diff --git a/release/src-rt-6.x.4708/router/rc/openvpn.c b/release/src-rt-6.x.4708/router/rc/openvpn.c index 1c800a19b1..beda2d5c3b 100644 --- a/release/src-rt-6.x.4708/router/rc/openvpn.c +++ b/release/src-rt-6.x.4708/router/rc/openvpn.c @@ -333,13 +333,13 @@ void start_ovpn_client(int unit) #endif memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpnclient%d", unit); + snprintf(buffer, BUF_SIZE, "vpnclient%d", unit); if (serialize_restart(buffer, 1)) return; /* Determine interface */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_if", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_if", unit); if (nvram_contains_word(buffer, "tap")) if_type = OVPN_IF_TAP; else if (nvram_contains_word(buffer, "tun")) @@ -354,7 +354,7 @@ void start_ovpn_client(int unit) /* Determine encryption mode */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_crypt", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_crypt", unit); if (nvram_contains_word(buffer, "tls")) auth_mode = OVPN_AUTH_TLS; else if (nvram_contains_word(buffer, "secret")) @@ -367,15 +367,11 @@ void start_ovpn_client(int unit) } /* Determine if we should bridge the tunnel */ - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_bridge", unit); - if (if_type == OVPN_IF_TAP && nvram_get_int(buffer) == 1) + if (if_type == OVPN_IF_TAP && atoi(getNVRAMVar("vpn_client%d_bridge", unit)) == 1) route_mode = BRIDGE; /* Determine if we should NAT the tunnel */ - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_nat", unit); - if (((if_type == OVPN_IF_TUN) || (route_mode != BRIDGE)) && nvram_get_int(buffer) == 1) + if (((if_type == OVPN_IF_TUN) || (route_mode != BRIDGE)) && atoi(getNVRAMVar("vpn_client%d_nat", unit)) == 1) route_mode = NAT; /* Setup directories and symlinks */ @@ -392,7 +388,7 @@ void start_ovpn_client(int unit) /* Build and write config file */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/config.ovpn", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/config.ovpn", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); @@ -424,9 +420,7 @@ void start_ovpn_client(int unit) fprintf(fp, "%s\n", getNVRAMVar("vpn_client%d_nm", unit)); } - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_retry", unit); - if ((nvi = nvram_get_int(buffer)) >= 0) + if ((nvi = atoi(getNVRAMVar("vpn_client%d_retry", unit))) >= 0) fprintf(fp, "resolv-retry %d\n", nvi); else fprintf(fp, "resolv-retry infinite\n"); @@ -434,14 +428,12 @@ void start_ovpn_client(int unit) if ((nvl = atol(getNVRAMVar("vpn_client%d_reneg", unit))) >= 0) fprintf(fp, "reneg-sec %ld\n", nvl); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_nobind", unit); - if (nvram_get_int(buffer) > 0) + if (atoi(getNVRAMVar("vpn_client%d_nobind", unit)) > 0) fprintf(fp, "nobind\n"); /* Compression */ memset(buffer, 0, BUF_SIZE); - strlcpy(buffer, getNVRAMVar("vpn_client%d_comp", unit), sizeof(buffer)); + strlcpy(buffer, getNVRAMVar("vpn_client%d_comp", unit), BUF_SIZE); if (strcmp(buffer, "-1")) { #ifndef TCONFIG_OPTIMIZE_SIZE_MORE if ((!strcmp(buffer, "lz4")) || (!strcmp(buffer, "lz4-v2"))) @@ -462,7 +454,7 @@ void start_ovpn_client(int unit) /* Cipher */ memset(buffer, 0, BUF_SIZE); - strlcpy(buffer, getNVRAMVar("vpn_client%d_ncp_ciphers", unit), sizeof(buffer)); + strlcpy(buffer, getNVRAMVar("vpn_client%d_ncp_ciphers", unit), BUF_SIZE); if (auth_mode == OVPN_AUTH_TLS) { if (buffer[0] != '\0') #ifndef TCONFIG_OPTIMIZE_SIZE_MORE @@ -475,7 +467,7 @@ void start_ovpn_client(int unit) else { /* SECRET/CUSTOM */ #endif memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_cipher", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_cipher", unit); if (!nvram_contains_word(buffer, "default")) fprintf(fp, "cipher %s\n", nvram_safe_get(buffer)); #ifndef TCONFIG_OPTIMIZE_SIZE_MORE @@ -484,14 +476,12 @@ void start_ovpn_client(int unit) /* Digest */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_digest", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_digest", unit); if (!nvram_contains_word(buffer, "default")) fprintf(fp, "auth %s\n", nvram_safe_get(buffer)); /* Routing */ - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_rgw", unit); - nvi = nvram_get_int(buffer); + nvi = atoi(getNVRAMVar("vpn_client%d_rgw", unit)); if (nvi == OVPN_RGW_ALL) { if (if_type == OVPN_IF_TAP && getNVRAMVar("vpn_client%d_gw", unit)[0] != '\0') @@ -511,11 +501,10 @@ void start_ovpn_client(int unit) "route-pre-down vpnrouting.sh\n"); if (auth_mode == OVPN_AUTH_TLS) { + nvi = atoi(getNVRAMVar("vpn_client%d_hmac", unit)); + memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_hmac", unit); - nvi = nvram_get_int(buffer); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_static", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_static", unit); if (!nvram_is_empty(buffer) && nvi >= 0) { if (nvi == 3) @@ -533,25 +522,23 @@ void start_ovpn_client(int unit) } memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_ca", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_ca", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "ca ca.crt\n"); if (!useronly) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_crt", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_crt", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "cert client.crt\n"); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_key", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_key", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "key client.key\n"); } - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_tlsremote", unit); - if (nvram_get_int(buffer)) + if (atoi(getNVRAMVar("vpn_client%d_tlsremote", unit))) fprintf(fp, "remote-cert-tls server\n"); if ((nvi = atoi(getNVRAMVar("vpn_client%d_tlsvername", unit))) > 0) { @@ -569,7 +556,7 @@ void start_ovpn_client(int unit) } else if (auth_mode == OVPN_AUTH_STATIC) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_static", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_static", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "secret static.key\n"); @@ -587,10 +574,10 @@ void start_ovpn_client(int unit) /* Write certification and key files */ if (auth_mode == OVPN_AUTH_TLS) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_ca", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_ca", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/ca.crt", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/ca.crt", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_ca", unit)); @@ -599,10 +586,10 @@ void start_ovpn_client(int unit) if (!useronly) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_key", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_key", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/client.key", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/client.key", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_key", unit)); @@ -610,10 +597,10 @@ void start_ovpn_client(int unit) } memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_crt", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_crt", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/client.crt", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/client.crt", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_crt", unit)); @@ -622,7 +609,7 @@ void start_ovpn_client(int unit) } if (userauth) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/up", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/up", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s\n", getNVRAMVar("vpn_client%d_username", unit)); @@ -630,14 +617,13 @@ void start_ovpn_client(int unit) fclose(fp); } } - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_hmac", unit); - if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && nvram_get_int(buffer) >= 0)) { + + if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && atoi(getNVRAMVar("vpn_client%d_hmac", unit)) >= 0)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_static", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_static", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/static.key", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/static.key", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_static", unit)); @@ -647,21 +633,20 @@ void start_ovpn_client(int unit) /* Handle firewall rules if appropriate */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_firewall", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d_firewall", unit); if (!nvram_contains_word(buffer, "custom")) { chains_log_detection(); /* Create firewall rules */ mkdir(OVPN_DIR"/fw", 0700); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/client%d-fw.sh", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/client%d-fw.sh", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR | S_IXUSR)); fprintf(fp, "#!