diff options
Diffstat (limited to 'debian/patches/password_prompt_in_systemd.patch')
-rw-r--r-- | debian/patches/password_prompt_in_systemd.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/debian/patches/password_prompt_in_systemd.patch b/debian/patches/password_prompt_in_systemd.patch new file mode 100644 index 0000000..f245881 --- /dev/null +++ b/debian/patches/password_prompt_in_systemd.patch @@ -0,0 +1,41 @@ +Index: openvpn-2.3.8/src/openvpn/console.c +=================================================================== +--- openvpn-2.3.8.orig/src/openvpn/console.c ++++ openvpn-2.3.8/src/openvpn/console.c +@@ -208,6 +208,19 @@ get_console_input (const char *prompt, c + #if defined(WIN32) + return get_console_input_win32 (prompt, echo, input, capacity); + #elif defined(HAVE_GETPASS) ++ ++ /* did we --daemon'ize before asking for passwords? ++ * (in which case neither stdin or stderr are connected to a tty and ++ * /dev/tty can not be open()ed anymore) ++ */ ++ if ( !isatty(0) && !isatty(2) ) ++ { ++ int fd = open( "/dev/tty", O_RDWR ); ++ if ( fd < 0 ) ++ { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); } ++ close(fd); ++ } ++ + if (echo) + { + FILE *fp; +Index: openvpn-2.3.8/src/openvpn/misc.c +=================================================================== +--- openvpn-2.3.8.orig/src/openvpn/misc.c ++++ openvpn-2.3.8/src/openvpn/misc.c +@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up, + */ + else if (from_stdin) + { +-#ifndef WIN32 +- /* did we --daemon'ize before asking for passwords? */ +- if ( !isatty(0) && !isatty(2) ) +- { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); } +-#endif +- + #ifdef ENABLE_CLIENT_CR + if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE)) + { |