Browse code
dns: don't publish env vars to non-dns scripts
With --dns-updown in place we no longer need --dns option related vars in
the environment for other script hooks. Code for doing that is removed and
the function to set --dns stuff made static, for internal use only.
Change-Id: I3fb01ab76cf3df0874ba92e08f371d17607a8369
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250517092637.2103-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/search?l=mid&q=20250517092637.2103-1-gert@greenie.muc.de
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Heiko Hund authored on 2025/05/17 18:26:26Showing 3 changed files
| ... | ... |
@@ -350,93 +350,6 @@ transport_value(const enum dns_server_transport transport) |
| 350 | 350 |
} |
| 351 | 351 |
} |
| 352 | 352 |
|
| 353 |
-static void |
|
| 354 |
-setenv_dns_option(struct env_set *es, |
|
| 355 |
- const char *format, int i, int j, |
|
| 356 |
- const char *value) |
|
| 357 |
-{
|
|
| 358 |
- char name[64]; |
|
| 359 |
- bool name_ok = false; |
|
| 360 |
- |
|
| 361 |
- if (j < 0) |
|
| 362 |
- {
|
|
| 363 |
- name_ok = snprintf(name, sizeof(name), format, i); |
|
| 364 |
- } |
|
| 365 |
- else |
|
| 366 |
- {
|
|
| 367 |
- name_ok = snprintf(name, sizeof(name), format, i, j); |
|
| 368 |
- } |
|
| 369 |
- |
|
| 370 |
- if (!name_ok) |
|
| 371 |
- {
|
|
| 372 |
- msg(M_WARN, "WARNING: dns option setenv name buffer overflow"); |
|
| 373 |
- } |
|
| 374 |
- |
|
| 375 |
- setenv_str(es, name, value); |
|
| 376 |
-} |
|
| 377 |
- |
|
| 378 |
-void |
|
| 379 |
-setenv_dns_options(const struct dns_options *o, struct env_set *es) |
|
| 380 |
-{
|
|
| 381 |
- struct gc_arena gc = gc_new(); |
|
| 382 |
- const struct dns_server *s; |
|
| 383 |
- const struct dns_domain *d; |
|
| 384 |
- int i, j; |
|
| 385 |
- |
|
| 386 |
- for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next) |
|
| 387 |
- {
|
|
| 388 |
- setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name); |
|
| 389 |
- } |
|
| 390 |
- |
|
| 391 |
- for (i = 1, s = o->servers; s != NULL; i++, s = s->next) |
|
| 392 |
- {
|
|
| 393 |
- for (j = 0; j < s->addr_count; ++j) |
|
| 394 |
- {
|
|
| 395 |
- if (s->addr[j].family == AF_INET) |
|
| 396 |
- {
|
|
| 397 |
- setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, |
|
| 398 |
- print_in_addr_t(s->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc)); |
|
| 399 |
- } |
|
| 400 |
- else |
|
| 401 |
- {
|
|
| 402 |
- setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, |
|
| 403 |
- print_in6_addr(s->addr[j].in.a6, 0, &gc)); |
|
| 404 |
- } |
|
| 405 |
- if (s->addr[j].port) |
|
| 406 |
- {
|
|
| 407 |
- setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1, |
|
| 408 |
- print_in_port_t(s->addr[j].port, &gc)); |
|
| 409 |
- } |
|
| 410 |
- } |
|
| 411 |
- |
|
| 412 |
- if (s->domains) |
|
| 413 |
- {
|
|
| 414 |
- for (j = 1, d = s->domains; d != NULL; j++, d = d->next) |
|
| 415 |
- {
|
|
| 416 |
- setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j, d->name); |
|
| 417 |
- } |
|
| 418 |
- } |
|
| 419 |
- |
|
| 420 |
- if (s->dnssec) |
|
| 421 |
- {
|
|
| 422 |
- setenv_dns_option(es, "dns_server_%d_dnssec", i, -1, |
|
| 423 |
- dnssec_value(s->dnssec)); |
|
| 424 |
- } |
|
| 425 |
- |
|
| 426 |
- if (s->transport) |
|
| 427 |
- {
|
|
| 428 |
- setenv_dns_option(es, "dns_server_%d_transport", i, -1, |
|
| 429 |
- transport_value(s->transport)); |
|
| 430 |
- } |
|
| 431 |
- if (s->sni) |
|
| 432 |
- {
|
|
| 433 |
- setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni); |
|
| 434 |
- } |
|
| 435 |
- } |
|
| 436 |
- |
|
| 437 |
- gc_free(&gc); |
|
| 438 |
-} |
|
| 439 |
- |
|
| 440 | 353 |
#ifdef _WIN32 |
| 441 | 354 |
|
| 442 | 355 |
static void |
| ... | ... |
@@ -554,6 +467,93 @@ run_up_down_service(bool add, const struct options *o, const struct tuntap *tt) |
| 554 | 554 |
#else /* ifdef _WIN32 */ |
| 555 | 555 |
|
| 556 | 556 |
static void |
| 557 |
+setenv_dns_option(struct env_set *es, |
|
| 558 |
+ const char *format, int i, int j, |
|
| 559 |
+ const char *value) |
|
| 560 |
+{
|
|
| 561 |
+ char name[64]; |
|
| 562 |
+ bool name_ok = false; |
|
| 563 |
+ |
|
| 564 |
+ if (j < 0) |
|
| 565 |
+ {
|
|
| 566 |
+ name_ok = snprintf(name, sizeof(name), format, i); |
