From b1243d8e937f185aefccfea1bd1c92ba419e629e Mon Sep 17 00:00:00 2001
From: Gert Doering <gert@greenie.muc.de>
Date: Wed, 9 Dec 2015 20:51:40 +0100
Subject: [PATCH] Fix isatty() check for good.
Commit 079e5b9c13 introduced a check to see if we --daemon'ized before
trying to ask for a password (which would then fail with a non-intuitive
error), breaking querying systemd under certain conditions.
Move check from get_user_pass_cr() to get_console_input() and make it
"full featured" by not only checking isatty() for stdin/stderr but also
trying to open /dev/tty in case we still have a controlling tty - which
is what getpass() does under the hood, so if either of this works, we're
fine.
Trac #618 and #630
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
src/openvpn/console.c | 13 +++++++++++++
src/openvpn/misc.c | 6 ------
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/openvpn/console.c b/src/openvpn/console.c
index d66d408..e1d46c4 100644
a
|
b
|
get_console_input (const char *prompt, const bool echo, char *input, const int c |
208 | 208 | #if defined(WIN32) |
209 | 209 | return get_console_input_win32 (prompt, echo, input, capacity); |
210 | 210 | #elif defined(HAVE_GETPASS) |
| 211 | |
| 212 | /* did we --daemon'ize before asking for passwords? |
| 213 | * (in which case neither stdin or stderr are connected to a tty and |
| 214 | * /dev/tty can not be open()ed anymore) |
| 215 | */ |
| 216 | if ( !isatty(0) && !isatty(2) ) |
| 217 | { |
| 218 | int fd = open( "/dev/tty", O_RDWR ); |
| 219 | if ( fd < 0 ) |
| 220 | { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); } |
| 221 | close(fd); |
| 222 | } |
| 223 | |
211 | 224 | if (echo) |
212 | 225 | { |
213 | 226 | FILE *fp; |
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 5713d2e..bc411bf 100644
a
|
b
|
get_user_pass_cr (struct user_pass *up, |
1137 | 1137 | */ |
1138 | 1138 | if (username_from_stdin || password_from_stdin) |
1139 | 1139 | { |
1140 | | #ifndef WIN32 |
1141 | | /* did we --daemon'ize before asking for passwords? */ |
1142 | | if ( !isatty(0) && !isatty(2) ) |
1143 | | { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); } |
1144 | | #endif |
1145 | | |
1146 | 1140 | #ifdef ENABLE_CLIENT_CR |
1147 | 1141 | if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE)) |
1148 | 1142 | { |