[Openvpn-devel,v2] Make up/down script errors not FATAL

Message ID 1530633509-4959-1-git-send-email-selva.nair@gmail.com
State Superseded
Headers show
Series [Openvpn-devel,v2] Make up/down script errors not FATAL | expand

Commit Message

Selva Nair July 3, 2018, 5:58 a.m. UTC
From: Selva Nair <selva.nair@gmail.com>

Treat the error as not FATAL only if its triggered due
to script_security < SSEC_SCRIPTS.

This helps user interfaces enforce a safer script-security setting
without causing a FATAL error.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
v2 changes:
- Have script errors continue to trigger a FATAL error.
- Update the commit message to match this change.

 src/openvpn/init.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index b748357..074a2d3 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -168,13 +168,14 @@  run_up_down(const char *command,
     if (command)
         struct argv argv = argv_new();
+        int flags = (script_security >= SSEC_SCRIPTS)? S_FATAL : 0;
         setenv_str(es, "script_type", script_type);
         argv_parse_cmd(&argv, command);
         argv_printf_cat(&argv, "%s %d %d %s %s %s", arg, tun_mtu, link_mtu,
                         ifconfig_local, ifconfig_remote, context);
         argv_msg(M_INFO, &argv);
-        openvpn_run_script(&argv, es, S_FATAL, "--up/--down");
+        openvpn_run_script(&argv, es, flags, "--up/--down");