1831
1831
if (ce->proto == PROTO_TCPv4)
1832
1832
msg (M_USAGE, "--proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client");
1833
if (ce->proto == PROTO_TCPv6)
1834
msg (M_USAGE, "--proto tcp6 is ambiguous in this context. Please specify --proto tcp6-server or --proto tcp6-client");
1835
1837
* Sanity check on daemon/inetd modes
2728
2732
errs |= check_file_access (CHKACC_FILE, options->tmp_dir,
2729
2733
R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)");
2731
/* ** Script hooks that accept an optionally quoted and/or escaped executable path, ** */
2732
/* ** optionally followed by arguments ** */
2733
errs |= check_cmd_access (options->auth_user_pass_verify_script,
2734
"--auth-user-pass-verify script");
2735
errs |= check_cmd_access (options->client_connect_script,
2736
"--client-connect script");
2737
errs |= check_cmd_access (options->client_disconnect_script,
2738
"--client-disconnect script");
2739
errs |= check_cmd_access (options->tls_verify,
2740
"--tls-verify script");
2741
errs |= check_cmd_access (options->up_script,
2743
errs |= check_cmd_access (options->down_script,
2745
errs |= check_cmd_access (options->ipchange,
2746
"--ipchange script");
2747
errs |= check_cmd_access (options->route_script,
2748
"--route-up script");
2749
errs |= check_cmd_access (options->route_predown_script,
2750
"--route-pre-down script");
2751
errs |= check_cmd_access (options->learn_address_script,
2752
"--learn-address script");
2753
2735
#endif /* P2MP_SERVER */
4014
warn_multiple_script (const char *script, const char *type) {
4016
msg (M_WARN, "Multiple --%s scripts defined. "
4017
"The previously configured script is overridden.", type);
3996
set_user_script (struct options *options,
3997
const char **script,
3998
const char *new_script,
4002
msg (M_WARN, "Multiple --%s scripts defined. "
4003
"The previously configured script is overridden.", type);
4005
*script = new_script;
4006
options->user_script_used = true;
4008
#ifndef ENABLE_SMALL
4010
char script_name[100];
4011
openvpn_snprintf (script_name, sizeof(script_name),
4012
"--%s script", type);
4014
if (check_cmd_access (*script, script_name))
4015
msg (M_USAGE, "Please correct this error.");
4480
4479
VERIFY_PERMISSION (OPT_P_SCRIPT);
4481
4480
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
4483
warn_multiple_script (options->ipchange, "ipchange");
4484
options->ipchange = string_substitute (p[1], ',', ' ', &options->gc);
4482
set_user_script (options,
4484
string_substitute (p[1], ',', ' ', &options->gc),
4486
4487
else if (streq (p[0], "float"))
4527
4528
VERIFY_PERMISSION (OPT_P_SCRIPT);
4528
4529
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
4530
warn_multiple_script (options->up_script, "up");
4531
options->up_script = p[1];
4531
set_user_script (options, &options->up_script, p[1], "up");
4533
4533
else if (streq (p[0], "down") && p[1])
4535
4535
VERIFY_PERMISSION (OPT_P_SCRIPT);
4536
4536
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
4538
warn_multiple_script (options->down_script, "down");
4539
options->down_script = p[1];
4538
set_user_script (options, &options->down_script, p[1], "down");
4541
4540
else if (streq (p[0], "down-pre"))
5069
5068
#ifdef ENABLE_OCC
5070
5069
else if (streq (p[0], "explicit-exit-notify"))
5072
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
5073
/* VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY); */
5071
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION|OPT_P_EXPLICIT_NOTIFY);
5076
5074
options->ce.explicit_exit_notification = positive_atoi (p[1]);
5218
5216
VERIFY_PERMISSION (OPT_P_SCRIPT);
5219
5217
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
5221
warn_multiple_script (options->route_script, "route-up");
5222
options->route_script = p[1];
5219
set_user_script (options, &options->route_script, p[1], "route-up");
5224
5221
else if (streq (p[0], "route-pre-down") && p[1])
5226
5223
VERIFY_PERMISSION (OPT_P_SCRIPT);
5227
5224
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
5229
warn_multiple_script (options->route_predown_script, "route-pre-down");
5230
options->route_predown_script = p[1];
5226
set_user_script (options,
5227
&options->route_predown_script,
5232
5231
else if (streq (p[0], "route-noexec"))
5594
5593
msg (msglevel, "--auth-user-pass-verify requires a second parameter ('via-env' or 'via-file')");
5597
warn_multiple_script (options->auth_user_pass_verify_script, "auth-user-pass-verify");
5598
options->auth_user_pass_verify_script = p[1];
5596
set_user_script (options,
5597
&options->auth_user_pass_verify_script,
5598
p[1], "auth-user-pass-verify");
5600
5600
else if (streq (p[0], "client-connect") && p[1])
5602
5602
VERIFY_PERMISSION (OPT_P_SCRIPT);
5603
5603
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
5605
warn_multiple_script (options->client_connect_script, "client-connect");
5606
options->client_connect_script = p[1];
5605
set_user_script (options, &options->client_connect_script,
5606
p[1], "client-connect");
5608
5608
else if (streq (p[0], "client-disconnect") && p[1])
5610
5610
VERIFY_PERMISSION (OPT_P_SCRIPT);
5611
5611
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
5613
warn_multiple_script (options->client_disconnect_script, "client-disconnect");
5614
options->client_disconnect_script = p[1];
5613
set_user_script (options, &options->client_disconnect_script,
5614
p[1], "client-disconnect");
5616
5616
else if (streq (p[0], "learn-address") && p[1])
5618
5618
VERIFY_PERMISSION (OPT_P_SCRIPT);
5619
5619
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
5621
warn_multiple_script (options->learn_address_script, "learn-address");
5622
options->learn_address_script = p[1];
5621
set_user_script (options, &options->learn_address_script,
5622
p[1], "learn-address");
5624
5624
else if (streq (p[0], "tmp-dir") && p[1])
6521
6521
VERIFY_PERMISSION (OPT_P_SCRIPT);
6522
6522
if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
6524
warn_multiple_script (options->tls_verify, "tls-verify");
6525
options->tls_verify = string_substitute (p[1], ',', ' ', &options->gc);
6524
set_user_script (options, &options->tls_verify,
6525
string_substitute (p[1], ',', ' ', &options->gc),
6527
6528
#ifndef ENABLE_CRYPTO_POLARSSL
6528
6529
else if (streq (p[0], "tls-export-cert") && p[1])