git.ipfire.org Git - thirdparty/openvpn.git/commit

author	David Sommerseth <dazo@users.sourceforge.net>
	Thu, 29 Apr 2010 21:35:45 +0000 (23:35 +0200)
committer	David Sommerseth <dazo@users.sourceforge.net>
	Thu, 29 Apr 2010 21:35:45 +0000 (23:35 +0200)
commit	339f2a4d4b487afa53fa99d72c35b16f31e417d3
tree	f4a6440c1755d04935f8b0ed9c15e0a3e147d270	tree
parent	8dd2672d72508e9edec3d24b75e698b2669d7623	commit \| diff

Revamped the script-security warning logging (version 2)

The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING
over and over again, in addition to not show this warning when it should not
be a problem.  This general warning should now only appear once, and only when
--script-security is not set, 0 or 1.  In all other cases this warning should
not appear.

In addition, this warning will come close to the script-hook which most probably
will fail.  It will also give a little bit more concrete hint on which script-hook
which failed.  If --script-security is 2 or 3, only the execve failure itself will
be shown.  This message will on the other hand be shown repeatedly.

This is a new rewritten version which simplifies the implementaion of the new
openvpn_run_script() function.  It was considered to remove it completely, but
due to code clearity and easy of use it was decided to make this function a static
inline function instead.  Anyhow, this function will enforce openvpn_execve_check()
to be called with the S_SCRIPT flag.

Patch ACKed on the developers meeting 2009-04-29.

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: James Yonan <james@openvpn.net>

common.h		diff \| blob \| blame \| history
init.c		diff \| blob \| blame \| history
misc.c		diff \| blob \| blame \| history
misc.h		diff \| blob \| blame \| history
multi.c		diff \| blob \| blame \| history
socket.c		diff \| blob \| blame \| history
ssl.c		diff \| blob \| blame \| history
win32.c		diff \| blob \| blame \| history