Fix password prompt on systemd systems

parent fa7f0ba3
......@@ -2,6 +2,8 @@ openvpn (2.3.8-1) unstable; urgency=medium
* New upstream release. Drop patch from 2.3.7-2.
Hopefully (Closes: #791829)
* Apply upstream fix for systemd password prompt that
delayed this upload. Sorry SysV users.
* debian/rules: remove obsolete options (*-path) to configure
* openvpn@.service: Use KillMode=mixed to fix signaling of some plugins.
(Closes: #792907). Also add PrivateTmp & LimitNPROC options.
......
Index: openvpn-2.3.8/src/openvpn/console.c
===================================================================
--- openvpn-2.3.8.orig/src/openvpn/console.c
+++ openvpn-2.3.8/src/openvpn/console.c
@@ -208,6 +208,19 @@ get_console_input (const char *prompt, c
#if defined(WIN32)
return get_console_input_win32 (prompt, echo, input, capacity);
#elif defined(HAVE_GETPASS)
+
+ /* did we --daemon'ize before asking for passwords?
+ * (in which case neither stdin or stderr are connected to a tty and
+ * /dev/tty can not be open()ed anymore)
+ */
+ if ( !isatty(0) && !isatty(2) )
+ {
+ int fd = open( "/dev/tty", O_RDWR );
+ if ( fd < 0 )
+ { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); }
+ close(fd);
+ }
+
if (echo)
{
FILE *fp;
Index: openvpn-2.3.8/src/openvpn/misc.c
===================================================================
--- openvpn-2.3.8.orig/src/openvpn/misc.c
+++ openvpn-2.3.8/src/openvpn/misc.c
@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up,
*/
else if (from_stdin)
{
-#ifndef WIN32
- /* did we --daemon'ize before asking for passwords? */
- if ( !isatty(0) && !isatty(2) )
- { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); }
-#endif
-
#ifdef ENABLE_CLIENT_CR
if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE))
{
......@@ -6,3 +6,4 @@ route_default_nil.patch
kfreebsd_support.patch
accommodate_typo.patch
manpage_fixes.patch
password_prompt_in_systemd.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment