diff options
author | Arne Schwabe | 2013-05-30 22:26:43 +0200 |
---|---|---|
committer | Gert Doering | 2013-05-31 10:04:43 +0200 |
commit | 8df20e540fd52077107b164a7c6ab9f1f2eca43f (patch) | |
tree | 3ef05aa84c1fd22305ef4daba1abb42a8fa96f62 | |
parent | 5957218690ceb9d70de63d048f86c241a44e8b48 (diff) | |
download | openvpn-8df20e540fd52077107b164a7c6ab9f1f2eca43f.zip openvpn-8df20e540fd52077107b164a7c6ab9f1f2eca43f.tar.gz |
Move settings of user script into set_user_script function
This also fixes commit 567bfc06d051b60e9cdca1f5bb468631b899682a if not all
script options are available by setting options->user_script_used
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1369945603-17169-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7634
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 9b6a5028111cd915b0342fbd2ecd0b9dfd4aa94a)
-rw-r--r-- | src/openvpn/init.c | 7 | ||||
-rw-r--r-- | src/openvpn/options.c | 59 | ||||
-rw-r--r-- | src/openvpn/options.h | 1 |
3 files changed, 37 insertions, 30 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index ba1fdce..2420216 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2486,11 +2486,8 @@ do_option_warnings (struct context *c) msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS"); #endif - /* Check if a script is used and print approiate warnings */ - if (o->up_script || o->ipchange || o->down_script || o->route_script - || o->route_predown_script || o->auth_user_pass_verify_script - || o->client_disconnect_script || o->client_connect_script - || o->learn_address_script || o->tls_verify) + /* If a script is used, print appropiate warnings */ + if (o->user_script_used) { if (script_security >= SSEC_SCRIPTS) msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 8b67dcb..90d0971 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -4015,11 +4015,17 @@ msglevel_forward_compatible (struct options *options, const int msglevel) } static void -warn_multiple_script (const char *script, const char *type) { - if (script) { - msg (M_WARN, "Multiple --%s scripts defined. " - "The previously configured script is overridden.", type); - } +set_user_script (struct options *options, + const char **script, + const char *new_script, + const char *type) +{ + if (*script) { + msg (M_WARN, "Multiple --%s scripts defined. " + "The previously configured script is overridden.", type); + } + *script = new_script; + options->user_script_used = true; } @@ -4484,8 +4490,10 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->ipchange, "ipchange"); - options->ipchange = string_substitute (p[1], ',', ' ', &options->gc); + set_user_script (options, + &options->ipchange, + string_substitute (p[1], ',', ' ', &options->gc), + "ipchange"); } else if (streq (p[0], "float")) { @@ -4531,16 +4539,14 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->up_script, "up"); - options->up_script = p[1]; + set_user_script (options, &options->up_script, p[1], "up"); } else if (streq (p[0], "down") && p[1]) { VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->down_script, "down"); - options->down_script = p[1]; + set_user_script (options, &options->down_script, p[1], "down"); } else if (streq (p[0], "down-pre")) { @@ -5221,16 +5227,17 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->route_script, "route-up"); - options->route_script = p[1]; + set_user_script (options, &options->route_script, p[1], "route-up"); } else if (streq (p[0], "route-pre-down") && p[1]) { VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->route_predown_script, "route-pre-down"); - options->route_predown_script = p[1]; + set_user_script (options, + &options->route_predown_script, + p[1], + "route-pre-down"); } else if (streq (p[0], "route-noexec")) { @@ -5597,32 +5604,33 @@ add_option (struct options *options, msg (msglevel, "--auth-user-pass-verify requires a second parameter ('via-env' or 'via-file')"); goto err; } - warn_multiple_script (options->auth_user_pass_verify_script, "auth-user-pass-verify"); - options->auth_user_pass_verify_script = p[1]; + set_user_script (options, + &options->auth_user_pass_verify_script, + p[1], "auth-user-pass-verify"); } else if (streq (p[0], "client-connect") && p[1]) { VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->client_connect_script, "client-connect"); - options->client_connect_script = p[1]; + set_user_script (options, &options->client_connect_script, + p[1], "client-connect"); } else if (streq (p[0], "client-disconnect") && p[1]) { VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->client_disconnect_script, "client-disconnect"); - options->client_disconnect_script = p[1]; + set_user_script (options, &options->client_disconnect_script, + p[1], "client-disconnect"); } else if (streq (p[0], "learn-address") && p[1]) { VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->learn_address_script, "learn-address"); - options->learn_address_script = p[1]; + set_user_script (options, &options->learn_address_script, + p[1], "learn-address"); } else if (streq (p[0], "tmp-dir") && p[1]) { @@ -6510,8 +6518,9 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_SCRIPT); if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT)) goto err; - warn_multiple_script (options->tls_verify, "tls-verify"); - options->tls_verify = string_substitute (p[1], ',', ' ', &options->gc); + set_user_script (options, &options->tls_verify, + string_substitute (p[1], ',', ' ', &options->gc), + "tls-verify"); } #ifndef ENABLE_CRYPTO_POLARSSL else if (streq (p[0], "tls-export-cert") && p[1]) diff --git a/src/openvpn/options.h b/src/openvpn/options.h index d2ad94c..f80532c 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -285,6 +285,7 @@ struct options const char *writepid; const char *up_script; const char *down_script; + bool user_script_used; bool down_pre; bool up_delay; bool up_restart; |