|
| 567 |
+ } |
|
| 568 |
+ else |
|
| 569 |
+ {
|
|
| 570 |
+ name_ok = snprintf(name, sizeof(name), format, i, j); |
|
| 571 |
+ } |
|
| 572 |
+ |
|
| 573 |
+ if (!name_ok) |
|
| 574 |
+ {
|
|
| 575 |
+ msg(M_WARN, "WARNING: dns option setenv name buffer overflow"); |
|
| 576 |
+ } |
|
| 577 |
+ |
|
| 578 |
+ setenv_str(es, name, value); |
|
| 579 |
+} |
|
| 580 |
+ |
|
| 581 |
+static void |
|
| 582 |
+setenv_dns_options(const struct dns_options *o, struct env_set *es) |
|
| 583 |
+{
|
|
| 584 |
+ struct gc_arena gc = gc_new(); |
|
| 585 |
+ const struct dns_server *s; |
|
| 586 |
+ const struct dns_domain *d; |
|
| 587 |
+ int i, j; |
|
| 588 |
+ |
|
| 589 |
+ for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next) |
|
| 590 |
+ {
|
|
| 591 |
+ setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name); |
|
| 592 |
+ } |
|
| 593 |
+ |
|
| 594 |
+ for (i = 1, s = o->servers; s != NULL; i++, s = s->next) |
|
| 595 |
+ {
|
|
| 596 |
+ for (j = 0; j < s->addr_count; ++j) |
|
| 597 |
+ {
|
|
| 598 |
+ if (s->addr[j].family == AF_INET) |
|
| 599 |
+ {
|
|
| 600 |
+ setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, |
|
| 601 |
+ print_in_addr_t(s->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc)); |
|
| 602 |
+ } |
|
| 603 |
+ else |
|
| 604 |
+ {
|
|
| 605 |
+ setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1, |
|
| 606 |
+ print_in6_addr(s->addr[j].in.a6, 0, &gc)); |
|
| 607 |
+ } |
|
| 608 |
+ if (s->addr[j].port) |
|
| 609 |
+ {
|
|
| 610 |
+ setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1, |
|
| 611 |
+ print_in_port_t(s->addr[j].port, &gc)); |
|
| 612 |
+ } |
|
| 613 |
+ } |
|
| 614 |
+ |
|
| 615 |
+ if (s->domains) |
|
| 616 |
+ {
|
|
| 617 |
+ for (j = 1, d = s->domains; d != NULL; j++, d = d->next) |
|
| 618 |
+ {
|
|
| 619 |
+ setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j, d->name); |
|
| 620 |
+ } |
|
| 621 |
+ } |
|
| 622 |
+ |
|
| 623 |
+ if (s->dnssec) |
|
| 624 |
+ {
|
|
| 625 |
+ setenv_dns_option(es, "dns_server_%d_dnssec", i, -1, |
|
| 626 |
+ dnssec_value(s->dnssec)); |
|
| 627 |
+ } |
|
| 628 |
+ |
|
| 629 |
+ if (s->transport) |
|
| 630 |
+ {
|
|
| 631 |
+ setenv_dns_option(es, "dns_server_%d_transport", i, -1, |
|
| 632 |
+ transport_value(s->transport)); |
|
| 633 |
+ } |
|
| 634 |
+ if (s->sni) |
|
| 635 |
+ {
|
|
| 636 |
+ setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni); |
|
| 637 |
+ } |
|
| 638 |
+ } |
|
| 639 |
+ |
|
| 640 |
+ gc_free(&gc); |
|
| 641 |
+} |
|
| 642 |
+ |
|
| 643 |
+static void |
|
| 557 | 644 |
updown_env_set(bool up, const struct dns_options *o, const struct tuntap *tt, struct env_set *es) |
| 558 | 645 |
{
|
| 559 | 646 |
setenv_str(es, "dev", tt->actual_name); |
| ... | ... |
@@ -168,14 +168,6 @@ void run_dns_up_down(bool up, struct options *o, const struct tuntap *tt, |
| 168 | 168 |
struct dns_updown_runner_info *duri); |
| 169 | 169 |
|
| 170 | 170 |
/** |
| 171 |
- * Puts the DNS options into an environment set. |
|
| 172 |
- * |
|
| 173 |
- * @param o Pointer to the DNS options to set |
|
| 174 |
- * @param es Pointer to the env_set to set the options into |
|
| 175 |
- */ |
|
| 176 |
-void setenv_dns_options(const struct dns_options *o, struct env_set *es); |
|
| 177 |
- |
|
| 178 |
-/** |
|
| 179 | 171 |
* Prints configured DNS options. |
| 180 | 172 |
* |
| 181 | 173 |
* @param o Pointer to the DNS options to print |
| ... | ... |
@@ -1059,11 +1059,6 @@ setenv_settings(struct env_set *es, const struct options *o) |
| 1059 | 1059 |
setenv_local_entry(es, o->ce.local_list->array[i], i+1); |
| 1060 | 1060 |
} |
| 1061 | 1061 |
} |
| 1062 |
- |
|
| 1063 |
- if (!o->pull) |
|
| 1064 |
- {
|
|
| 1065 |
- setenv_dns_options(&o->dns_options, es); |
|
| 1066 |
- } |
|
| 1067 | 1062 |
} |
| 1068 | 1063 |
|
| 1069 | 1064 |
#ifndef _WIN32 |
| ... | ... |
@@ -4182,7 +4177,6 @@ options_postprocess_pull(struct options *o, struct env_set *es) |
| 4182 | 4182 |
if (success) |
| 4183 | 4183 |
{
|
| 4184 | 4184 |
dns_options_postprocess_pull(&o->dns_options); |
| 4185 |
- setenv_dns_options(&o->dns_options, es); |
|
| 4186 | 4185 |
#if defined(_WIN32) || defined(TARGET_ANDROID) |
| 4187 | 4186 |
tuntap_options_copy_dns(o); |
| 4188 | 4187 |
#else |