Browse code
Add warning for using connection block variables after connection blocks
In 2.3 some options that were allowed only in global config before have
been moved to connection blocks. This changes the behaviour if the
variables were defined after connection block. This patch adds a warning
to catch these mistakes.
Also let warnings errors show [CONNECTION-OPTIONS] instead of [CMD-LINE]
for connection blocks
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1387275767-10303-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8117
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2013/12/17 19:22:47Showing 1 changed files
| ... | ... |
@@ -3838,7 +3838,7 @@ read_config_string (const char *prefix, |
| 3838 | 3838 |
{
|
| 3839 | 3839 |
bypass_doubledash (&p[0]); |
| 3840 | 3840 |
check_inline_file_via_buf (&multiline, p, &options->gc); |
| 3841 |
- add_option (options, p, NULL, line_num, 0, msglevel, permission_mask, option_types_found, es); |
|
| 3841 |
+ add_option (options, p, prefix, line_num, 0, msglevel, permission_mask, option_types_found, es); |
|
| 3842 | 3842 |
} |
| 3843 | 3843 |
CLEAR (p); |
| 3844 | 3844 |
} |
| ... | ... |
@@ -3958,27 +3958,43 @@ void options_string_import (struct options *options, |
| 3958 | 3958 |
|
| 3959 | 3959 |
#if P2MP |
| 3960 | 3960 |
|
| 3961 |
-#define VERIFY_PERMISSION(mask) { if (!verify_permission(p[0], file, (mask), permission_mask, option_types_found, msglevel)) goto err; }
|
|
| 3961 |
+#define VERIFY_PERMISSION(mask) { if (!verify_permission(p[0], file, line, (mask), permission_mask, option_types_found, msglevel, options)) goto err; }
|
|
| 3962 | 3962 |
|
| 3963 | 3963 |
static bool |
| 3964 | 3964 |
verify_permission (const char *name, |
| 3965 | 3965 |
const char* file, |
| 3966 |
+ int line, |
|
| 3966 | 3967 |
const unsigned int type, |
| 3967 | 3968 |
const unsigned int allowed, |
| 3968 | 3969 |
unsigned int *found, |
| 3969 |
- const int msglevel) |
|
| 3970 |
+ const int msglevel, |
|
| 3971 |
+ struct options* options) |
|
| 3970 | 3972 |
{
|
| 3971 | 3973 |
if (!(type & allowed)) |
| 3972 | 3974 |
{
|
| 3973 | 3975 |
msg (msglevel, "option '%s' cannot be used in this context (%s)", name, file); |
| 3974 | 3976 |
return false; |
| 3975 | 3977 |
} |
| 3976 |
- else |
|
| 3978 |
+ |
|
| 3979 |
+ if (found) |
|
| 3980 |
+ *found |= type; |
|
| 3981 |
+ |
|
| 3982 |
+#ifndef ENABLE_SMALL |
|
| 3983 |
+ /* Check if this options is allowed in connection block, |
|
| 3984 |
+ * but we are currently not in a connection block |
|
| 3985 |
+ * Parsing a connection block uses a temporary options struct without |
|
| 3986 |
+ * connection_list |
|
| 3987 |
+ */ |
|
| 3988 |
+ |
|
| 3989 |
+ if ((type & OPT_P_CONNECTION) && options->connection_list) |
|
| 3977 | 3990 |
{
|
| 3978 |
- if (found) |
|
| 3979 |
- *found |= type; |
|
| 3980 |
- return true; |
|
| 3991 |
+ if (file) |
|
| 3992 |
+ msg (M_WARN, "Option '%s' in %s:%d is ignored by previous <connection> blocks ", name, file, line); |
|
| 3993 |
+ else |
|
| 3994 |
+ msg (M_WARN, "Option '%s' is ignored by previous <connection> blocks", name); |
|
| 3981 | 3995 |
} |
| 3996 |
+#endif |
|
| 3997 |
+ return true; |
|
| 3982 | 3998 |
} |
| 3983 | 3999 |
|
| 3984 | 4000 |
#else |