diff options
| -rw-r--r-- | changes/bug_5933_support_fragment_openvpn_option | 1 | ||||
| -rwxr-xr-x | pkg/linux/bitmask-root | 3 | ||||
| -rw-r--r-- | src/leap/bitmask/services/eip/eipconfig.py | 9 |
3 files changed, 10 insertions, 3 deletions
diff --git a/changes/bug_5933_support_fragment_openvpn_option b/changes/bug_5933_support_fragment_openvpn_option new file mode 100644 index 00000000..c7958054 --- /dev/null +++ b/changes/bug_5933_support_fragment_openvpn_option @@ -0,0 +1 @@ +- Allow the server to set a custom --fragment openvpn option (#5933)
\ No newline at end of file diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index ee195e3b..92bbf046 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -96,7 +96,8 @@ ALLOWED_FLAGS = { "--management-client-user": ["USER"], "--cert": ["FILE"], "--key": ["FILE"], - "--ca": ["FILE"] + "--ca": ["FILE"], + "--fragment": ["NUMBER"] } PARAM_FORMATS = { diff --git a/src/leap/bitmask/services/eip/eipconfig.py b/src/leap/bitmask/services/eip/eipconfig.py index 5b51d12e..659ca1b1 100644 --- a/src/leap/bitmask/services/eip/eipconfig.py +++ b/src/leap/bitmask/services/eip/eipconfig.py @@ -216,7 +216,7 @@ class EIPConfig(ServiceConfig): """ _service_name = "eip" - OPENVPN_ALLOWED_KEYS = ("auth", "cipher", "tls-cipher") + OPENVPN_ALLOWED_KEYS = ("auth", "cipher", "tls-cipher", "fragment") OPENVPN_CIPHERS_REGEX = re.compile("[A-Z0-9\-]+") def __init__(self): @@ -255,6 +255,11 @@ class EIPConfig(ServiceConfig): These are sanitized with alphanumeric whitelist. + NOTE: some openvpn config option don't take a value, but + this method currently requires that every option has a value. + Also, this does not yet work with values with spaces, like + `keepalive 10 30` + :returns: openvpn configuration dict :rtype: C{dict} """ @@ -262,7 +267,7 @@ class EIPConfig(ServiceConfig): config = {} for key, value in ovpncfg.items(): if key in self.OPENVPN_ALLOWED_KEYS and value is not None: - sanitized_val = self.OPENVPN_CIPHERS_REGEX.findall(value) + sanitized_val = self.OPENVPN_CIPHERS_REGEX.findall(str(value)) if len(sanitized_val) != 0: _val = sanitized_val[0] config[str(key)] = str(_val) |