Re: [Openvpn-devel] [PATCH v2] convert *_inline attributes to bool

2017-01-11 Thread David Sommerseth 
On 10/01/17 22:35, Steffan Karger wrote:
>> @@ -5154,7 +5194,8 @@ add_option(struct options *options,
>>  {
>>  options->plugin_list = plugin_option_list_new(>gc);
>>  }
>> -if (!plugin_option_list_add(options->plugin_list, [1], 
>> >gc))
>> +if (!plugin_option_list_add(options->plugin_list, [1], is_inline,
>> +>gc))
> Can we inline a plugin?  I wouldn't think so, but I've been surprised by
> our option parser before ;-)  (Arne or David might know this.)

Oh dear ... No it should be possible to inline a plug-in.  Our code uses
dlopen() to load plug-ins, which expects a full path.  So I would expect
to see dlopen() fail.

And no, we should not ever be able to inline a plug-in.  I'll probably
get nightmares this night due to all the potential security issues
related to this.  Neither should any of the script-hooks be possible to
inline.

> If not, you don't need to add the is_inline argument to
> plugin_option_list_add(), but just add a 'false' when someone down the
> chain calls make_extended_arg_array().

Yes, that sounds reasonable.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc




signature.asc
Description: OpenPGP digital signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] management: >REMOTE operation would overwrite ce change indicator

2017-01-11 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Your patch has been applied to the following branches

commit e81f313a71e548638d9e9679226ee84b3b614f13  (master)
commit a853cd060eb61df77055cbb92e97ad7f245f2316  (release/2.4)
Author: David Sommerseth
Date:   Tue Jan 10 21:34:32 2017 +0100

 management: >REMOTE operation would overwrite ce change indicator

 Signed-off-by: David Sommerseth 
 Acked-by: Selva Nair 
 Message-Id: <1484080473-10415-1-git-send-email-dav...@openvpn.net>
 URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13851.html
 Signed-off-by: David Sommerseth 


- --
kind regards,

David Sommerseth

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJYduPjAAoJEIbPlEyWcf3yns0P/RNsveEAvleUcBQNlJ9rzKL4
XYojnRhbdGzuuNQhgWj+49+HG9gYgCy4XrRRcMEaw/trwBZVOSF9viI10HNuUSnT
fHO3sIFNHMgEUPNiP2GGzEiD1EEgE2hAKLjaCjTzvfLKvOiC9ZaH+WTj71Q0ppax
XLsM/B5g6OiD4X5ZPsgJ+ZY2yyb7Mxe/DOFI05pkZ59CA2t0vMP1kKSjf2le+51+
iCcvfDV0Fx9px5JGOtsrkI/K0Wp59ip3N18xqYp15Wd2wj3ANv9zA0mfp1ZK/jDz
cIRoA/qG2pS7txgyVvbtDyfmYJnWTnmnBP+hhR859ykhUSBUyQN6zliwhCislqv9
36glnIkbbmyXCYIAPIxx7Fh6ZKnh+whu+RQ+GR1cPR5rl08qofZPR7JygdJDx/as
i4JR51fFpFBd94zsQpf1NYBPoORccgsbzyl8y6dNOkkdyCl5pxkOmScUuIUzCMwP
UFalNUH2kopEGwwZCXf+aTvpkQ7Q8UMhctCsX/EqcGcOzBzJ9eZV7mzvhwknkYMV
QPgmR+YpWki4CGDnHSv43mTs87yRbY7xcn+u4002/Yv0F1HxRzL8Lz2RfvDD5eJA
ppvOaVCDvEIObsdCIP29Fa0g7YA0F1h8e1BV98qF12WEC1v+S8d4qiAAHyN4aeQt
r4MDwMpTCh1tFH2I9vj5
=X0eo
-END PGP SIGNATURE-

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] man: fix formatting for alternative option

2017-01-11 Thread David Sommerseth 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

ACK.

