options.c

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authe

	      p[ret][parm_len] = '\0';
	      state = 0;
	      parm_len = 0;
	      ++ret;
	    }
	  backslash = false;
	}

      /* store parameter character */
      if (out)
	{
	  if (parm_len >= SIZE (parm))
	    {
	      parm[SIZE (parm) - 1] = 0;
	      msg (msglevel, "Parameter at %s:%d is too long (%d chars max): %s",
		   file, line_num, (int) SIZE (parm), parm);
	      return 0;
	    }
	  parm[parm_len++] = out;
	}

      /* avoid overflow if too many parms in one config file line */
      if (ret >= n)
	break;

    } while (*c++ != '\0');

  if (state == STATE_READING_QUOTED_PARM)
    {
      msg (msglevel, "No closing quotation (\") in %s:%d", file, line_num);
      return 0;
    }
  if (state != STATE_INITIAL)
    {
      msg (msglevel, "Residual parse state (%d) in %s:%d", state, file, line_num);
      return 0;
    }
#if 0
  {
    int i;
    for (i = 0; i < ret; ++i)
      {
	msg (M_INFO|M_NOPREFIX, "%s:%d ARG[%d] '%s'", file, line_num, i, p[i]);
      }
  }
#endif
    return ret;
}

static int
add_option (struct options *options,
	    int i,
	    char *p[],
	    const char* file,
	    int line,
	    int level,
	    int msglevel,
	    unsigned int permission_mask,
	    unsigned int *option_types_found);

static void
read_config_file (struct options *options,
		  const char* file,
		  int level,
		  const char* top_file,
		  int top_line,
		  int msglevel,
		  unsigned int permission_mask,
		  unsigned int *option_types_found)
{
  const int max_recursive_levels = 10;
  FILE *fp;
  int line_num;
  char line[256];

  ++level;
  if (level > max_recursive_levels)
    msg (M_FATAL, "In %s:%d: Maximum recursive include levels exceeded in include attempt of file %s -- probably you have a configuration file that tries to include itself.", top_file, top_line, file);

  fp = fopen (file, "r");
  if (!fp)
    msg (M_ERR, "In %s:%d: Error opening configuration file: %s", top_file, top_line, file);

  line_num = 0;
  while (fgets(line, sizeof (line), fp))
    {
      char *p[MAX_PARMS];
      CLEAR (p);
      ++line_num;
      if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))
	{
	  if (strlen (p[0]) >= 3 && !strncmp (p[0], "--", 2))
	    p[0] += 2;
	  add_option (options, 0, p, file, line_num, level, msglevel, permission_mask, option_types_found);
	}
    }
  fclose (fp);
}

void
parse_argv (struct options* options,
	    int argc,
	    char *argv[],
	    int msglevel,
	    unsigned int permission_mask,
	    unsigned int *option_types_found)
{
  int i, j;

  /* usage message */
  if (argc <= 1)
    usage ();

  /* parse command line */
  for (i = 1; i < argc; ++i)
    {
      char *p[MAX_PARMS];
      CLEAR (p);
      p[0] = argv[i];
      if (strncmp(p[0], "--", 2))
	{
	  msg (msglevel, "I'm trying to parse \"%s\" as an --option parameter but I don't see a leading '--'", p[0]);
	}
      else
	p[0] += 2;

      for (j = 1; j < MAX_PARMS; ++j)
	{
	  if (i + j < argc)
	    {
	      char *arg = argv[i + j];
	      if (strncmp (arg, "--", 2))
		p[j] = arg;
	      else
		break;
	    }
	}
      i = add_option (options, i, p, NULL, 0, 0, msglevel, permission_mask, option_types_found);
    }
}

bool
apply_push_options (struct options *options,
		    struct buffer *buf,
		    unsigned int permission_mask,
		    unsigned int *option_types_found)
{
  char line[256];
  int line_num = 0;
  const char *file = "[PUSH-OPTIONS]";
  const int msglevel = D_PUSH_ERRORS;

  while (buf_parse (buf, ',', line, sizeof (line)))
    {
      char *p[MAX_PARMS];
      CLEAR (p);
      ++line_num;
      if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))
	{
	  add_option (options, 0, p, file, line_num, 0, msglevel, permission_mask, option_types_found);
	}
    }
  return true;
}

void
options_server_import (struct options *o,
		       const char *filename,
		       int msglevel,
		       unsigned int permission_mask,
		       unsigned int *option_types_found)
{
  read_config_file (o,
		    filename,
		    0,
		    filename,
		    0,
		    msglevel,
		    permission_mask,
		    option_types_found);
}

