From: Selva Nair <selva.nair@gmail.com>
Date: Tue, 22 Jan 2019 15:50:32 +0000 (-0500)
Subject: White-list pull-filter and script-security in interactive service
X-Git-Tag: v2.5_beta1~349
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d94d433438f239ff7cf0749f765a503c698f5e8;p=thirdparty%2Fopenvpn.git

White-list pull-filter and script-security in interactive service

This allows the Windows GUI to use these options on the command
line without triggering user authorization errors.

Useful for
(i) ignoring certain pushed options such as "route-method" which
could otherwise bypass the interactive service
(ii) enforcing a safer script-security setting from the GUI

See also:
https://github.com/OpenVPN/openvpn-gui/issues/235#issuecomment-456142928

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1548172232-11268-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18154.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c
index 9e1d7d2de..9b017700e 100644
--- a/src/openvpnserv/validate.c
+++ b/src/openvpnserv/validate.c
@@ -44,6 +44,8 @@ static const WCHAR *white_list[] =
     L"setenv",
     L"service",
     L"verb",
+    L"pull-filter",
+    L"script-security",
 
     NULL                                /* last value */
 };