diff options
author | James Yonan | 2013-05-20 12:13:21 +0200 |
---|---|---|
committer | Gert Doering | 2013-05-27 13:30:32 +0200 |
commit | eed9b8eec911a26a952f07ad18d4397c334ac089 (patch) | |
tree | 50b3522aa8d4faed67d6e195eae32d76daac9a69 /src | |
parent | 14dfec07c91fc42df7ee4abeada104b4fb847f8f (diff) | |
download | openvpn-eed9b8eec911a26a952f07ad18d4397c334ac089.zip openvpn-eed9b8eec911a26a952f07ad18d4397c334ac089.tar.gz |
Always push basic set of peer info values to server.
On the client, allow certain peer info fields to be pushed even if
push-peer-info isn't specified in the config.
This is needed to allow the compression handshake to work correctly
(i.e. where the client indicates its support for LZO and/or Snappy).
Fields that have privacy implications such as Mac Address and UV_*
environment variables will not be pushed to the server as before unless
push-peer-info is specified by client config.
v1: equivalent to OpenVPN SVN r8225 (2.1.21c)
v2: distinguish 3 levels of peer-info detail
--push-peer-info specified --> send all we have
--pull specified --> send basic set, as per r8225
default --> send nothing (do not leak from server)
v3: undo extra whitespace changes in v1 and v2
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1369044801-7594-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7604
(cherry picked from commit 598e03f0e7bce434e501a9895819f2af0714d5f6)
Conflicts:
src/openvpn/ssl.c
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/init.c | 7 | ||||
-rw-r--r-- | src/openvpn/ssl.c | 31 | ||||
-rw-r--r-- | src/openvpn/ssl_common.h | 2 |
3 files changed, 23 insertions, 17 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 5260d43..ce35e96 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2192,7 +2192,12 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) to.renegotiate_seconds = options->renegotiate_seconds; to.single_session = options->single_session; #ifdef ENABLE_PUSH_PEER_INFO - to.push_peer_info = options->push_peer_info; + if (options->push_peer_info) /* all there is */ + to.push_peer_info_detail = 2; + else if (options->pull) /* pull clients send some details */ + to.push_peer_info_detail = 1; + else /* default: no peer-info at all */ + to.push_peer_info_detail = 0; #endif /* should we not xmit any packets until we get an initial diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 43b3980..8b864c8 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1775,7 +1775,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session) bool ret = false; #ifdef ENABLE_PUSH_PEER_INFO - if (session->opt->push_peer_info) /* write peer info */ + if (session->opt->push_peer_info_detail > 0) { struct env_set *es = session->opt->es; struct env_item *e; @@ -1801,26 +1801,27 @@ push_peer_info(struct buffer *buf, struct tls_session *session) buf_printf (&out, "IV_PLAT=win\n"); #endif - /* push mac addr */ - { - struct route_gateway_info rgi; - get_default_gateway (&rgi); - if (rgi.flags & RGI_HWADDR_DEFINED) - buf_printf (&out, "IV_HWADDR=%s\n", format_hex_ex (rgi.hwaddr, 6, 0, 1, ":", &gc)); - } - /* push LZO status */ #ifdef ENABLE_LZO_STUB buf_printf (&out, "IV_LZO_STUB=1\n"); #endif - /* push env vars that begin with UV_ */ - for (e=es->list; e != NULL; e=e->next) - { - if (e->string) + if (session->opt->push_peer_info_detail >= 2) + { + /* push mac addr */ + struct route_gateway_info rgi; + get_default_gateway (&rgi); + if (rgi.flags & RGI_HWADDR_DEFINED) + buf_printf (&out, "IV_HWADDR=%s\n", format_hex_ex (rgi.hwaddr, 6, 0, 1, ":", &gc)); + + /* push env vars that begin with UV_ */ + for (e=es->list; e != NULL; e=e->next) { - if (!strncmp(e->string, "UV_", 3) && buf_safe(&out, strlen(e->string)+1)) - buf_printf (&out, "%s\n", e->string); + if (e->string) + { + if (!strncmp(e->string, "UV_", 3) && buf_safe(&out, strlen(e->string)+1)) + buf_printf (&out, "%s\n", e->string); + } } } diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index c62294f..0d818ab 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -233,7 +233,7 @@ struct tls_options bool disable_occ; #endif #ifdef ENABLE_PUSH_PEER_INFO - bool push_peer_info; + int push_peer_info_detail; #endif int transition_window; int handshake_window; |