Error in file checking with "chroot" option enabled

[MaxMuster]

If file checking is enabled (e.g. no "ENABLE_SMALL"), a valid and functional Server config fails to load.

My guess: The "check_file_access" in src/openvpn/options.c will check for the existence of the "client-config-dir". This fails if used in conjunction with the chroot option, because the path in the config needs to be relative to the chroot directory but the presence of the directory seems to be checked not taking this into account.

Given a ccd "/tmp/openvpn/clients" together with "chroot /tmp/openvpn" will need this config:

...
client-config-dir /clients
...
chroot /tmp/openvpn
...

This will start and work fine, if binary was compiled with "ENABLE_SMALL" (doing no sanity checks on startup).

But a "full" OpenVPN will fail to start:

Options error: --client-config-dir fails with '/clients': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

You can make it start by using the full path, but obviously during operation the files in client-config-dir are not found (for the correct value would be relative to the chroot directory)

[MaxMuster]

Simple try to fix file checking of client-config-dir with chroot set - fixed indents - fixed wrong "free"

[MaxMuster]

Second, more generic fix, introducing a filecheck respecting chroot_dir

[JoshC]

Thanks for the report, although the core issue goes deeper than just the --client-connect-dir option as it impacts all file/dir/script options. A solution is already in progress on bug #330, so I'm going to close this as a duplicate; please see #330 to track the resolution as this issue gets fixed as well.