It is not recommended to use --management on a TCP port without also
adding a password authentication, as this can easily be abused by other
users or processes being able to connect to the managmement interface.
Thus issue a warning that this configuration is strongly discouraged.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20180228131918.12954-3-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16574.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
{
msg(M_USAGE, "--management-client-(user|group) can only be used on unix domain sockets");
}
+
+ if (!(options->management_flags & MF_UNIX_SOCK)
+ && (!options->management_user_pass))
+ {
+ msg(M_WARN, "WARNING: Using --management on a TCP port WITHOUT "
+ "passwords is STRONGLY discouraged and considered insecure");
+ }
+
#endif
/*