Opened 11 years ago
Closed 11 years ago
#299 closed Bug / Defect (duplicate)
Error in file checking with "chroot" option enabled
Reported by: | MaxMuster | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Generic / unclassified | Version: | OpenVPN 2.3.1 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | chroot check_file_access client-config-dir |
Cc: |
Description
If file checking is enabled (e.g. no "ENABLE_SMALL"), a valid and functional Server config fails to load.
My guess: The "check_file_access" in src/openvpn/options.c
will check for the existence of the "client-config-dir". This fails if used in conjunction with the chroot option, because the path in the config needs to be relative to the chroot directory but the presence of the directory seems to be checked not taking this into account.
Given a ccd "/tmp/openvpn/clients" together with "chroot /tmp/openvpn" will need this config:
... client-config-dir /clients ... chroot /tmp/openvpn ...
This will start and work fine, if binary was compiled with "ENABLE_SMALL" (doing no sanity checks on startup).
But a "full" OpenVPN will fail to start:
Options error: --client-config-dir fails with '/clients': No such file or directory Options error: Please correct these errors. Use --help for more information.
You can make it start by using the full path, but obviously during operation the files in client-config-dir are not found (for the correct value would be relative to the chroot directory)
Attachments (2)
Change History (3)
Changed 11 years ago by
Attachment: | 300-fix-filechecking.patch added |
---|
Changed 11 years ago by
Attachment: | 301-fix-filechecking.patch added |
---|
Second, more generic fix, introducing a filecheck respecting chroot_dir
comment:1 Changed 11 years ago by
Resolution: | → duplicate |
---|---|
Status: | new → closed |
Thanks for the report, although the core issue goes deeper than just the --client-connect-dir option as it impacts all file/dir/script options. A solution is already in progress on bug #330, so I'm going to close this as a duplicate; please see #330 to track the resolution as this issue gets fixed as well.
Simple try to fix file checking of client-config-dir with chroot set - fixed indents - fixed wrong "free"