upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-06-11 09:50:26 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Only print script warnings when a script is used. Remove stray mention of script-security system.

Browse source 
Acked-by: Jan Just Keijser <janjust@nikhef.nl>
Message-Id: <1369920428-11350-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7625

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 8476edbb17)
This commit is contained in:
Arne Schwabe 2013-05-30 15:27:08 +02:00 committed by Gert Doering
parent 02d027fd79
commit 567bfc06d0
2 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/openvpn/common.h
View file

@ -100,6 +100,6 @@ typedef unsigned long ptr_type;
/*
* Script security warning
*/
#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info."
#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info."
#endif

19
src/openvpn/init.c
View file

@ -2486,12 +2486,19 @@ do_option_warnings (struct context *c)
msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS");
#endif
if (script_security >= SSEC_SCRIPTS)
msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
else if (script_security >= SSEC_PW_ENV)
msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
else
msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
/* Check if a script is used and print approiate warnings */
if (o->up_script || o->ipchange || o->down_script || o->route_script
|| o->route_predown_script || o->auth_user_pass_verify_script
|| o->client_disconnect_script || o->client_connect_script
|| o->learn_address_script || o->tls_verify)
{
if (script_security >= SSEC_SCRIPTS)
msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
else if (script_security >= SSEC_PW_ENV)
msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
else
msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1+ requires '--script-security 2' or higher to call user-defined scripts or executables");
}
}
static void