/bin/sh\n"); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_fw", unit); - nvi = nvram_get_int(buffer); + nvi = atoi(getNVRAMVar("vpn_client%d_fw", unit)); + fprintf(fp, "iptables -I INPUT -i %s -m state --state NEW -j %s\n" "iptables -I FORWARD -i %s -m state --state NEW -j %s\n" "iptables -I FORWARD -o %s -j ACCEPT\n", @@ -689,9 +674,7 @@ void start_ovpn_client(int unit) } #endif - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d_rgw", unit); - nvi = nvram_get_int(buffer); + nvi = atoi(getNVRAMVar("vpn_client%d_rgw", unit)); if (nvi >= OVPN_RGW_POLICY) { /* Disable rp_filter when in policy mode */ fprintf(fp, "echo 0 > /proc/sys/net/ipv4/conf/%s/rp_filter\n" @@ -714,7 +697,7 @@ void start_ovpn_client(int unit) /* firewall rules */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/client%d-fw.sh", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/client%d-fw.sh", unit); /* first remove existing firewall rule(s) */ run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); @@ -728,7 +711,7 @@ void start_ovpn_client(int unit) /* Start the VPN client */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/vpnclient%d", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/vpnclient%d", unit); memset(buffer2, 0, sizeof(buffer2)); snprintf(buffer2, sizeof(buffer2), OVPN_DIR"/client%d", unit); @@ -751,7 +734,7 @@ void start_ovpn_client(int unit) ovpn_setup_watchdog(OVPN_TYPE_CLIENT, unit); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d", unit); allow_fastnat(buffer, 0); try_enabling_fastnat(); } @@ -761,32 +744,32 @@ void stop_ovpn_client(int unit) char buffer[BUF_SIZE]; memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpnclient%d", unit); + snprintf(buffer, BUF_SIZE, "vpnclient%d", unit); if (serialize_restart(buffer, 0)) return; /* Remove cron job */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "CheckVPNclient%d", unit); + snprintf(buffer, BUF_SIZE, "CheckVPNclient%d", unit); eval("cru", "d", buffer); /* Stop the VPN client */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpnclient%d", unit); + snprintf(buffer, BUF_SIZE, "vpnclient%d", unit); killall_and_waitfor(buffer, 5, 50); ovpn_remove_iface(OVPN_TYPE_CLIENT, unit); /* Remove firewall rules after VPN exit */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/client%d-fw.sh", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/client%d-fw.sh", unit); run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); /* Delete all files for this client */ ovpn_cleanup_dirs(OVPN_TYPE_CLIENT, unit); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_client%d", unit); + snprintf(buffer, BUF_SIZE, "vpn_client%d", unit); allow_fastnat(buffer, 1); try_enabling_fastnat(); } @@ -818,13 +801,13 @@ void start_ovpn_server(int unit) #endif memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpnserver%d", unit); + snprintf(buffer, BUF_SIZE, "vpnserver%d", unit); if (serialize_restart(buffer, 1)) return; /* Determine interface */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_if", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_if", unit); if (nvram_contains_word(buffer, "tap")) if_type = OVPN_IF_TAP; else if (nvram_contains_word(buffer, "tun")) @@ -839,7 +822,7 @@ void start_ovpn_server(int unit) /* Determine encryption mode */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_crypt", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_crypt", unit); if (nvram_contains_word(buffer, "tls")) auth_mode = OVPN_AUTH_TLS; else if (nvram_contains_word(buffer, "secret")) @@ -865,12 +848,10 @@ void start_ovpn_server(int unit) /* Build and write config files */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/config.ovpn", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/config.ovpn", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_port", unit); fprintf(fp, "# Generated Configuration\n" "daemon openvpn-server%d\n" "port %d\n" @@ -879,7 +860,7 @@ void start_ovpn_server(int unit) "keepalive 15 60\n" "verb 3\n", unit, - nvram_get_int(buffer), + atoi(getNVRAMVar("vpn_server%d_port", unit)), iface); #ifndef TCONFIG_OPTIMIZE_SIZE_MORE @@ -892,11 +873,10 @@ void start_ovpn_server(int unit) } else if (if_type == OVPN_IF_TAP) { fprintf(fp, "server-bridge"); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_dhcp", unit); - if (nvram_get_int(buffer) == 0) { + + if (atoi(getNVRAMVar("vpn_server%d_dhcp", unit)) == 0) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_br", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_br", unit); if (nvram_contains_word(buffer, "br1")) { br_ipaddr = nvram_get("lan1_ipaddr"); br_netmask = nvram_get("lan1_netmask"); @@ -940,14 +920,14 @@ void start_ovpn_server(int unit) mwan_num = 1; memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_proto", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_proto", unit); fprintf(fp, "proto %s\n", nvram_safe_get(buffer)); /* full dual-stack functionality starting with OpenVPN 2.4.0 */ if (nvram_contains_word(buffer, "udp") && mwan_num > 1) /* udp/udp4/udp6 - only if multiwan */ fprintf(fp, "multihome\n"); /* Cipher */ - strlcpy(buffer, getNVRAMVar("vpn_server%d_ncp_ciphers", unit), sizeof(buffer)); + strlcpy(buffer, getNVRAMVar("vpn_server%d_ncp_ciphers", unit), BUF_SIZE); #ifndef TCONFIG_OPTIMIZE_SIZE_MORE if (auth_mode == OVPN_AUTH_TLS) { if (buffer[0] != '\0') @@ -957,20 +937,20 @@ void start_ovpn_server(int unit) #endif { /* SECRET/CUSTOM */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_cipher", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_cipher", unit); if (!nvram_contains_word(buffer, "default")) fprintf(fp, "cipher %s\n", nvram_safe_get(buffer)); } /* Digest */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_digest", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_digest", unit); if (!nvram_contains_word(buffer, "default")) fprintf(fp, "auth %s\n", nvram_safe_get(buffer)); /* Compression */ memset(buffer, 0, BUF_SIZE); - strlcpy(buffer, getNVRAMVar("vpn_server%d_comp", unit), sizeof(buffer)); + strlcpy(buffer, getNVRAMVar("vpn_server%d_comp", unit), BUF_SIZE); if (strcmp(buffer, "-1")) { #ifndef TCONFIG_OPTIMIZE_SIZE_MORE if (!strcmp(buffer, "lz4") || !strcmp(buffer, "lz4-v2")) @@ -994,7 +974,7 @@ void start_ovpn_server(int unit) /* push LANs */ for (i = 0; i < BRIDGE_COUNT; i++) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), (i == 0 ? "vpn_server%d_plan" : "vpn_server%d_plan%d"), unit, i); + snprintf(buffer, BUF_SIZE, (i == 0 ? "vpn_server%d_plan" : "vpn_server%d_plan%d"), unit, i); if (nvram_get_int(buffer)) { int ret3 = 0, ret4 = 0; @@ -1008,29 +988,23 @@ void start_ovpn_server(int unit) } } - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_ccd", unit); - if (nvram_get_int(buffer)) { + if (atoi(getNVRAMVar("vpn_server%d_ccd", unit))) { fprintf(fp, "client-config-dir ccd\n"); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_c2c", unit); - if ((c2c = nvram_get_int(buffer))) + if ((c2c = atoi(getNVRAMVar("vpn_server%d_c2c", unit)))) fprintf(fp, "client-to-client\n"); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_ccd_excl", unit); - if (nvram_get_int(buffer)) + if (atoi(getNVRAMVar("vpn_server%d_ccd_excl", unit))) fprintf(fp, "ccd-exclusive\n"); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/ccd", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/ccd", unit); mkdir(buffer, 0700); chdir(buffer); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_ccd_val", unit); - strlcpy(buffer, nvram_safe_get(buffer), sizeof(buffer)); + snprintf(buffer, BUF_SIZE, "vpn_server%d_ccd_val", unit); + strlcpy(buffer, nvram_safe_get(buffer), BUF_SIZE); chp = strtok(buffer, ">"); while (chp != NULL) { nvi = strlen(chp); @@ -1084,24 +1058,18 @@ void start_ovpn_server(int unit) logmsg(LOG_DEBUG, "*** %s: CCD processing complete", __FUNCTION__); } - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_userpass", unit); - if (nvram_get_int(buffer)) { + if (atoi(getNVRAMVar("vpn_server%d_userpass", unit))) { fprintf(fp, "plugin /lib/openvpn_plugin_auth_nvram.so vpn_server%d_users_val\n" "script-security 2\n", unit); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_nocert", unit); - if (nvram_get_int(buffer)) { + if (atoi(getNVRAMVar("vpn_server%d_nocert", unit))) { fprintf(fp, "verify-client-cert optional\n" "username-as-common-name\n"); } } - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_pdns", unit); - if (nvram_get_int(buffer)) { + if (atoi(getNVRAMVar("vpn_server%d_pdns", unit))) { if (nvram_safe_get("wan_domain")[0] != '\0') fprintf(fp, "push \"dhcp-option DOMAIN %s\"\n", nvram_safe_get("wan_domain")); if ((nvram_safe_get("wan_wins")[0] != '\0' && strcmp(nvram_safe_get("wan_wins"), "0.0.0.0") != 0)) @@ -1111,7 +1079,7 @@ void start_ovpn_server(int unit) for (i = 0; i < BRIDGE_COUNT; i++) { if (push_lan[i] == 1) { /* push IPv4 LANx DNS */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i); + snprintf(buffer, BUF_SIZE, (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i); fprintf(fp, "push \"dhcp-option DNS %s\"\n", nvram_safe_get(buffer)); dont_push_active = 1; } @@ -1121,7 +1089,7 @@ void start_ovpn_server(int unit) if (dont_push_active == 0) { for (i = 0; i < BRIDGE_COUNT; i++) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i); + snprintf(buffer, BUF_SIZE, (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i); if (strcmp(nvram_safe_get(buffer), "") != 0) { fprintf(fp, "push \"dhcp-option DNS %s\"\n", nvram_safe_get(buffer)); break; @@ -1130,9 +1098,7 @@ void start_ovpn_server(int unit) } } - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_rgw", unit); - if (nvram_get_int(buffer)) { + if (atoi(getNVRAMVar("vpn_server%d_rgw", unit))) { if (if_type == OVPN_IF_TAP) fprintf(fp, "push \"route-gateway %s\"\n", nvram_safe_get("lan_ipaddr")); fprintf(fp, "push \"redirect-gateway def1\"\n"); @@ -1140,7 +1106,7 @@ void start_ovpn_server(int unit) nvi = atoi(getNVRAMVar("vpn_server%d_hmac", unit)); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_static", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_static", unit); if (!nvram_is_empty(buffer) && nvi >= 0) { if (nvi == 3) fprintf(fp, "tls-crypt static.key"); @@ -1155,28 +1121,28 @@ void start_ovpn_server(int unit) } memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_ca", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_ca", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "ca ca.crt\n"); nvi = atoi(getNVRAMVar("vpn_server%d_ecdh", unit)); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_dh", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_dh", unit); if (!nvram_is_empty(buffer) && nvi == 0) fprintf(fp, "dh dh.pem\n"); else fprintf(fp, "dh none\n"); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_crt", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_crt", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "cert server.crt\n"); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_crl", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_crl", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "crl-verify crl.pem\n"); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_key", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_key", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "key server.key\n"); } @@ -1184,7 +1150,7 @@ void start_ovpn_server(int unit) #endif if (auth_mode == OVPN_AUTH_STATIC) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_static", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_static", unit); if (!nvram_is_empty(buffer)) fprintf(fp, "secret static.key\n"); } @@ -1200,10 +1166,10 @@ void start_ovpn_server(int unit) #ifndef TCONFIG_OPTIMIZE_SIZE_MORE if (auth_mode == OVPN_AUTH_TLS) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_ca", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_ca", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/ca.crt", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/ca.crt", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_ca", unit)); @@ -1211,10 +1177,10 @@ void start_ovpn_server(int unit) } memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_key", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_key", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/server.key", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/server.key", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_key", unit)); @@ -1222,10 +1188,10 @@ void start_ovpn_server(int unit) } memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_crt", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_crt", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/server.crt", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/server.crt", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_crt", unit)); @@ -1233,10 +1199,10 @@ void start_ovpn_server(int unit) } memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_crl", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_crl", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/crl.pem", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/crl.pem", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_crl", unit)); @@ -1244,10 +1210,10 @@ void start_ovpn_server(int unit) } memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_dh", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_dh", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/dh.pem", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/dh.pem", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_dh", unit)); @@ -1255,14 +1221,12 @@ void start_ovpn_server(int unit) } } #endif - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_hmac", unit); - if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && nvram_get_int(buffer) >= 0)) { + if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && atoi(getNVRAMVar("vpn_server%d_hmac", unit)) >= 