Ticket #630: 0001-Fix-isatty-check-for-good.patch

File 0001-Fix-isatty-check-for-good.patch, 2.6 KB (added by Gert Döring, 5 years ago)

0001-Fix-isatty-check-for-good.patch

  • src/openvpn/console.c

    From b1243d8e937f185aefccfea1bd1c92ba419e629e Mon Sep 17 00:00:00 2001
    From: Gert Doering <gert@greenie.muc.de>
    Date: Wed, 9 Dec 2015 20:51:40 +0100
    Subject: [PATCH] Fix isatty() check for good.
    
    Commit 079e5b9c13 introduced a check to see if we --daemon'ized before
    trying to ask for a password (which would then fail with a non-intuitive
    error), breaking querying systemd under certain conditions.
    
    Move check from get_user_pass_cr() to get_console_input() and make it
    "full featured" by not only checking isatty() for stdin/stderr but also
    trying to open /dev/tty in case we still have a controlling tty - which
    is what getpass() does under the hood, so if either of this works, we're
    fine.
    
    Trac #618 and #630
    
    Signed-off-by: Gert Doering <gert@greenie.muc.de>
    ---
     src/openvpn/console.c | 13 +++++++++++++
     src/openvpn/misc.c    |  6 ------
     2 files changed, 13 insertions(+), 6 deletions(-)
    
    diff --git a/src/openvpn/console.c b/src/openvpn/console.c
    index d66d408..e1d46c4 100644
    a b get_console_input (const char *prompt, const bool echo, char *input, const int c 
    208208#if defined(WIN32)
    209209  return get_console_input_win32 (prompt, echo, input, capacity);
    210210#elif defined(HAVE_GETPASS)
     211
     212  /* did we --daemon'ize before asking for passwords?
     213   * (in which case neither stdin or stderr are connected to a tty and
     214   * /dev/tty can not be open()ed anymore)
     215   */
     216  if ( !isatty(0) && !isatty(2) )
     217    {
     218      int fd = open( "/dev/tty", O_RDWR );
     219      if ( fd < 0 )
     220        { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); }
     221      close(fd);
     222    }
     223
    211224  if (echo)
    212225    {
    213226      FILE *fp;
  • src/openvpn/misc.c

    diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
    index 5713d2e..bc411bf 100644
    a b get_user_pass_cr (struct user_pass *up, 
    11371137       */
    11381138      if (username_from_stdin || password_from_stdin)
    11391139        {
    1140 #ifndef WIN32
    1141           /* did we --daemon'ize before asking for passwords? */
    1142           if ( !isatty(0) && !isatty(2) )
    1143             { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); }
    1144 #endif
    1145 
    11461140#ifdef ENABLE_CLIENT_CR
    11471141          if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE))
    11481142            {