[Openvpn-devel] Add daemon_pid to --tls-crypt-v2-verify environment

Message ID	99YBapCXJmmHmv2-QASLJLHdHKs0z9Z_6lFqkYECQLOHtcD5haoAHMICbOF_ool1UFxDjQm39QRFXvVDtfekNHEF0XQf3dukBKeitu_88gA=@protonmail.com
State	Superseded
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Date: Thu, 29 Apr 2021 15:30:02 +0000 To: "openvpn-devel@lists.sourceforge.net" <openvpn-devel@lists.sourceforge.net> Message-ID: <99YBapCXJmmHmv2-QASLJLHdHKs0z9Z_6lFqkYECQLOHtcD5haoAHMICbOF_ool1UFxDjQm39QRFXvVDtfekNHEF0XQf3dukBKeitu_88gA=@protonmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_dtx6TzDx5bZnGrycatl1FIDxPNRP9o8TWJG65upjPaU" NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: protonmail.com] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [185.70.40.132 listed in wl.mailspike.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Subject: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment Precedence: list From: tincantech via Openvpn-devel <openvpn-devel@lists.sourceforge.net> Reply-To: tincantech <tincantech@protonmail.com> Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel] Add daemon_pid to --tls-crypt-v2-verify environment \| expand [Openvpn-devel] Add daemon_pid to --tls-crypt-v2-verify environment

Message ID

99YBapCXJmmHmv2-QASLJLHdHKs0z9Z_6lFqkYECQLOHtcD5haoAHMICbOF_ool1UFxDjQm39QRFXvVDtfekNHEF0XQf3dukBKeitu_88gA=@protonmail.com

State

Superseded

Headers

show

Date: Thu, 29 Apr 2021 15:30:02 +0000
To: "openvpn-devel@lists.sourceforge.net"
 <openvpn-devel@lists.sourceforge.net>
Message-ID: 
 <99YBapCXJmmHmv2-QASLJLHdHKs0z9Z_6lFqkYECQLOHtcD5haoAHMICbOF_ool1UFxDjQm39QRFXvVDtfekNHEF0XQf3dukBKeitu_88gA=@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="b1_dtx6TzDx5bZnGrycatl1FIDxPNRP9o8TWJG65upjPaU"
Subject: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify
 environment
Precedence: list
From: tincantech via Openvpn-devel <openvpn-devel@lists.sourceforge.net>
Reply-To: tincantech <tincantech@protonmail.com>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel] Add daemon_pid to --tls-crypt-v2-verify environment | expand

Commit Message

Kristof Provost via Openvpn-devel April 29, 2021, 5:30 a.m. UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Under Windows, programmatically retrieving the parent process ID of
the openvpn instance which called a script is practically impossible.
The only sensible way, currently available, is to write a PID file.

This patch adds a single integer variable, named daemon_pid, to the
script environment. The value of which is set to the openvpn process
ID that called the script.

Providing this variable via the running openvpn process is more secure,
faster and far less prone to user-error than using a PID file.

Signed-off-by: Richard T Bonhomme tincantech@protonmail.com

src/openvpn/tls_crypt.c | 1 +
1 file changed, 1 insertion(+)



--
2.25.1
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJgitDzACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ3tigf9GP21RvAuybG60NgMaC5t9LIyjlBjaNOcWjLgbCUh7KhFSPMu
6r48YAsdy2PB7vd753GhjoQbQuM8+JhS0+fXBIgtToOxMOSGJoSJLu0RoYL3
ScRLXgx2M0p5wbQdHD9tx3ZsVXKyLPTwRWg3w3V7viIJ2A9tmiAUuX4YflJ+
hyfhp1sT648Hb2PW3eIBvEMZNOGG9Et/jS833/Yk5WRn8Wee/nPASOYYbHGf
amX51gbevtmJy67Dti0ibUNomf9uYFd95ojG9qdqJDDQaff76nbda/bRX38g
SUu50B2mNpS/sHeirUAKCpuzmMxqpLl9NOxS4m3SFLk+sfeDgSJRSA==
=6a1K
-----END PGP SIGNATURE-----

From 91baf93e62db2ed063a8c4cfdf5b6ff750ac6103 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Thu, 29 Apr 2021 16:17:06 +0100
Subject: [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment

Under Windows, programmatically retrieving the parent process ID of
the openvpn instance which called a script is practically impossible.
The only sensible way, currently available, is to write a PID file.

This patch adds a single integer variable, named daemon_pid, to the
script environment. The value of which is set to the openvpn process
ID that called the script.

Providing this variable via the running openvpn process is more secure,
faster and far less prone to user-error than using a PID file.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 src/openvpn/tls_crypt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 7b5016d3..23d93a6c 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -537,6 +537,7 @@  tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx,
     setenv_str(es, "script_type", "tls-crypt-v2-verify");
     setenv_str(es, "metadata_type", metadata_type_str);
     setenv_str(es, "metadata_file", tmp_file);
+    setenv_int(es, "daemon_pid", platform_getpid());

     struct argv argv = argv_new();
     argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script);
-- 
2.25.1

[Openvpn-devel] Add daemon_pid to --tls-crypt-v2-verify environment

Commit Message

Patch