Browse code
Only print script warnings when a script is used. Remove stray mention of script-security system.
Acked-by: Jan Just Keijser <janjust@nikhef.nl>
Message-Id: <1369920428-11350-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7625
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2013/05/30 22:27:08Showing 2 changed files
| ... | ... |
@@ -100,6 +100,6 @@ typedef unsigned long ptr_type; |
| 100 | 100 |
/* |
| 101 | 101 |
* Script security warning |
| 102 | 102 |
*/ |
| 103 |
-#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info." |
|
| 103 |
+#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info." |
|
| 104 | 104 |
|
| 105 | 105 |
#endif |
| ... | ... |
@@ -2542,12 +2542,19 @@ do_option_warnings (struct context *c) |
| 2542 | 2542 |
msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS"); |
| 2543 | 2543 |
#endif |
| 2544 | 2544 |
|
| 2545 |
- if (script_security >= SSEC_SCRIPTS) |
|
| 2546 |
- msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"); |
|
| 2547 |
- else if (script_security >= SSEC_PW_ENV) |
|
| 2548 |
- msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables"); |
|
| 2549 |
- else |
|
| 2550 |
- msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables"); |
|
| 2545 |
+ /* Check if a script is used and print approiate warnings */ |
|
| 2546 |
+ if (o->up_script || o->ipchange || o->down_script || o->route_script |
|
| 2547 |
+ || o->route_predown_script || o->auth_user_pass_verify_script |
|
| 2548 |
+ || o->client_disconnect_script || o->client_connect_script |
|
| 2549 |
+ || o->learn_address_script || o->tls_verify) |
|
| 2550 |
+ {
|
|
| 2551 |
+ if (script_security >= SSEC_SCRIPTS) |
|
| 2552 |
+ msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"); |
|
| 2553 |
+ else if (script_security >= SSEC_PW_ENV) |
|
| 2554 |
+ msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables"); |
|
| 2555 |
+ else |
|
| 2556 |
+ msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1+ requires '--script-security 2' or higher to call user-defined scripts or executables"); |
|
| 2557 |
+ } |
|
| 2551 | 2558 |
} |
| 2552 | 2559 |
|
| 2553 | 2560 |
static void |