Acked-by: Jan Just Keijser <janjust@nikhef.nl>
Message-Id: <1369920428-11350-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7625
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -100,6 +100,6 @@ typedef unsigned long ptr_type; |
100 | 100 |
/* |
101 | 101 |
* Script security warning |
102 | 102 |
*/ |
103 |
-#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info." |
|
103 |
+#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info." |
|
104 | 104 |
|
105 | 105 |
#endif |
... | ... |
@@ -2542,12 +2542,19 @@ do_option_warnings (struct context *c) |
2542 | 2542 |
msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS"); |
2543 | 2543 |
#endif |
2544 | 2544 |
|
2545 |
- if (script_security >= SSEC_SCRIPTS) |
|
2546 |
- msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"); |
|
2547 |
- else if (script_security >= SSEC_PW_ENV) |
|
2548 |
- msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables"); |
|
2549 |
- else |
|
2550 |
- msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables"); |
|
2545 |
+ /* Check if a script is used and print approiate warnings */ |
|
2546 |
+ if (o->up_script || o->ipchange || o->down_script || o->route_script |
|
2547 |
+ || o->route_predown_script || o->auth_user_pass_verify_script |
|
2548 |
+ || o->client_disconnect_script || o->client_connect_script |
|
2549 |
+ || o->learn_address_script || o->tls_verify) |
|
2550 |
+ { |
|
2551 |
+ if (script_security >= SSEC_SCRIPTS) |
|
2552 |
+ msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"); |
|
2553 |
+ else if (script_security >= SSEC_PW_ENV) |
|
2554 |
+ msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables"); |
|
2555 |
+ else |
|
2556 |
+ msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1+ requires '--script-security 2' or higher to call user-defined scripts or executables"); |
|
2557 |
+ } |
|
2551 | 2558 |
} |
2552 | 2559 |
|
2553 | 2560 |
static void |