#395 closed Bug / Defect (fixed)
Evaluating quoted path & file config statements syntax (Win32)
Reported by: | debbie10t | Owned by: | Samuli Seppänen |
---|---|---|---|
Priority: | minor | Milestone: | release 2.3.7 |
Component: | Documentation | Version: | OpenVPN 2.3.3 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | windows |
Cc: |
Description
When evaluating "up" with a full path/file and an inserted parameter OpenVPN behaves like so:
(A.0) Using no path plus additional parameter:
up "BSTATUS.bat 1"
Works
(A.1) double quotes and long names plus additional parameter:
up "c:\\program files\\openvpn\\config\\BSTATUS.bat 1"
Options error: --up script fails with
'c:\program files\openvpn\config\BSTATUS.bat 1': No such file or directory
(A.2) double quotes and short names plus additional parameter:
up "c:\\progra~1\\openvpn\\config\\BSTATUS.bat 1"
Options error: --up script fails with
'c:\progra~1\openvpn\config\BSTATUS.bat 1': No such file or directory
(A.3) single quote and long names plus additional parameter:
up 'c:\\program files\\openvpn\\config\\BSTATUS.bat 1'
Options error: --up script fails with
'c:\program': No such file or directory
(A.4) single quote and short names plus additional parameter:
up 'c:\\progra~1\\openvpn\\config\\BSTATUS.bat 1'
Works
(B.1) double quote and long names plus additional parameter and slash:
up "c:/program files/openvpn/config/BSTATUS.bat 1"
Options error: --up script fails with
'c:/program': No such file or directory
(B.2) double quotes and short names plus additional parameter and slash:
up "c:/progra~1/openvpn/config/BSTATUS.bat 1"
Works
(B.3) single quote and long names plus additional parameter and slash:
up 'c:/program files/openvpn/config/BSTATUS.bat 1'
Options error: --up script fails with
'c:/program': No such file or directory
(B.4) single quote and short names plus additional parameter and slash:
up 'c:/progra~1/openvpn/config/BSTATUS.bat 1'
Works
(B.4i) single quote and short names plus additional parameter with mixed oblique and slash:
up 'c:\\progra~1/openvpn\\config/BSTATUS.bat 1'
Works
The same is true for down, client-connect and client-disconnect.
As a side note, inserting a space between c and a (ca.crt):
ca "c:\\Program Files\\OpenVPN\\config\\Server1\\PKI\\c a.crt"
WORKS !
Change History (12)
comment:1 Changed 10 years ago by
comment:2 Changed 9 years ago by
Keywords: | windows added |
---|
Debbie10t: this explains how OpenVPN behaves according to your tests. I assume some of the behavior is not what you expected, meaning that there is a bug somewhere. Please let us know what OpenVPN should do differently and why, and we will consider fixing this. Otherwise we have to close this ticket as "notabug".
comment:3 Changed 9 years ago by
OK close as "notabug"
With this comment:
- All directives which reference a file (in a configuration file) which have parameters added to the command line string (in this case --up bstatus.bat 1 plus the openvpn appended parameters) do not support spaces in the name of the file.
- Where as directives which reference a file (in a configuration file) which do not have parameters appended after the name of the file do support spaces in the file name. eg: --ca (see my initial report)
comment:4 Changed 9 years ago by
Component: | Configuration → Documentation |
---|---|
Owner: | set to Samuli Seppänen |
Status: | new → accepted |
Ok, smells like we could improve the documentation a bit. I will take care of it, then close this ticket. Thanks!
comment:5 Changed 9 years ago by
Milestone: | → release 2.3.7 |
---|
comment:6 follow-up: 7 Changed 9 years ago by
Script names with spaces in them *might* work if the space is escaped on its own
--up '/program\ files/myscript.bat 1'
but in general, openvpn has no reasonable chance here to recognize where the command name ends and where the arguments start - and that distinction need to be done to exec() the correct part of the command line. In other words: blanks in commands are not going to work really well on any operating system, not a particular problem to windows - it's worse on windows because of "C:\program files\" being there by default.
The fact that it works for --ca is easily explained - no argument splitting needs to be done there, all of the argument given is "the file name, period".
Samuli: be quick or bounce to 2.3.8, release coming up :-)
comment:7 Changed 9 years ago by
Replying to cron2:
Script names with spaces in them *might* work if the space is escaped on its own
--up '/program\ files/myscript.bat 1'
Fair play .. I forgot to try that ..
Perhaps this particular bug-rep could be renamed something like "white space in config files" especially considering ..
Connection blocks:
### connection #1 <connection> remote server.ip.add port </connection>
Works!
### connection #2 <connection> remote server.ip.add port </connection>
Throws:
2.3_git [20150526_1222]:
Options error: Unrecognized option or missing parameter(s) in [CONNECTION-OPTIONS]:2: /connection (2.3_git) Use --help for more information.Win236:
Options error: Unrecognized option or missing parameter(s) in [CONNECTION-OPTIONS]:2: /connection (2.3.6) Use --help for more information. Press any key to continue...
comment:8 Changed 9 years ago by
Would this addition to the man-page (--script-security section) look ok to you both:
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index df16a7f..6797bfc 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -2007,6 +2007,11 @@ or As of OpenVPN v2.3, this flag is no longer accepted. In most *nix environments the execve() approach has been used without any issues. +Some directives such as \-\-up allow options to be passed to the external +script. In these cases make sure the script name does not contain any spaces or +the configuration parser will choke because it can't determine where the script +name ends and script options start. + To run scripts in Windows in earlier OpenVPN versions you needed to either add a full path to the script interpreter which can parse the script or use the
If this looks ok, I will send a patch.
The connection block issue looks interesting: the config parser sees the linefeed, thinks there's another directive coming up and barfs when the next line (directive) has no content except spaces. I think this is a separate issue and we should fix it in the code if possible. Thoughts?
comment:9 Changed 9 years ago by
My documentation fix proposal was pre-ACKed by cron2, so I'll be sending a patch soon. I'll also create a separate tickets for the connection block issue.
comment:10 Changed 9 years ago by
In future I shall submit one bug per trac .. thanks for your help :)
comment:11 Changed 9 years ago by
Your patch has been applied to the master and release/2.3 branch.
commit 001384e2952b54089e889edbda3196283b21641d (master)
commit 9f1d4545049bb643bf214498709e2af001bbe106 (release/2.3)
Author: Samuli Seppänen
Date: Tue Jun 2 10:59:42 2015 +0300
Improve documentation in --script-security section of the man-page
comment:12 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
The connection block thing is now in ticket #569. I'll close this ticket as fixed.
Certainly a thorough review of how Windows paths escaping and quoting :). Is the current behavior something you would not expect?