aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-10-15 08:20:21 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-10-15 08:20:21 +0000
commit51f7b8487b67dd5fbca3794b76919df878c03fb6 (patch)
tree9ec24dddc2711bd69e1c2cc5dd2fda2ae5f02055
parentAdded AC_GNU_SOURCE to configure.ac to enable struct ucred, (diff)
downloadopenvpn-51f7b8487b67dd5fbca3794b76919df878c03fb6.tar.xz
Added additional warning messages about --script-security 2
or higher being required to execute user-defined scripts or executables. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3436 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--common.h5
-rw-r--r--init.c4
-rw-r--r--misc.c2
-rw-r--r--win32.c2
4 files changed, 10 insertions, 3 deletions
diff --git a/common.h b/common.h
index 844108f..7aa70a5 100644
--- a/common.h
+++ b/common.h
@@ -81,4 +81,9 @@ typedef unsigned long ptr_type;
#define INLINE_FILE_TAG "[[INLINE]]"
#endif
+/*
+ * Script security warning
+ */
+#define SCRIPT_SECURITY_WARNING "openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled. See --help text for detailed info."
+
#endif
diff --git a/init.c b/init.c
index 9686483..fc37ac0 100644
--- a/init.c
+++ b/init.c
@@ -1999,8 +1999,10 @@ do_option_warnings (struct context *c)
if (script_security >= SSEC_SCRIPTS)
msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
- if (script_security >= SSEC_PW_ENV)
+ else if (script_security >= SSEC_PW_ENV)
msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
+ else
+ msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
}
static void
diff --git a/misc.c b/misc.c
index d6a57c1..911e911 100644
--- a/misc.c
+++ b/misc.c
@@ -528,7 +528,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
}
else
{
- msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+ msg (M_WARN, SCRIPT_SECURITY_WARNING);
}
#else
msg (M_WARN, "openvpn_execve: execve function not available");
diff --git a/win32.c b/win32.c
index f427322..9272cb7 100644
--- a/win32.c
+++ b/win32.c
@@ -949,7 +949,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
}
else
{
- msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+ msg (M_WARN, SCRIPT_SECURITY_WARNING);
}
}
else