[Openvpn-devel,v2] Make up/down script errors not FATAL

Message ID	1530633509-4959-1-git-send-email-selva.nair@gmail.com
State	Superseded
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 3 Jul 2018 11:58:29 -0400 Message-Id: <1530633509-4959-1-git-send-email-selva.nair@gmail.com> In-Reply-To: <1530581086-7825-1-git-send-email-selva.nair@gmail.com> References: <1530581086-7825-1-git-send-email-selva.nair@gmail.com> RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.214.52 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [209.85.214.52 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 1.2 AWL AWL: Adjusted score from AWL reputation of From: address Subject: [Openvpn-devel] [PATCH v2] Make up/down script errors not FATAL Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel,v2] Make up/down script errors not FATAL \| expand [Openvpn-devel,v2] Make up/down script errors not FATAL

Message ID

1530633509-4959-1-git-send-email-selva.nair@gmail.com

State

Superseded

Headers

From: selva.nair@gmail.com
To: openvpn-devel@lists.sourceforge.net
Date: Tue,  3 Jul 2018 11:58:29 -0400
Message-Id: <1530633509-4959-1-git-send-email-selva.nair@gmail.com>
In-Reply-To: <1530581086-7825-1-git-send-email-selva.nair@gmail.com>
References: <1530581086-7825-1-git-send-email-selva.nair@gmail.com>
Subject: [Openvpn-devel] [PATCH v2] Make up/down script errors not FATAL
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel,v2] Make up/down script errors not FATAL | expand

Commit Message

Selva Nair July 3, 2018, 5:58 a.m. UTC

From: Selva Nair <selva.nair@gmail.com>

Treat the error as not FATAL only if its triggered due
to script_security < SSEC_SCRIPTS.

This helps user interfaces enforce a safer script-security setting
without causing a FATAL error.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
v2 changes:
- Have script errors continue to trigger a FATAL error.
- Update the commit message to match this change.

 src/openvpn/init.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index b748357..074a2d3 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -168,13 +168,14 @@  run_up_down(const char *command,
     if (command)
     {
         struct argv argv = argv_new();
+        int flags = (script_security >= SSEC_SCRIPTS)? S_FATAL : 0;
         ASSERT(arg);
         setenv_str(es, "script_type", script_type);
         argv_parse_cmd(&argv, command);
         argv_printf_cat(&argv, "%s %d %d %s %s %s", arg, tun_mtu, link_mtu,
                         ifconfig_local, ifconfig_remote, context);
         argv_msg(M_INFO, &argv);
-        openvpn_run_script(&argv, es, S_FATAL, "--up/--down");
+        openvpn_run_script(&argv, es, flags, "--up/--down");
         argv_reset(&argv);
     }

[Openvpn-devel,v2] Make up/down script errors not FATAL

Commit Message

Patch