Your patch has been applied to the following branches

commit d0d8a4b5f875bc802117647b20a3caa6d4fdb375  (master)
commit 6204fccb2441b5bae8b3f6e0b31a4a0b232fc8e6  (release/2.4)
Author: Christian Hesse
Date:   Wed Dec 28 08:54:20 2016 +0100

 man: fix formatting for alternative option

 Signed-off-by: Christian Hesse 
 Acked-by: David Sommerseth 
 Message-Id: <20161228075420.348-1-l...@eworm.de>
 URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13747.html
 Signed-off-by: David Sommerseth 


- --
kind regards,

David Sommerseth

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJYduNYAAoJEIbPlEyWcf3ylKUP/RZKG/qSinrHo2O2Fu6sJyWL
eT9i6KurQLGR8MTKm6csPyLAX0NA+JYhuRgOUIMV3QLb44De0DMIufalVpfUIlyg
wOuqI9rnX8vU7+FVeHw8aivBtPWM4oFSJOQ8+sDy/pWFvJYa5QyLFIPtG1oHo/Fx
lHeOfCK1PqRcTggmze6PH1eTJjLwC7EprjFJZmfa8XLhfsKehwFdEFO5/bhGFwLN
Out2bjtAQXSIaFRlGQB77Y7pQYSYVjvcmdWBuzE4lxnmenVjvW4gQA5mTXbj1AfI
l57dG+B2Ahx0k5mGbItW7+g5pfo8xsXTAV7o44b/S1L4Uuy7FuE4ABiM+KVEuH3a
kpnVgdS375Nx00Sc4TyB5jkkb034TvgcGf0xTtsg5mLY+vijh5UvOw/k+tIbcot2
oKE7Dp5WWcMND+g3lIFdxiCO0zU9gVLVn4YNurtOrWmQedTxEUinVhbNxnDTjBlq
fMmRjz79nDgnSwjidUGDT038/P2R/j1ONrLWUcCFRtj0bZU0aLo+mM8DHVn/2gVH
g6HSIOfNfoIeN2lehMzS/LmfZZdpN7qqWPxu4/kXNlHhldn+szVtyBupqFLV+G5M
aoMS/CIvM7rAJ9U9UVpQsUJBExRxzcKjw+fkyy0nHQda93BSv4vIZ67TVEjJz0NR
MXe9EingHPRVe/w3zz5F
=jAlj
-END PGP SIGNATURE-

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2] More broadly enforce Allman style and braces-around-conditionals

2017-01-11 Thread David Sommerseth 
On 23/12/16 23:40, Steffan Karger wrote:
> We want { and } aligned, which means also adding a newline between each
> for() and {, while() and {, etc.
> 
> Also, we agreed to always use braces with conditionals.  The previous
> uncrustify config added these for if()s, now also add these for while()
> and for().
> 
> Signed-off-by: Steffan Karger 
> ---
> This patch replaces the "Add nl_for_brace=add to uncrustify.conf" patch.
> 
> v2: also add nl_do_brace=add and mod_full_brace_do=add
> 
>  dev-tools/uncrustify.conf  |  8 +
>  src/compat/compat-daemon.c |  3 +-
>  src/compat/compat-dirname.c|  7 +++-
>  src/compat/compat-inet_ntop.c  |  3 +-
>  src/compat/compat-inet_pton.c  |  3 +-
>  src/compat/compat-versionhelpers.h | 36 ++---
>  src/openvpn/argv.c | 10 ++
>  src/openvpn/base64.c   | 11 +--
>  src/openvpn/buffer.c   |  9 +-
>  src/openvpn/buffer.h   |  2 ++
>  src/openvpn/comp-lz4.c |  3 +-
>  src/openvpn/compstub.c |  3 +-
>  src/openvpn/console.c  |  6 ++--
>  src/openvpn/crypto.c   | 18 +++
>  src/openvpn/crypto.h   |  3 +-
>  src/openvpn/crypto_mbedtls.h   |  3 +-
>  src/openvpn/crypto_openssl.c   |  6 ++--
>  src/openvpn/cryptoapi.c|  9 --
>  src/openvpn/dhcp.c | 11 +--
>  src/openvpn/error.c|  3 +-
>  src/openvpn/error.h|  3 +-
>  src/openvpn/event.c|  4 +++
>  src/openvpn/fragment.c |  9 +-
>  src/openvpn/gremlin.c  | 15 ++---
>  src/openvpn/httpdigest.c   |  3 +-
>  src/openvpn/init.c | 11 ++-
>  src/openvpn/interval.h |  3 +-
>  src/openvpn/list.c |  6 ++--
>  src/openvpn/lzo.c  |  3 +-
>  src/openvpn/manage.c   | 15 +++--
>  src/openvpn/mbuf.c |  3 +-
>  src/openvpn/memdbg.h   |  3 +-
>  src/openvpn/misc.c |  9 +-
>  src/openvpn/mroute.c   |  3 +-
>  src/openvpn/mss.c  |  3 +-
>  src/openvpn/mtcp.c |  3 +-
>  src/openvpn/multi.c| 14 ++--
>  src/openvpn/ntlm.c | 14 +---
>  src/openvpn/occ.c  |  3 +-
>  src/openvpn/openvpn.c  |  6 ++--
>  src/openvpn/options.c  | 52 +++---
>  src/openvpn/otime.h|  3 +-
>  src/openvpn/packet_id.c|  3 +-
>  src/openvpn/perf.c |  5 ++-
>  src/openvpn/perf.h |  9 --
>  src/openvpn/pkcs11.c   | 66 
> +-
>  src/openvpn/plugin.c   | 11 ++-
>  src/openvpn/pool.c |  2 ++
>  src/openvpn/proxy.c| 10 --
>  src/openvpn/reliable.c |  7 +++-
>  src/openvpn/route.c| 13 +++-
>  src/openvpn/route.h|  3 +-
>  src/openvpn/schedule.c |  4 +++
>  src/openvpn/session_id.c   |  3 +-
>  src/openvpn/shaper.c   |  3 +-
>  src/openvpn/socket.c   | 12 +--
>  src/openvpn/socket.h   | 24 +-
>  src/openvpn/ssl.c  | 26 +++
>  src/openvpn/ssl_mbedtls.c  |  8 +++--
>  src/openvpn/ssl_openssl.c  |  3 +-
>  src/openvpn/ssl_verify.c   |  6 
>  src/openvpn/ssl_verify_mbedtls.c   |  2 ++
>  src/openvpn/ssl_verify_openssl.c   |  3 +-
>  src/openvpn/tls_crypt.c|  6 ++--
>  src/openvpn/tun.c  | 26 +++
>  src/openvpn/win32.c|  8 +++--
>  src/openvpnserv/automatic.c|  3 +-
>  src/openvpnserv/interactive.c  |  5 ++-
>  src/plugins/auth-pam/utils.c   |  5 ++-
>  src/plugins/down-root/down-root.c  |  2 ++
>  70 files changed, 479 insertions(+), 144 deletions(-)
> 

