summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2015-12-15 18:29:37 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2015-12-15 18:29:37 +0100
commit35807e5652390e8b2fd66b9051f3b41c9488302e (patch)
tree586cfc0b209cd4398b730fbe77f7423aaecf12b4
parentfa7f0ba30474c910791abdc71496f573009f6f36 (diff)
Fix password prompt on systemd systems
-rw-r--r--debian/changelog2
-rw-r--r--debian/patches/password_prompt_in_systemd.patch41
-rw-r--r--debian/patches/series1
3 files changed, 44 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 75df475..ec1150e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ openvpn (2.3.8-1) unstable; urgency=medium
* New upstream release. Drop patch from 2.3.7-2.
Hopefully (Closes: #791829)
+ * Apply upstream fix for systemd password prompt that
+ delayed this upload. Sorry SysV users.
* debian/rules: remove obsolete options (*-path) to configure
* openvpn@.service: Use KillMode=mixed to fix signaling of some plugins.
(Closes: #792907). Also add PrivateTmp & LimitNPROC options.
diff --git a/debian/patches/password_prompt_in_systemd.patch b/debian/patches/password_prompt_in_systemd.patch
new file mode 100644
index 0000000..f245881
--- /dev/null
+++ b/debian/patches/password_prompt_in_systemd.patch
@@ -0,0 +1,41 @@
+Index: openvpn-2.3.8/src/openvpn/console.c
+===================================================================
+--- openvpn-2.3.8.orig/src/openvpn/console.c
++++ openvpn-2.3.8/src/openvpn/console.c
+@@ -208,6 +208,19 @@ get_console_input (const char *prompt, c
+ #if defined(WIN32)
+ return get_console_input_win32 (prompt, echo, input, capacity);
+ #elif defined(HAVE_GETPASS)
++
++ /* did we --daemon'ize before asking for passwords?
++ * (in which case neither stdin or stderr are connected to a tty and
++ * /dev/tty can not be open()ed anymore)
++ */
++ if ( !isatty(0) && !isatty(2) )
++ {
++ int fd = open( "/dev/tty", O_RDWR );
++ if ( fd < 0 )
++ { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); }
++ close(fd);
++ }
++
+ if (echo)
+ {
+ FILE *fp;
+Index: openvpn-2.3.8/src/openvpn/misc.c
+===================================================================
+--- openvpn-2.3.8.orig/src/openvpn/misc.c
++++ openvpn-2.3.8/src/openvpn/misc.c
+@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up,
+ */
+ else if (from_stdin)
+ {
+-#ifndef WIN32
+- /* did we --daemon'ize before asking for passwords? */
+- if ( !isatty(0) && !isatty(2) )
+- { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); }
+-#endif
+-
+ #ifdef ENABLE_CLIENT_CR
+ if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE))
+ {
diff --git a/debian/patches/series b/debian/patches/series
index f37465a..64e73f4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ route_default_nil.patch
kfreebsd_support.patch
accommodate_typo.patch
manpage_fixes.patch
+password_prompt_in_systemd.patch