Hi,
On 25/07/16 20:52, Steffan Karger wrote:
This allows the ncp-disable and ncp-ciphers options to be used in 'client
config dir' files, to disable or change the negotiable crypto parameter
settings for specific clients.
Signed-off-by: Steffan Karger <[email protected]>
---
src/openvpn/options.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 18af179..79dcb79 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -6666,12 +6666,12 @@ add_option (struct options *options,
}
else if (streq (p[0], "ncp-ciphers") && p[1] && !p[2])
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_INSTANCE);
options->ncp_ciphers = p[1];
}
else if (streq (p[0], "ncp-disable") && !p[1])
{
- VERIFY_PERMISSION (OPT_P_GENERAL);
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_INSTANCE);
options->ncp_enabled = false;
}
else if (streq (p[0], "prng") && p[1] && !p[3])
another remark: making this option CCD-file specific a good idea, but
how you do ensure that the server only applies it to this particular
client? o->ncp_enabled seems a global at first glance. Consider this
scenario:
1) client A connects , for which we want to disable NCP; hence a
client-connect script or CCD file with 'ncp-disable' in it;
2) client B connects, no CCD file, it's running v2.4+, so we want NCP.
How does the server handle this? Or did I miss the "per-client options"
struct?
JJK
