Browse code
Move checking of script file access into set_user_script
At the moment script are only checked if P2MP_SERVER is defined. For
CLIENT_ONLY openvpn script were never checked.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1369947737-26081-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7635
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2013/05/31 06:02:17Showing 1 changed files
| ... | ... |
@@ -2745,28 +2745,6 @@ options_postprocess_filechecks (struct options *options) |
| 2745 | 2745 |
errs |= check_file_access (CHKACC_FILE, options->tmp_dir, |
| 2746 | 2746 |
R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)"); |
| 2747 | 2747 |
|
| 2748 |
- /* ** Script hooks that accept an optionally quoted and/or escaped executable path, ** */ |
|
| 2749 |
- /* ** optionally followed by arguments ** */ |
|
| 2750 |
- errs |= check_cmd_access (options->auth_user_pass_verify_script, |
|
| 2751 |
- "--auth-user-pass-verify script"); |
|
| 2752 |
- errs |= check_cmd_access (options->client_connect_script, |
|
| 2753 |
- "--client-connect script"); |
|
| 2754 |
- errs |= check_cmd_access (options->client_disconnect_script, |
|
| 2755 |
- "--client-disconnect script"); |
|
| 2756 |
- errs |= check_cmd_access (options->tls_verify, |
|
| 2757 |
- "--tls-verify script"); |
|
| 2758 |
- errs |= check_cmd_access (options->up_script, |
|
| 2759 |
- "--up script"); |
|
| 2760 |
- errs |= check_cmd_access (options->down_script, |
|
| 2761 |
- "--down script"); |
|
| 2762 |
- errs |= check_cmd_access (options->ipchange, |
|
| 2763 |
- "--ipchange script"); |
|
| 2764 |
- errs |= check_cmd_access (options->route_script, |
|
| 2765 |
- "--route-up script"); |
|
| 2766 |
- errs |= check_cmd_access (options->route_predown_script, |
|
| 2767 |
- "--route-pre-down script"); |
|
| 2768 |
- errs |= check_cmd_access (options->learn_address_script, |
|
| 2769 |
- "--learn-address script"); |
|
| 2770 | 2748 |
#endif /* P2MP_SERVER */ |
| 2771 | 2749 |
|
| 2772 | 2750 |
if (errs) |
| ... | ... |
@@ -4037,6 +4015,17 @@ set_user_script (struct options *options, |
| 4037 | 4037 |
} |
| 4038 | 4038 |
*script = new_script; |
| 4039 | 4039 |
options->user_script_used = true; |
| 4040 |
+ |
|
| 4041 |
+#ifndef ENABLE_SMALL |
|
| 4042 |
+ {
|
|
| 4043 |
+ char script_name[100]; |
|
| 4044 |
+ openvpn_snprintf (script_name, sizeof(script_name), |
|
| 4045 |
+ "--%s script", type); |
|
| 4046 |
+ |
|
| 4047 |
+ if (check_cmd_access (*script, script_name)) |
|
| 4048 |
+ msg (M_USAGE, "Please correct this error."); |
|
| 4049 |
+ } |
|
| 4050 |
+#endif |
|
| 4040 | 4051 |
} |
| 4041 | 4052 |
|
| 4042 | 4053 |
|