Move checking of script file access into set_user_script

At the moment script are only checked if P2MP_SERVER is defined. For CLIENT_ONLY openvpn script were never checked. Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1369947737-26081-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/7635 Signed-off-by: Gert Doering <gert@greenie.muc.de>
2026-06-11 09:50:26 -04:00 · 2013-05-30 23:02:17 +02:00 · 2013-05-30 23:02:17 +02:00 · e55681a9d8
commit e55681a9d8
parent 9b6a502811
1 changed files with 11 additions and 22 deletions
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@ -2745,28 +2745,6 @@ options_postprocess_filechecks (struct options *options)
  errs |= check_file_access (CHKACC_FILE, options->tmp_dir,
                             R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)");

-  /* ** Script hooks that accept an optionally quoted and/or escaped executable path, ** */
-  /* ** optionally followed by arguments ** */
-  errs |= check_cmd_access (options->auth_user_pass_verify_script,
-                            "--auth-user-pass-verify script");
-  errs |= check_cmd_access (options->client_connect_script,
-                            "--client-connect script");
-  errs |= check_cmd_access (options->client_disconnect_script,
-                            "--client-disconnect script");
-  errs |= check_cmd_access (options->tls_verify,
-                            "--tls-verify script");
-  errs |= check_cmd_access (options->up_script,
-                            "--up script");
-  errs |= check_cmd_access (options->down_script,
-                            "--down script");
-  errs |= check_cmd_access (options->ipchange,
-                            "--ipchange script");
-  errs |= check_cmd_access (options->route_script,
-                            "--route-up script");
-  errs |= check_cmd_access (options->route_predown_script,
-                            "--route-pre-down script");
-  errs |= check_cmd_access (options->learn_address_script,
-                            "--learn-address script");
 #endif /* P2MP_SERVER */

  if (errs)
@ -4037,6 +4015,17 @@ set_user_script (struct options *options,
  }
  *script = new_script;
  options->user_script_used = true;
+
+#ifndef ENABLE_SMALL
+  {
+    char script_name[100];
+    openvpn_snprintf (script_name, sizeof(script_name),
+                      "--%s script", type);
+
+    if (check_cmd_access (*script, script_name))
+      msg (M_USAGE, "Please correct this error.");
+  }
+#endif
 }