From c2533d18ce6da1bd43502f9f2923541c578864e9 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 29 Apr 2010 23:35:45 +0200 Subject: Revamped the script-security warning logging (version 2) The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING over and over again, in addition to not show this warning when it should not be a problem. This general warning should now only appear once, and only when --script-security is not set, 0 or 1. In all other cases this warning should not appear. In addition, this warning will come close to the script-hook which most probably will fail. It will also give a little bit more concrete hint on which script-hook which failed. If --script-security is 2 or 3, only the execve failure itself will be shown. This message will on the other hand be shown repeatedly. This is a new rewritten version which simplifies the implementaion of the new openvpn_run_script() function. It was considered to remove it completely, but due to code clearity and easy of use it was decided to make this function a static inline function instead. Anyhow, this function will enforce openvpn_execve_check() to be called with the S_SCRIPT flag. Patch ACKed on the developers meeting 2009-04-29. Signed-off-by: David Sommerseth Acked-by: James Yonan --- common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'common.h') diff --git a/common.h b/common.h index 5548f7c..ff3a0d5 100644 --- a/common.h +++ b/common.h @@ -97,6 +97,6 @@ typedef unsigned long ptr_type; /* * Script security warning */ -#define SCRIPT_SECURITY_WARNING "openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info." +#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info." #endif -- cgit v1.2.3