diff options
| author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2015-12-15 18:29:37 +0100 |
|---|---|---|
| committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2015-12-15 18:29:37 +0100 |
| commit | 35807e5652390e8b2fd66b9051f3b41c9488302e (patch) | |
| tree | 586cfc0b209cd4398b730fbe77f7423aaecf12b4 | |
| parent | fa7f0ba30474c910791abdc71496f573009f6f36 (diff) | |
Fix password prompt on systemd systems
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/password_prompt_in_systemd.patch | 41 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 44 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 75df475..ec1150e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ openvpn (2.3.8-1) unstable; urgency=medium * New upstream release. Drop patch from 2.3.7-2. Hopefully (Closes: #791829) + * Apply upstream fix for systemd password prompt that + delayed this upload. Sorry SysV users. * debian/rules: remove obsolete options (*-path) to configure * openvpn@.service: Use KillMode=mixed to fix signaling of some plugins. (Closes: #792907). Also add PrivateTmp & LimitNPROC options. diff --git a/debian/patches/password_prompt_in_systemd.patch b/debian/patches/password_prompt_in_systemd.patch new file mode 100644 index 0000000..f245881 --- /dev/null +++ b/debian/patches/password_prompt_in_systemd.patch @@ -0,0 +1,41 @@ +Index: openvpn-2.3.8/src/openvpn/console.c +=================================================================== +--- openvpn-2.3.8.orig/src/openvpn/console.c ++++ openvpn-2.3.8/src/openvpn/console.c +@@ -208,6 +208,19 @@ get_console_input (const char *prompt, c + #if defined(WIN32) + return get_console_input_win32 (prompt, echo, input, capacity); + #elif defined(HAVE_GETPASS) ++ ++ /* did we --daemon'ize before asking for passwords? ++ * (in which case neither stdin or stderr are connected to a tty and ++ * /dev/tty can not be open()ed anymore) ++ */ ++ if ( !isatty(0) && !isatty(2) ) ++ { ++ int fd = open( "/dev/tty", O_RDWR ); ++ if ( fd < 0 ) ++ { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); } ++ close(fd); ++ } ++ + if (echo) + { + FILE *fp; +Index: openvpn-2.3.8/src/openvpn/misc.c +=================================================================== +--- openvpn-2.3.8.orig/src/openvpn/misc.c ++++ openvpn-2.3.8/src/openvpn/misc.c +@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up, + */ + else if (from_stdin) + { +-#ifndef WIN32 +- /* did we --daemon'ize before asking for passwords? */ +- if ( !isatty(0) && !isatty(2) ) +- { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); } +-#endif +- + #ifdef ENABLE_CLIENT_CR + if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE)) + { diff --git a/debian/patches/series b/debian/patches/series index f37465a..64e73f4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ route_default_nil.patch kfreebsd_support.patch accommodate_typo.patch manpage_fixes.patch +password_prompt_in_systemd.patch |