diff options
| author | Gert Doering | 2015-12-09 21:03:55 +0100 |
|---|---|---|
| committer | Gert Doering | 2015-12-10 17:03:19 +0100 |
| commit | db55abd9e28546874edd78fa50df594a78e794b9 (patch) | |
| tree | e9450b24c98a731cc3a34c52e2ca7fbab45d0f60 | |
| parent | 0a9f866f78b5287e9996978898ccf213afd6b8d2 (diff) | |
| download | openvpn-db55abd9e28546874edd78fa50df594a78e794b9.zip openvpn-db55abd9e28546874edd78fa50df594a78e794b9.tar.gz | |
Fix isatty() check for good.
Commit 079e5b9c13 introduced a check to see if we --daemon'ized before
trying to ask for a password (which would then fail with a non-intuitive
error), breaking querying systemd under certain conditions.
Move check from get_user_pass_cr() to get_console_input() and make it
"full featured" by not only checking isatty() for stdin/stderr but also
trying to open /dev/tty in case we still have a controlling tty - which
is what getpass() does under the hood, so if either of this works, we're
fine.
Trac #618 and #630
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <1449691435-5928-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10709
(cherry picked from commit 015fe7177181fb4944ddf33debcfcd20c62ba55a)
| -rw-r--r-- | src/openvpn/console.c | 13 | ||||
| -rw-r--r-- | src/openvpn/misc.c | 6 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/openvpn/console.c b/src/openvpn/console.c index d66d408..e1d46c4 100644 --- a/src/openvpn/console.c +++ b/src/openvpn/console.c @@ -208,6 +208,19 @@ get_console_input (const char *prompt, const bool echo, char *input, const int c #if defined(WIN32) return get_console_input_win32 (prompt, echo, input, capacity); #elif defined(HAVE_GETPASS) + + /* did we --daemon'ize before asking for passwords? + * (in which case neither stdin or stderr are connected to a tty and + * /dev/tty can not be open()ed anymore) + */ + if ( !isatty(0) && !isatty(2) ) + { + int fd = open( "/dev/tty", O_RDWR ); + if ( fd < 0 ) + { msg(M_FATAL, "neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for '%s'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prompt ); } + close(fd); + } + if (echo) { FILE *fp; diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index cdbb883..9fd4a36 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -1137,12 +1137,6 @@ get_user_pass_cr (struct user_pass *up, */ if (username_from_stdin || password_from_stdin) { -#ifndef WIN32 - /* did we --daemon'ize before asking for passwords? */ - if ( !isatty(0) && !isatty(2) ) - { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); } -#endif - #ifdef ENABLE_CLIENT_CR if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE)) { |