#define VERIFY_PERMISSION(mask) { if (!verify_permission(p[0], (mask), permission_mask, option_types_found, msglevel)) goto err; }

static bool
verify_permission (const char *name,
		   unsigned int type,
		   unsigned int allowed,
		   unsigned int *found,
		   int msglevel)
{
  if (!(type & allowed))
    {
      msg (msglevel, "Options error: option '%s' cannot be used in this context", name);
      return false;
    }
  else
    {
      if (found)
	*found |= type;
      return true;
    }
}

static int
add_option (struct options *options,
	    int i,
	    char *p[],
	    const char* file,
	    int line,
	    int level,
	    int msglevel,
	    unsigned int permission_mask,
	    unsigned int *option_types_found)
{
  struct gc_arena gc = gc_new ();
  ASSERT (MAX_PARMS >= 5);

  if (!file)
    {
      file = "[CMD-LINE]";
      line = 1;
    }
  if (streq (p[0], "help"))
    {
      VERIFY_PERMISSION (OPT_P_GENERAL);
      usage ();
    }
  if (streq (p[0], "version"))
    {
      VERIFY_PERMISSION (OPT_P_GENERAL);
      usage_version ();
    }
  else if (streq (p[0], "config") && p[1])
    {
      ++i;

      VERIFY_PERMISSION (OPT_P_CONFIG);

      /* save first config file only in options */
      if (!options->config)
	options->config = p[1];

      read_config_file (options, p[1], level, file, line, msglevel, permission_mask, option_types_found);
    }
  else if (streq (p[0], "mode") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      if (streq (p[1], "p2p"))
	options->mode = MODE_POINT_TO_POINT;
#if P2MP
      else if (streq (p[1], "server"))
	options->mode = MODE_SERVER;
#endif
      else
	{
	  msg (msglevel, "Options error: Bad --mode parameter: %s", p[1]);
	  goto err;
	}
    }
  else if (streq (p[0], "dev") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->dev = p[1];
    }
  else if (streq (p[0], "dev-type") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->dev_type = p[1];
    }
  else if (streq (p[0], "dev-node") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->dev_node = p[1];
    }
  else if (streq (p[0], "tun-ipv6"))
    {
      VERIFY_PERMISSION (OPT_P_UP);
      options->tun_ipv6 = true;
    }
  else if (streq (p[0], "ifconfig") && p[1] && p[2])
    {
      i += 2;
      VERIFY_PERMISSION (OPT_P_UP);
      options->ifconfig_local = p[1];
      options->ifconfig_remote_netmask = p[2];
    }
  else if (streq (p[0], "ifconfig-noexec"))
    {
      VERIFY_PERMISSION (OPT_P_UP);
      options->ifconfig_noexec = true;
    }
  else if (streq (p[0], "ifconfig-nowarn"))
    {
      VERIFY_PERMISSION (OPT_P_UP);
      options->ifconfig_nowarn = true;
    }
  else if (streq (p[0], "local") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->local = p[1];
    }
  else if (streq (p[0], "remote-random"))
    {
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->remote_random = true;
    }
  else if (streq (p[0], "remote") && p[1])
    {
      struct remote_list *l;
      struct remote_entry e;
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      if (!options->remote_list)
	ALLOC_OBJ_CLEAR_GC (options->remote_list, struct remote_list, &options->gc);
      l = options->remote_list;
      if (l->len >= REMOTE_LIST_SIZE)
	msg (msglevel, "Options Error: Maximum number of --remote options (%d) exceeded", REMOTE_LIST_SIZE);
      e.hostname = p[1];
      if (p[2])
	{
	  ++i;
	  e.port = atoi (p[2]);
	  if (e.port < 1 || e.port > 65535)
	    msg (msglevel, "Options Error: port number associated with host %s is out of range", e.hostname);
	}
      else
	e.port = -1;
      l->array[l->len++] = e;
    }
  else if (streq (p[0], "resolv-retry") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      if (streq (p[1], "infinite"))
	options->resolve_retry_seconds = 1000000000;
      else
	options->resolve_retry_seconds = positive (atoi (p[1]));
    }
  else if (streq (p[0], "connect-retry") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->connect_retry_seconds = positive (atoi (p[1]));
      options->connect_retry_defined = true;
    }
  else if (streq (p[0], "ipchange") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_SCRIPT);
      options->ipchange = string_substitute (p[1], ',', ' ', &options->gc);
    }
  else if (streq (p[0], "float"))
    {
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->remote_float = true;
    }
  else if (streq (p[0], "gremlin"))
    {
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->gremlin = true;
    }
  else if (streq (p[0], "user") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->username = p[1];
    }
  else if (streq (p[0], "group") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->groupname = p[1];
    }
  else if (streq (p[0], "chroot") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->chroot_dir = p[1];
    }
  else if (streq (p[0], "cd") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->cd_dir = p[1];
      if (openvpn_chdir (p[1]))
	{
	  msg (M_ERR, "Options error: cd to '%s' failed", p[1]);
	  goto err;
	}
    }
  else if (streq (p[0], "writepid") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_GENERAL);
      options->writepid = p[1];
    }
  else if (streq (p[0], "up") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_SCRIPT);
      options->up_script = p[1];
    }
  else if (streq (p[0], "down") && p[1])
    {
      ++i;
      VERIFY_PERMISSION (OPT_P_SCRIPT);
      options->down_script = p[1];
    }
  else if (streq (p[0], "up-delay"))
    {
      VERIFY_PER