The ip-remote-hint option overrides the remote hostname of every
remote/connection entry unless management-query-remote is also defined and the
management interfaces overrides the option with remote MOD … The remote name is
even overridden when when management interface issues remote ACCEPT after being
presented with the non overridden remote.
Overriding all remote options can also be done by management-query-remote and
issuing remote MOD or by changing alll remote statements in the configuration.
Also: remove unused variable newcycle
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/init.c | 17 ++---------------
src/openvpn/options.c | 5 -----
src/openvpn/options.h | 1 -
3 files changed, 2 insertions(+), 21 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 9cfb618..864ff3b 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -243,7 +243,7 @@ management_callback_remote_cmd (void *arg, const char **p)
}
static bool
-ce_management_query_remote (struct context *c, const char *remote_ip_hint)
+ce_management_query_remote (struct context *c)
{
struct gc_arena gc = gc_new ();
volatile struct connection_entry *ce = &c->options.ce;
@@ -268,8 +268,6 @@ ce_management_query_remote (struct context *c, const char
*remote_ip_hint)
}
{
const int flags = ((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT) &
CE_MAN_QUERY_REMOTE_MASK);
- if (flags == CE_MAN_QUERY_REMOTE_ACCEPT && remote_ip_hint)
- ce->remote = remote_ip_hint;
ret = (flags != CE_MAN_QUERY_REMOTE_SKIP);
}
gc_free (&gc);
@@ -319,9 +317,6 @@ next_connection_entry (struct context *c)
int n_cycles = 0;
do {
- const char *remote_ip_hint = NULL;
- bool newcycle = false;
-
ce_defined = true;
if (l->no_advance && l->current >= 0)
{
@@ -336,16 +331,10 @@ next_connection_entry (struct context *c)
if (++n_cycles >= 2)
msg (M_FATAL, "No usable connection profiles are present");
}
-
- if (l->current == 0)
- newcycle = true;
}
ce = l->array[l->current];
- if (c->options.remote_ip_hint && !l->n_cycles)
- remote_ip_hint = c->options.remote_ip_hint;
-
if (ce->flags & CE_DISABLED)
ce_defined = false;
@@ -354,14 +343,12 @@ next_connection_entry (struct context *c)
if (ce_defined && management &&
management_query_remote_enabled(management))
{
/* allow management interface to override connection entry details
*/
- ce_defined = ce_management_query_remote(c, remote_ip_hint);
+ ce_defined = ce_management_query_remote(c);
if (IS_SIG (c))
break;
}
else
#endif
- if (remote_ip_hint)
- c->options.ce.remote = remote_ip_hint;
#ifdef ENABLE_MANAGEMENT
if (ce_defined && management && management_query_proxy_enabled
(management))
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 56fee68..2dd8c9d 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4354,11 +4354,6 @@ add_option (struct options *options,
uninit_options (&sub);
}
}
- else if (streq (p[0], "remote-ip-hint") && p[1])
- {
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->remote_ip_hint = p[1];
- }
#if HTTP_PROXY_OVERRIDE
else if (streq (p[0], "http-proxy-override") && p[1] && p[2])
{
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index c16d509..fde6468 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -208,7 +208,6 @@ struct options
/* Networking parms */
struct connection_entry ce;
- char *remote_ip_hint;
struct connection_list *connection_list;
struct remote_list *remote_list;
bool force_connection_list;
--
1.7.9.5