0)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_static", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_static", unit); if (!nvram_is_empty(buffer)) { memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/static.key", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/static.key", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_static", unit)); @@ -1272,14 +1236,14 @@ void start_ovpn_server(int unit) /* Handle firewall rules if appropriate */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_firewall", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_firewall", unit); if (!nvram_contains_word(buffer, "custom")) { chains_log_detection(); /* Create firewall rules */ mkdir(OVPN_DIR"/fw", 0700); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/server%d-fw.sh", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/server%d-fw.sh", unit); fp = fopen(buffer, "w"); chmod(buffer, (S_IRUSR | S_IWUSR | S_IXUSR)); fprintf(fp, "#!/bin/sh\n"); @@ -1297,11 +1261,11 @@ void start_ovpn_server(int unit) memset(buffer, 0, BUF_SIZE); strncpy(buffer, getNVRAMVar("vpn_server%d_proto", unit), BUF_SIZE); fprintf(fp, "iptables -I INPUT -p %s ", buffer2); + + fprintf(fp, "--dport %d -j %s\n", atoi(getNVRAMVar("vpn_server%d_port", unit)), chain_in_accept); + memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_port", unit); - fprintf(fp, "--dport %d -j %s\n", nvram_get_int(buffer), chain_in_accept); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_firewall", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_firewall", unit); if (!nvram_contains_word(buffer, "external")) { fprintf(fp, "iptables -I INPUT -i %s -j %s\n" "iptables -I FORWARD -i %s -j ACCEPT\n", @@ -1318,11 +1282,11 @@ void start_ovpn_server(int unit) if (ipv6_enabled()) { strncpy(buffer, getNVRAMVar("vpn_server%d_proto", unit), BUF_SIZE); fprintf(fp, "ip6tables -I INPUT -p %s ", buffer2); + + fprintf(fp, "--dport %d -j %s\n", atoi(getNVRAMVar("vpn_server%d_port", unit)), chain_in_accept); + memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_port", unit); - fprintf(fp, "--dport %d -j %s\n", nvram_get_int(buffer), chain_in_accept); - memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d_firewall", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d_firewall", unit); if (!nvram_contains_word(buffer, "external")) { fprintf(fp, "ip6tables -I INPUT -i %s -j %s\n" "ip6tables -I FORWARD -i %s -j ACCEPT\n", @@ -1336,7 +1300,7 @@ void start_ovpn_server(int unit) /* firewall rules */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/server%d-fw.sh", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/server%d-fw.sh", unit); /* first remove existing firewall rule(s) */ run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); @@ -1347,7 +1311,7 @@ void start_ovpn_server(int unit) /* Start the VPN server */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/vpnserver%d", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/vpnserver%d", unit); memset(buffer2, 0, sizeof(buffer2)); snprintf(buffer2, sizeof(buffer2), OVPN_DIR"/server%d", unit); @@ -1370,7 +1334,7 @@ void start_ovpn_server(int unit) ovpn_setup_watchdog(OVPN_TYPE_SERVER, unit); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d", unit); allow_fastnat(buffer, 0); try_enabling_fastnat(); } @@ -1380,32 +1344,32 @@ void stop_ovpn_server(int unit) char buffer[BUF_SIZE]; memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpnserver%d", unit); + snprintf(buffer, BUF_SIZE, "vpnserver%d", unit); if (serialize_restart(buffer, 0)) return; /* Remove cron job */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "CheckVPNserver%d", unit); + snprintf(buffer, BUF_SIZE, "CheckVPNserver%d", unit); eval("cru", "d", buffer); /* Stop the VPN server */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpnserver%d", unit); + snprintf(buffer, BUF_SIZE, "vpnserver%d", unit); killall_and_waitfor(buffer, 5, 50); ovpn_remove_iface(OVPN_TYPE_SERVER, unit); /* Remove firewall rules */ memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/server%d-fw.sh", unit); + snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/server%d-fw.sh", unit); run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); /* Delete all files for this server */ ovpn_cleanup_dirs(OVPN_TYPE_SERVER, unit); memset(buffer, 0, BUF_SIZE); - snprintf(buffer, sizeof(buffer), "vpn_server%d", unit); + snprintf(buffer, BUF_SIZE, "vpn_server%d", unit); allow_fastnat(buffer, 1); try_enabling_fastnat(); }