 16:28 -0600 James Yonan <j...@yonan.net> > schrieb: > > > Here is a release candidate for 2.0.1, with a few minor patches. Please > > test, especially if you are using plugins or configurations which use > > multiple --remote options. > > Great, the --remote "bugfix" comes very handy right now. > > Maybe you could add this patch that adds a --management-writeport option to > the configuration and enhances --management to accept a "0" as the port > number. Using "0" as a port number let the os choose a free port for the > management interface. Setting --management-writeport /var/run/openvpn.mport > will write the port used for the managment interface to this file. Together > will my ovpnctrl (netcat like programm) utility you can create a nice > management console in a web gui. > > diff -urN openvpn-2.0.1_rc1/init.c openvpn-2.0.1_rc1.writeport/init.c > --- openvpn-2.0.1_rc1/init.c 2005-04-11 05:43:56.000000000 +0200 > +++ openvpn-2.0.1_rc1.writeport/init.c 2005-05-02 12:30:18.282985588 > +0200 > @@ -2126,6 +2126,7 @@ > if (management_open (management, > c->options.management_addr, > c->options.management_port, > + c->options.management_writeport, > c->options.management_user_pass, > c->options.mode == MODE_SERVER, > c->options.management_query_passwords, > diff -urN openvpn-2.0.1_rc1/manage.c openvpn-2.0.1_rc1.writeport/manage.c > --- openvpn-2.0.1_rc1/manage.c 2005-04-11 05:43:56.000000000 +0200 > +++ openvpn-2.0.1_rc1.writeport/manage.c 2005-05-02 14:24:53.735770992 > +0200 > @@ -830,6 +830,36 @@ > > msg (D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s", > print_sockaddr (&man->settings.local, &gc)); > + > + if (man->settings.writeport_file) > + { > + FILE *mportfh; > + > + mportfh = fopen (man->settings.writeport_file, "w"); > + if (NULL != mportfh) > + { > + int port = man->settings.local.sin_port; > + if (0 == port) > + { > + struct sockaddr_in tmpSockAddr; > + socklen_t tmpSockAddrBufSize = sizeof(tmpSockAddr); > + > + if(getsockname(man->connection.sd_top, (struct sockaddr > *)&tmpSockAddr, &tmpSockAddrBufSize)) > + { > + msg (M_ERR, "getsockname failed"); > + port = -1; > + } > + else > + port = tmpSockAddr.sin_port; > + } > + fprintf (mportfh, "%d\n", ntohs (port)); > + fclose (mportfh); > + } > + else > + { > + msg (M_ERR, "Open error on pid file %s", > man->settings.writeport_file); > + } > + } > } > > #ifdef WIN32 > @@ -1082,6 +1112,7 @@ > man_settings_init (struct man_settings *ms, > const char *addr, > const int port, > + const char *writeport_file, > const char *pass_file, > const bool server, > const bool query_passwords, > @@ -1101,6 +1132,12 @@ > ms->server = server; > > /* > + * Save writeport filename > + */ > + if (writeport_file) > + ms->writeport_file = writeport_file; > + > + /* > * Get username/password > */ > if (pass_file) > @@ -1233,6 +1270,7 @@ > management_open (struct management *man, > const char *addr, > const int port, > + const char *writeport_file, > const char *pass_file, > const bool server, > const bool query_passwords, > @@ -1250,6 +1288,7 @@ > man_settings_init (&man->settings, > addr, > port, > + writeport_file, > pass_file, > server, > query_passwords, > diff -urN openvpn-2.0.1_rc1/manage.h openvpn-2.0.1_rc1.writeport/manage.h > --- openvpn-2.0.1_rc1/manage.h 2005-04-11 05:43:56.000000000 +0200 > +++ openvpn-2.0.1_rc1.writeport/manage.h 2005-05-02 14:25:03.282631910 > +0200 > @@ -194,6 +194,7 @@ > int state_buffer_size; > bool server; > bool hold; > + const char *writeport_file; > }; > > /* up_query modes */ > @@ -252,6 +253,7 @@ > bool management_open (struct management *man, > const char *addr, > const int port, > + const char *writeport_file, > const char *pass_file, > const bool server, > const bool query_passwords, > diff -urN openvpn-2.0.1_rc1/options.c openvpn-2.0.1_rc1.writeport/options.c > --- openvpn-2.0.1_rc1/options.c 2005-04-30 11:47:22.000000000 +0200 > +++ openvpn-2.0.1_rc1.writeport/options.c 2005-05-02 13:28:30.815427629 > +0200 > @@ -282,6 +282,8 @@ > " of the management interface explicitly starts it.