From 51f7b8487b67dd5fbca3794b76919df878c03fb6 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Wed, 15 Oct 2008 08:20:21 +0000
Subject: Added additional warning messages about --script-security 2 or higher
 being required to execute user-defined scripts or executables.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3436 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 common.h | 5 +++++
 init.c   | 4 +++-
 misc.c   | 2 +-
 win32.c  | 2 +-
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/common.h b/common.h
index 844108f..7aa70a5 100644
--- a/common.h
+++ b/common.h
@@ -81,4 +81,9 @@ typedef unsigned long ptr_type;
 #define INLINE_FILE_TAG "[[INLINE]]"
 #endif
 
+/*
+ * Script security warning
+ */
+#define SCRIPT_SECURITY_WARNING "openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled.  See --help text for detailed info."
+
 #endif
diff --git a/init.c b/init.c
index 9686483..fc37ac0 100644
--- a/init.c
+++ b/init.c
@@ -1999,8 +1999,10 @@ do_option_warnings (struct context *c)
 
   if (script_security >= SSEC_SCRIPTS)
     msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
-  if (script_security >= SSEC_PW_ENV)
+  else if (script_security >= SSEC_PW_ENV)
     msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
+  else
+    msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
 }
 
 static void
diff --git a/misc.c b/misc.c
index d6a57c1..911e911 100644
--- a/misc.c
+++ b/misc.c
@@ -528,7 +528,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
 	}
       else
 	{
-	  msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+	  msg (M_WARN, SCRIPT_SECURITY_WARNING);
 	}
 #else
       msg (M_WARN, "openvpn_execve: execve function not available");
diff --git a/win32.c b/win32.c
index f427322..9272cb7 100644
--- a/win32.c
+++ b/win32.c
@@ -949,7 +949,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
 	}
       else
 	{
-	  msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+	  msg (M_WARN, SCRIPT_SECURITY_WARNING);
 	}
     }
   else
-- 
cgit v1.2.3