diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2013-05-30 23:02:17 +0200 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2013-05-31 10:05:09 +0200 |
| commit | 05afd0b295a3e56c88b8ee0521d1b6dfb9c19d79 (patch) | |
| tree | bbaeadc593993f080ffff93688bf5f9b714f2c17 /src/openvpn/options.c | |
| parent | 8df20e540fd52077107b164a7c6ab9f1f2eca43f (diff) | |
| download | openvpn-05afd0b295a3e56c88b8ee0521d1b6dfb9c19d79.tar.gz openvpn-05afd0b295a3e56c88b8ee0521d1b6dfb9c19d79.tar.xz openvpn-05afd0b295a3e56c88b8ee0521d1b6dfb9c19d79.zip | |
Move checking of script file access into set_user_script
At the moment script are only checked if P2MP_SERVER is defined. For
CLIENT_ONLY openvpn script were never checked.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1369947737-26081-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7635
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e55681a9d802bf1639115d325c1685e5962865d0)
Diffstat (limited to 'src/openvpn/options.c')
| -rw-r--r-- | src/openvpn/options.c | 33 |
1 files changed, 11 insertions, 22 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 90d0971..23af272 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2732,28 +2732,6 @@ options_postprocess_filechecks (struct options *options) errs |= check_file_access (CHKACC_FILE, options->tmp_dir, R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)"); - /* ** Script hooks that accept an optionally quoted and/or escaped executable path, ** */ - /* ** optionally followed by arguments ** */ - errs |= check_cmd_access (options->auth_user_pass_verify_script, - "--auth-user-pass-verify script"); - errs |= check_cmd_access (options->client_connect_script, - "--client-connect script"); - errs |= check_cmd_access (options->client_disconnect_script, - "--client-disconnect script"); - errs |= check_cmd_access (options->tls_verify, - "--tls-verify script"); - errs |= check_cmd_access (options->up_script, - "--up script"); - errs |= check_cmd_access (options->down_script, - "--down script"); - errs |= check_cmd_access (options->ipchange, - "--ipchange script"); - errs |= check_cmd_access (options->route_script, - "--route-up script"); - errs |= check_cmd_access (options->route_predown_script, - "--route-pre-down script"); - errs |= check_cmd_access (options->learn_address_script, - "--learn-address script"); #endif /* P2MP_SERVER */ if (errs) @@ -4026,6 +4004,17 @@ set_user_script (struct options *options, } *script = new_script; options->user_script_used = true; + +#ifndef ENABLE_SMALL + { + char script_name[100]; + openvpn_snprintf (script_name, sizeof(script_name), + "--%s script", type); + + if (check_cmd_access (*script, script_name)) + msg (M_USAGE, "Please correct this error."); + } +#endif } |