Opened 9 years ago
Closed 9 years ago
#576 closed Bug / Defect (fixed)
openvpn doesn't ask for username/password from stdin in daemon mode
Reported by: | tvujec | Owned by: | Steffan Karger |
---|---|---|---|
Priority: | major | Milestone: | release 2.3.8 |
Component: | Generic / unclassified | Version: | OpenVPN 2.3.7 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Since somewhere between 2.3.2 and 2.3.7, "possibly_become_daemon" was moved before "init_instance" and "init_query_pass" is now only called after the openvpn gets daemonized. That is a regression and now it is not possible to provide initial username and password in daemon mode, which is needed when e.g. OTP is used.
Change History (9)
comment:1 Changed 9 years ago by
Milestone: | → release 2.3.8 |
---|---|
Owner: | set to Steffan Karger |
Status: | new → assigned |
comment:2 Changed 9 years ago by
comment:3 Changed 9 years ago by
init_query_pass() might depend on yet something else, so it takes a bit of careful looking.
We knew that the --daemon change could have side effects (due to the fairly complicated and long list of things set up dependent on the options passed) - this one, we overlooked... sorry for that.
We'll patch "ASAP", but there is a "AP" = "as possible" in there, so we can't promise anything - OTOH if you come up with a patch that works for you, we can start with reviewing, instead of looking ourselves... :-)
comment:4 follow-up: 7 Changed 9 years ago by
I could indeed reproduce the issue with --daemon + --auth-user-pass. I just sent the patch that resolves the issue for me to the list:
http://thread.gmane.org/gmane.network.openvpn.devel/9901
If you are in the opportunity to test, I would appreciate to hear if this resolves the issue for you too.
comment:5 follow-up: 6 Changed 9 years ago by
I'm not sure if you were already doing this, but I forgot to mention that with the new patch you should add the --askpass
option to make it work again.
comment:6 Changed 9 years ago by
comment:7 Changed 9 years ago by
Replying to syzzer:
I could indeed reproduce the issue with --daemon + --auth-user-pass. I just sent the patch that resolves the issue for me to the list:
http://thread.gmane.org/gmane.network.openvpn.devel/9901
If you are in the opportunity to test, I would appreciate to hear if this resolves the issue for you too.
I was finally able to test, and I can confirm that it works without any apparent side-effects. I had to modify the patch a slight bit, as I used released 2.3.7 openvpn sources (manually building EPEL package).
comment:8 Changed 9 years ago by
Component: | OpenVPN Connect → Generic / unclassified |
---|
Thanks for reporting back, and glad to hear this resolves the issue for you.
comment:9 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
2.3.8 has been tagged in the git repo, and tarballs should show up on the download site tomorrow or so.
I could potentially patch this, but I must admit that I don't know much about openvpn code, and sticking a call to "init_query_pass" somewhere before "possibly_become_daemon" might break some other things I am not aware of. Please let me know if a patch can be done quickly.