Opened 9 years ago
Last modified 5 years ago
#551 new Bug / Defect
--ipchange: openvpn does not pass parameters correctly
Reported by: | debbie10t | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Generic / unclassified | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | ipchange |
Cc: | David Sommerseth, plaisthos, tct |
Description
According to the OpenVPN Manual:
|
However, this is not the case ...
Client.conf (default more or less):
ipchange 'ipchange.sh TEST'
ipchange.sh:
echo $(date) echo P1: $1 echo P2: $2 echo P3: $3
Client log:
Thu May 7 22:37:01 BST 2015 P1: TEST P2: [AF_INET]172.17.2.222 37323 P3:
The string [AF_INET] and parameters ip_address and port_number are passed as one long string to one positional parameter.
Change History (4)
comment:1 Changed 9 years ago by
Cc: | David Sommerseth plaisthos added |
---|
comment:2 Changed 9 years ago by
Initial test done with:
OpenVPN 2.3_git [git:master/23b6ba6378bf3a3f+] i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on May 3 2015
Dated: 2015.05.03 @15:01
More tests:
Linux
OpenVPN 2.3.6 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 2 2014
Client config:
script-security 3 ipchange "ipchange.sh TEST"
ipchange.sh:
echo $(date) echo P1: $1 echo P2: $2 echo P3: $3 echo P4: $4
Log:
Sun May 10 12:18:17 BST 2015 P1: TEST P2: [AF_INET]88.105.52.9 P3: [AF_INET]37323 P4:
WXP (i003)
OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014
Client config:
script-security 3 ipchange "IPCHANGE.bat TEST"
IPCHANGE.bat:
set log=IPCHANGE.log date /t > %log% echo P1: %1 >> %log% echo P2: %2 >> %log% echo P3: %3 >> %log% echo P4: %4 >> %log%
IPCHANGE.log:
10/05/2015 P1: TEST P2: [AF_INET]88.105.52.9 P3: [AF_INET]37323 P4:
Result is actually correct .. two parms ip_address and port_number but with the slightly annoying [AF_INET] still present.
comment:3 Changed 9 years ago by
Thanks for the detailed test. This is indeed surprising, I would have sworn that it was a) broken in 2.3 as well (it is not) and that b) the [INET] thingie is new (it was even worse in 2.3...)
Now I'm getting courious how this might have looked in 2.2, before we started meddling with things :-)
Indeed... regression, most likely as consequence of moving away from system() and always calling exec() here (and quite likely broken since the introduction of "script-security system", hundreds of years ago). Not trivial to fix, though, as the formatted string is used in different places.
Besides the "two parameters" thing, the [INET] bit is also slightly annoying - which is a 2.4 regression.
Could you test whether this is working in 2.3.x? (Your bug report says "git master") - the removal of system() was done in commit 3cb9f1a62b4a84dbf4acd1957c900a5b06fd6ac2, which is part of 2.3_rc1 - so 2.3.x should also be broken in this regard.
Copying in dazo and plaisthos, as you're to blame :-) - but I wonder what we want to do about it, really...