From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Wed, 15 Oct 2008 08:20:21 +0000 (+0000)
Subject: Added additional warning messages about --script-security 2
X-Git-Tag: v2.1_rc14~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51f7b8487b67dd5fbca3794b76919df878c03fb6;p=thirdparty%2Fopenvpn.git

Added additional warning messages about --script-security 2
or higher being required to execute user-defined scripts or
executables.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3436 e7ae566f-a301-0410-adde-c780ea21d3b5
---

diff --git a/common.h b/common.h
index 844108f0d..7aa70a5d5 100644
--- a/common.h
+++ b/common.h
@@ -81,4 +81,9 @@ typedef unsigned long ptr_type;
 #define INLINE_FILE_TAG "[[INLINE]]"
 #endif
 
+/*
+ * Script security warning
+ */
+#define SCRIPT_SECURITY_WARNING "openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled.  See --help text for detailed info."
+
 #endif
diff --git a/init.c b/init.c
index 968648391..fc37ac041 100644
--- a/init.c
+++ b/init.c
@@ -1999,8 +1999,10 @@ do_option_warnings (struct context *c)
 
   if (script_security >= SSEC_SCRIPTS)
     msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
-  if (script_security >= SSEC_PW_ENV)
+  else if (script_security >= SSEC_PW_ENV)
     msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
+  else
+    msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
 }
 
 static void
diff --git a/misc.c b/misc.c
index d6a57c184..911e91116 100644
--- a/misc.c
+++ b/misc.c
@@ -528,7 +528,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
 	}
       else
 	{
-	  msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+	  msg (M_WARN, SCRIPT_SECURITY_WARNING);
 	}
 #else
       msg (M_WARN, "openvpn_execve: execve function not available");
diff --git a/win32.c b/win32.c
index f42732212..9272cb7e1 100644
--- a/win32.c
+++ b/win32.c
@@ -949,7 +949,7 @@ openvpn_execve (const struct argv *a, const struct env_set *es, const unsigned i
 	}
       else
 	{
-	  msg (M_WARN, "openvpn_execve: external program may not be called due to setting of --script-security level");
+	  msg (M_WARN, SCRIPT_SECURITY_WARNING);
 	}
     }
   else