Re: [Openvpn-devel] [PATCH] Fix isatty() check for good.

Thu, 10 Dec 2015 08:46:25 +0000 

Hi,

On Thu, Dec 10, 2015 at 02:43:44AM -0500, Selva Nair wrote:
> Thanks for this fix. Systemd-ask-password now works!

Thanks :-)

> On Wed, Dec 9, 2015 at 3:03 PM, Gert Doering <g...@greenie.muc.de> wrote:
> 
> > +  if ( !isatty(0) && !isatty(2) )
> > +    {
> > +      int fd = open( "/dev/tty", O_RDWR );
> > +      if ( fd < 0 )
> >
> 
> This doesn't allow for reading passwords from pipes -- not relevant if
> getpass doesn't fall back to a non-tty stdin if /dev/tty open fails -- does
> it? Not saying pipes should be supported --- whatever is consistent with
> getpass should be fine.

I'm not sure this is a use case we actually have - to trigger this, you'd
need to run openvpn like this

  echo mypass | openvpn 2>/dev/null

(so isatty(2) fails) *and* run it from an RC script or something else that
does not have a controlling tty.

Given that we broke this in 2.3.8 already, and the only complaints we heard
was "systemd is not working anymore" (apologies!), I think that scenario is
somewhat unlikely.


> > +       { msg(M_FATAL, "neither stdin nor stderr are a tty device and you
> > have neither a controlling tty nor systemd - can't ask for '%s'.  If you
> > used --daemon, you need to use --askpass to make passphrase-protected keys
> > work, and you can not use --auth-nocache.", prompt ); }
> > +      close(fd);
> >
> 
> The error message is still incomplete/confusing when the triggered by
> auth-user-pass
> without a filename (i.e stdin), and not by a passphrase-protected key. In
> the former case a reference to the need for management-query or a
> username-password
> file is helpful.
> 
> Other than that, the patch does the right thing, and works well. Tested
> using git- master with and without systemd. ACK from me.

Given these two comments, shall we merge it "as it is", or do you want to 
suggest different text?  I'm fine with changing the text, but have no 
good suggestions.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

Reply via email to