summaryrefslogtreecommitdiff
path: root/debian/patches/password_prompt_in_systemd.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/password_prompt_in_systemd.patch')
-rw-r--r--debian/patches/password_prompt_in_systemd.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/debian/patches/password_prompt_in_systemd.patch b/debian/patches/password_prompt_in_systemd.patch
new file mode 100644
index 0000000..f245881
--- /dev/null
+++ b/debian/patches/password_prompt_in_systemd.patch
@@ -0,0 +1,41 @@
+Index: openvpn-2.3.8/src/openvpn/console.c
+===================================================================
+--- openvpn-2.3.8.orig/src/openvpn/console.c
++++ openvpn-2.3.8/src/openvpn/console.c
+@@ -208,6 +208,19 @@ get_console_input (const char *prompt, c
+ #if defined(WIN32)
+ return get_console_input_win32 (prompt, echo, input, capacity);
+ #elif defined(HAVE_GETPASS)
++
++ /* did we --daemon'ize before asking for passwords?
++ * (in which case neither stdin or stderr are connected to a tty and
++ * /dev/tty can not be open()ed anymore)
++ */
++ if ( !isatty(0) && !isatty(2) )
++ {
++ int fd = open( "/dev/tty", O_RDWR );
++ if ( fd < 0 )
++ { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); }
++ close(fd);
++ }
++
+ if (echo)
+ {
+ FILE *fp;
+Index: openvpn-2.3.8/src/openvpn/misc.c
+===================================================================
+--- openvpn-2.3.8.orig/src/openvpn/misc.c
++++ openvpn-2.3.8/src/openvpn/misc.c
+@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up,
+ */
+ else if (from_stdin)
+ {
+-#ifndef WIN32
+- /* did we --daemon'ize before asking for passwords? */
+- if ( !isatty(0) && !isatty(2) )
+- { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); }
+-#endif
+-
+ #ifdef ENABLE_CLIENT_CR
+ if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE))
+ {