So I tried to apply this one, but there are some odd issues now.  Did
you apply your changes against the proper branch locally?  Because a
couple of these ones are really odd.

> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -558,7 +559,8 @@ cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
>  }
>  
>  int
> -cipher_kt_block_size(const EVP_CIPHER *cipher) {
> +cipher_kt_block_size(const EVP_CIPHER *cipher)
> +{
>  /*
>   * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'.  To work
>   * around that, try to replace the mode with 'CBC' and return the block 
> size

For some odd reason, this hunk does not apply ... not even with
'patch -p1'.


> --- a/src/openvpn/memdbg.h
> +++ b/src/openvpn/memdbg.h
> @@ -90,7 +90,8 @@
>  #include "dmalloc.h"
>  
>  static inline void *
> -openvpn_dmalloc(const char *file, int line, size_t size) {
> +openvpn_dmalloc(const char *file, int line, size_t size)
> +{
>

Re: [Openvpn-devel] [PATCH 2/2] management: Remove a redundant #ifdef block

2017-01-11 Thread Selva Nair 
On Tue, Jan 10, 2017 at 3:34 PM, David Sommerseth 
wrote:

> Bascially removes two independent #ifdef ENABLE_MANAGEMENT blocks into
> a single block, which makes the logic flow more easy to read.
>
> Signed-off-by: David Sommerseth 
> Cc: Selva Nair 
> ---
>  src/openvpn/init.c | 6 +-
>  1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/src/openvpn/init.c b/src/openvpn/init.c
> index 4786232..5296345 100644
> --- a/src/openvpn/init.c
> +++ b/src/openvpn/init.c
> @@ -414,11 +414,7 @@ next_connection_entry(struct context *c)
>  break;
>  }
>  }
> -else
> -#endif
> -
> -#ifdef ENABLE_MANAGEMENT
> -if (ce_defined && management && management_query_proxy_enabled
> (management))
> +else if (ce_defined && management &&
> management_query_proxy_enabled(management))
>  {
>  ce_defined = ce_management_query_proxy(c);
>  if (IS_SIG(c))
>

One more ifdef gone, and good riddance!

ACK.
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel