At the moment script are only checked if P2MP_SERVER is defined. For
CLIENT_ONLY openvpn script were never checked.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1369947737-26081-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7635
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -2745,28 +2745,6 @@ options_postprocess_filechecks (struct options *options) |
2745 | 2745 |
errs |= check_file_access (CHKACC_FILE, options->tmp_dir, |
2746 | 2746 |
R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)"); |
2747 | 2747 |
|
2748 |
- /* ** Script hooks that accept an optionally quoted and/or escaped executable path, ** */ |
|
2749 |
- /* ** optionally followed by arguments ** */ |
|
2750 |
- errs |= check_cmd_access (options->auth_user_pass_verify_script, |
|
2751 |
- "--auth-user-pass-verify script"); |
|
2752 |
- errs |= check_cmd_access (options->client_connect_script, |
|
2753 |
- "--client-connect script"); |
|
2754 |
- errs |= check_cmd_access (options->client_disconnect_script, |
|
2755 |
- "--client-disconnect script"); |
|
2756 |
- errs |= check_cmd_access (options->tls_verify, |
|
2757 |
- "--tls-verify script"); |
|
2758 |
- errs |= check_cmd_access (options->up_script, |
|
2759 |
- "--up script"); |
|
2760 |
- errs |= check_cmd_access (options->down_script, |
|
2761 |
- "--down script"); |
|
2762 |
- errs |= check_cmd_access (options->ipchange, |
|
2763 |
- "--ipchange script"); |
|
2764 |
- errs |= check_cmd_access (options->route_script, |
|
2765 |
- "--route-up script"); |
|
2766 |
- errs |= check_cmd_access (options->route_predown_script, |
|
2767 |
- "--route-pre-down script"); |
|
2768 |
- errs |= check_cmd_access (options->learn_address_script, |
|
2769 |
- "--learn-address script"); |
|
2770 | 2748 |
#endif /* P2MP_SERVER */ |
2771 | 2749 |
|
2772 | 2750 |
if (errs) |
... | ... |
@@ -4037,6 +4015,17 @@ set_user_script (struct options *options, |
4037 | 4037 |
} |
4038 | 4038 |
*script = new_script; |
4039 | 4039 |
options->user_script_used = true; |
4040 |
+ |
|
4041 |
+#ifndef ENABLE_SMALL |
|
4042 |
+ { |
|
4043 |
+ char script_name[100]; |
|
4044 |
+ openvpn_snprintf (script_name, sizeof(script_name), |
|
4045 |
+ "--%s script", type); |
|
4046 |
+ |
|
4047 |
+ if (check_cmd_access (*script, script_name)) |
|
4048 |
+ msg (M_USAGE, "Please correct this error."); |
|
4049 |
+ } |
|
4050 |
+#endif |
|
4040 | 4051 |
} |
4041 | 4052 |
|
4042 | 4053 |
|