From c2533d18ce6da1bd43502f9f2923541c578864e9 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 29 Apr 2010 23:35:45 +0200 Subject: Revamped the script-security warning logging (version 2) The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING over and over again, in addition to not show this warning when it should not be a problem. This general warning should now only appear once, and only when --script-security is not set, 0 or 1. In all other cases this warning should not appear. In addition, this warning will come close to the script-hook which most probably will fail. It will also give a little bit more concrete hint on which script-hook which failed. If --script-security is 2 or 3, only the execve failure itself will be shown. This message will on the other hand be shown repeatedly. This is a new rewritten version which simplifies the implementaion of the new openvpn_run_script() function. It was considered to remove it completely, but due to code clearity and easy of use it was decided to make this function a static inline function instead. Anyhow, this function will enforce openvpn_execve_check() to be called with the S_SCRIPT flag. Patch ACKed on the developers meeting 2009-04-29. Signed-off-by: David Sommerseth Acked-by: James Yonan --- ssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ssl.c') diff --git a/ssl.c b/ssl.c index 5e7debe..71d1f34 100644 --- a/ssl.c +++ b/ssl.c @@ -983,7 +983,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) ctx->error_depth, subject); argv_msg_prefix (D_TLS_DEBUG, &argv, "TLS: executing verify command"); - ret = openvpn_execve (&argv, opt->es, S_SCRIPT); + ret = openvpn_run_script (&argv, opt->es, 0, "--tls-verify script"); if (opt->verify_export_cert) { @@ -3344,7 +3344,7 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up argv_printf (&argv, "%sc %s", session->opt->auth_user_pass_verify_script, tmp_file); /* call command */ - retval = openvpn_execve (&argv, session->opt->es, S_SCRIPT); + retval = openvpn_run_script (&argv, session->opt->es, 0, "--auth-user-pass-verify"); /* test return status of command */ if (system_ok (retval)) -- cgit