\n" > "--management-log-cache n : Cache n lines of log file history for > usage\n" > " by the management channel.\n" > + "--management-writeport file : Write used port for management > interface\n" > + " to file.\n" > #endif > #ifdef ENABLE_PLUGIN > "--plugin m [str]: Load plug-in module m passing str as an argument\n" > @@ -1065,6 +1067,7 @@ > #ifdef ENABLE_MANAGEMENT > SHOW_STR (management_addr); > SHOW_INT (management_port); > + SHOW_STR (management_writeport); > SHOW_STR (management_user_pass); > SHOW_INT (management_log_history_cache); > SHOW_INT (management_echo_buffer_size); > @@ -1340,6 +1343,8 @@ > (options->management_query_passwords || options->management_hold > || options->management_log_history_cache != > defaults.management_log_history_cache)) > msg (M_USAGE, "--management is not specified, however one or more > options which modify the behavior of --management were specified"); > + if (options->management_port == 0 && !options->management_writeport) > + msg (M_USAGE, "--management ip port [pass] uses port=0 to auto-select > the management port but there is no --management-writeport option to record > the used port"); > #endif > > /* > @@ -2652,7 +2657,7 @@ > i += 2; > VERIFY_PERMISSION (OPT_P_GENERAL); > port = atoi (p[2]); > - if (!legal_ipv4_port (port)) > + if (port != 0 && !legal_ipv4_port (port)) > { > msg (msglevel, "port number associated with --management directive is > out of range"); > goto err; > @@ -2666,6 +2671,12 @@ > options->management_user_pass = p[3]; > } > } > + else if (streq (p[0], "management-writeport") && p[1]) > + { > + ++i; > + VERIFY_PERMISSION (OPT_P_GENERAL); > + options->management_writeport = p[1]; > + } > else if (streq (p[0], "management-query-passwords")) > { > VERIFY_PERMISSION (OPT_P_GENERAL); > diff -urN openvpn-2.0.1_rc1/options.h openvpn-2.0.1_rc1.writeport/options.h > --- openvpn-2.0.1_rc1/options.h 2005-04-11 05:43:57.000000000 +0200 > +++ openvpn-2.0.1_rc1.writeport/options.h 2005-05-02 14:34:24.017737322 > +0200 > @@ -259,6 +259,7 @@ > #ifdef ENABLE_MANAGEMENT > const char *management_addr; > int management_port; > + const char *management_writeport; > const char *management_user_pass; > int management_log_history_cache; > int management_echo_buffer_size;
Interesting idea for when the client is local to the OpenVPN daemon. I'm thinking this would be a 2.1 thing. A few comments/questions: * Does your code survive a SIGUSR1 when root has been dropped or chroot has been done? Writing to files can be a bit tricky in OpenVPN because you need to make sure that you will only need to do the writing before the privilege downgrade or chroot -- otherwise you need to grab a file descriptor before the root-drop/chroot and keep it open so you can continue to write to it. For an example, see the --status implementation. The general requirement is that a SIGUSR1 should not cause OpenVPN to need to open a resource which would now be inaccessible due to a root-drop/chroot. I think you are probably okay here because the place where you are writing the port number I believe is only called on initialization. * Some stray text in the can't open error message: "Open error on pid file". James