From: Selva Nair <selva.nair@gmail.com>
Date: Tue, 22 Jan 2019 15:50:32 +0000 (-0500)
Subject: White-list pull-filter and script-security in interactive service
X-Git-Tag: v2.4.7~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8190ecb33f8949f1b881c1cd240e8c1ea4fe144;p=thirdparty%2Fopenvpn.git

White-list pull-filter and script-security in interactive service

This allows the Windows GUI to use these options on the command
line without triggering user authorization errors.

Useful for
(i) ignoring certain pushed options such as "route-method" which
could otherwise bypass the interactive service
(ii) enforcing a safer script-security setting from the GUI

See also:
https://github.com/OpenVPN/openvpn-gui/issues/235#issuecomment-456142928

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1548172232-11268-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18154.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 0d94d433438f239ff7cf0749f765a503c698f5e8)
---

diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c
index 653bd12c5..d35938cf0 100644
--- a/src/openvpnserv/validate.c
+++ b/src/openvpnserv/validate.c
@@ -44,6 +44,8 @@ static const WCHAR *white_list[] =
     L"setenv",
     L"service",
     L"verb",
+    L"pull-filter",
+    L"script-security",
 
     NULL                                /* last value */
 };