From 4e1e3ba1d8582a1e95dd6f9564e97c99784959a7 Mon Sep 17 00:00:00 2001
From: James Geboski <jgeboski@gmail.com>
Date: Tue, 8 Jan 2013 17:52:57 -0500
Subject: Fix --askpass not allowing for password input via stdin

This resolves --askpass treating stdin as a file during the file access
check. In turn, this leads to openvpn failing to start if this option is
set to stdin.

By default, --askpass reads the certificate's password from stdin rather
than a file. Without passing the CHKACC_ACPTSTDIN flag to
check_file_access(), stdin is marked as being a nonexistent file.

Trac #248

Signed-off-by: James Geboski <jgeboski@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <55A41225.2020705@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9918
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/options.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/openvpn')

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 4165ec7..76e6b65 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2738,8 +2738,8 @@ options_postprocess_filechecks (struct options *options)
                              options->packet_id_file, R_OK|W_OK, "--replay-persist");
 
   /* ** Password files ** */
-  errs |= check_file_access (CHKACC_FILE, options->key_pass_file, R_OK,
-                             "--askpass");
+  errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
+                             options->key_pass_file, R_OK, "--askpass");
 #endif /* ENABLE_CRYPTO */
 #ifdef ENABLE_MANAGEMENT
   errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
-- 
cgit