Ticket #538: openvpn-2.4.2-pkcs11_pin_prompt.patch

File openvpn-2.4.2-pkcs11_pin_prompt.patch, 1.4 KB (added by naf, 7 years ago)

Another patch, to use query_user_exec_builtin() for PKCS11 PIN prompt only.

  • ./src/openvpn/console.h

    Dirty fix for the OpenVPN #538 "no PIN prompt with PKCS11 when systemd is enabled" bug
    https://community.openvpn.net/openvpn/ticket/538
    
    query_user_SINGLE(char *prompt, size_t prompt_len, 
    117117    return query_user_exec();
    118118}
    119119
     120/* A plain "make Gert happy" wrapper over built-in user querying method.
     121 * Same arguments as @query_user_add
     122 *
     123 * Allows to use built-in method for PKCS11 PIN prompt regardless of
     124 * the systemd support status and presence,
     125 * see https://community.openvpn.net/openvpn/ticket/538 for details.
     126*/
     127static inline bool
     128query_user_builtin_SINGLE(char *prompt, size_t prompt_len,
     129                  char *resp, size_t resp_len,
     130                  bool echo)
     131{
     132    query_user_clear();
     133    query_user_add(prompt, prompt_len, resp, resp_len, echo);
     134    return query_user_exec_builtin();
     135}
     136
    120137#endif /* ifndef CONSOLE_H */
  • ./src/openvpn/pkcs11.c

    _pkcs11_openvpn_show_pkcs11_ids_pin_prompt( 
    814814    ASSERT(token!=NULL);
    815815
    816816    buf_printf(&pass_prompt, "Please enter '%s' token PIN or 'cancel': ", token->display);
    817     if (!query_user_SINGLE(BSTR(&pass_prompt), BLEN(&pass_prompt),
     817    if (!query_user_builtin_SINGLE(BSTR(&pass_prompt), BLEN(&pass_prompt),
    818818                           pin, pin_max, false))
    819819    {
    820820        msg(M_FATAL, "Could not retrieve the PIN");