upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-05-28 04:03:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge 976c357499 into 2b8afc6c68

Browse source
This commit is contained in:
Firstyear 2026-05-24 20:27:34 +08:00 committed by GitHub
commit 79fc8ddfbd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/openvpn/console_systemd.c
View file

@ -59,6 +59,9 @@ get_console_input_systemd(const char *prompt, const bool echo, char *input, cons
int std_out;
bool ret = false;
struct argv argv = argv_new();
char credentials_directory[128] = {0};
char *env_credentials_directory = NULL;
struct env_set *es = env_set_create(NULL);
argv_printf(&argv, SYSTEMD_ASK_PASSWORD_PATH);
if (echo)
@ -69,7 +72,28 @@ get_console_input_systemd(const char *prompt, const bool echo, char *input, cons
argv_printf_cat(&argv, "--timeout=0");
argv_printf_cat(&argv, "%s", prompt);
if ((std_out = openvpn_popen(&argv, NULL)) < 0)
/*
* It seems counter intuitive, but we need to get CREDENTIALS_DIRECTORY directly from getenv.
* This is because during a pkcs11 load, we don't have a way to pass our envp pointer to this
* function as the caller is in a pkcs11 callback without that context.
*
* If we don't pass CREDENTIALS_DIRECTORY down to systemd-ask-pass, it can not automatically
* fill the credential from the systemd-credentials. For more see:
*
* https://www.freedesktop.org/software/systemd/man/latest/systemd-ask-password.html#--credential=
*/
env_credentials_directory = getenv("CREDENTIALS_DIRECTORY");
if (env_credentials_directory)
{
openvpn_snprintf(credentials_directory, sizeof(credentials_directory), "CREDENTIALS_DIRECTORY=%s", env_credentials_directory);
env_set_add(es, credentials_directory);
}
std_out = openvpn_popen(&argv, es);
env_set_destroy(es);
if (std_out < 0)
{
return false;
}