From: Arne Schwabe <arne@rfc2549.org>
Date: Thu, 30 May 2013 13:27:08 +0000 (+0200)
Subject: Only print script warnings when a script is used. Remove stray mention of script... 
X-Git-Tag: v2.4_alpha1~560
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8476edbb1748e11de0e4fda8989c9e470285926b;p=thirdparty%2Fopenvpn.git

Only print script warnings when a script is used. Remove stray mention of script-security system.

Acked-by: Jan Just Keijser <janjust@nikhef.nl>
Message-Id: <1369920428-11350-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7625

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/common.h b/src/openvpn/common.h
index dd2c83f47..2f85bec2b 100644
--- a/src/openvpn/common.h
+++ b/src/openvpn/common.h
@@ -100,6 +100,6 @@ typedef unsigned long ptr_type;
 /*
  * Script security warning
  */
-#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info."
+#define SCRIPT_SECURITY_WARNING "WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info."
 
 #endif
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2a0ba8530..1dc7ee7db 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2542,12 +2542,19 @@ do_option_warnings (struct context *c)
     msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS");
 #endif
 
-  if (script_security >= SSEC_SCRIPTS)
-    msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
-  else if (script_security >= SSEC_PW_ENV)
-    msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
-  else
-    msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables");
+ /* Check if a script is used and print approiate warnings */
+ if (o->up_script || o->ipchange || o->down_script || o->route_script
+     || o->route_predown_script || o->auth_user_pass_verify_script
+     || o->client_disconnect_script || o->client_connect_script
+     || o->learn_address_script || o->tls_verify)
+   {
+     if (script_security >= SSEC_SCRIPTS)
+       msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
+     else if (script_security >= SSEC_PW_ENV)
+       msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
+     else
+       msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1+ requires '--script-security 2' or higher to call user-defined scripts or executables");
+   }
 }
 
 static void