/*
* Script security warning
*/
-#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info."
+#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info."
#endif
msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS");
#endif
- if (script_security >= SSEC_SCRIPTS)
- msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
- else if (script_security >= SSEC_PW_ENV)
- msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
- else
- msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
+ /* Check if a script is used and print approiate warnings */
+ if (o->up_script || o->ipchange || o->down_script || o->route_script
+ || o->route_predown_script || o->auth_user_pass_verify_script
+ || o->client_disconnect_script || o->client_connect_script
+ || o->learn_address_script || o->tls_verify)
+ {
+ if (script_security >= SSEC_SCRIPTS)
+ msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
+ else if (script_security >= SSEC_PW_ENV)
+ msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
+ else
+ msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1+ requires '--script-security 2' or higher to call user-defined scripts or executables");
+ }
}
static void
projects / thirdparty / openvpn.git / commitdiff
