From patchwork Thu Apr 29 07:15:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard T Bonhomme X-Patchwork-Id: 1783 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uJpaL/fpimBpBwAAIUCqbw (envelope-from ) for ; Thu, 29 Apr 2021 13:16:39 -0400 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id gAAUL/fpimApDgAAvGGmqA (envelope-from ) for ; Thu, 29 Apr 2021 13:16:39 -0400 Received: from smtp17.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net with LMTPS id YE2SLvfpimDhfQAA7WKfLA (envelope-from ) for ; Thu, 29 Apr 2021 13:16:39 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: a8a6507a-a90e-11eb-87e0-bc305beffb0c-1-1 Received: from [216.105.38.7] ([216.105.38.7:54416] helo=lists.sourceforge.net) by smtp17.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A0/FA-13203-7F9EA806; Thu, 29 Apr 2021 13:16:39 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lcAGI-0003AH-Iq; Thu, 29 Apr 2021 17:15:38 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lcAGH-0003A7-1s for openvpn-devel@lists.sourceforge.net; Thu, 29 Apr 2021 17:15:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=/JN6iPzhfKViG9JpGYJ7vCmhgJ3QK3/eKXAjb+ksHCE=; b=e1e3U7++tjcTzAm5eWExCrGGuQ 0v6ChH2jCldh++jWf5OtVCjnVZMcoeWBaSLigL1wOTzWr6yMmylKmDWDxiN3Oc82m6FZ7EFKzxO+4 GNzjZB8BmjxxmAXZ+28Bz7/E78ejTb4/xMV5SxFQ83vdaksS/42+eSYyUQddwOBYK+9I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=/JN6iPzhfKViG9JpGYJ7vCmhgJ3QK3/eKXAjb+ksHCE=; b=T s9yN2wPXfgwqjUKTnNOyYvChq4f8raxrFqjf7dURbpFkF0k/KYgGwMhD+OXP+u4XmlqCnD1HBps7Y w1Auh/VDSW5BtlnJ+i5CoXuLciEfy8LXTN+vQ9EQaY5uCz9+4EyurhtmJtgZATUfwJdjrS5gnp8tE ioJ7aEPMItMgR6lM=; Received: from mail-wr1-f42.google.com ([209.85.221.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1lcAG7-00075J-Bz for openvpn-devel@lists.sourceforge.net; Thu, 29 Apr 2021 17:15:36 +0000 Received: by mail-wr1-f42.google.com with SMTP id q9so13536666wrs.6 for ; Thu, 29 Apr 2021 10:15:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/JN6iPzhfKViG9JpGYJ7vCmhgJ3QK3/eKXAjb+ksHCE=; b=nvumAGISSPTITDAujktCz5tO2kvp/vCQqYPt+v0F1/9TlkNx5HmI52lss1zUSZniXw dVYcw0yE7OkPiVd6q+KZvF1S92Cwet6ocsS+kdLAeJFq+vyBlaVzIEQZPbSgzJQJ3KtW c2NFSLhSN+qM0JKQ6EP6y0jnT8emkDpjME83A3ZZT/K1DdkMgBAO6DFjj3NGbQ7mZe/p jyQqzcxNR0a55EudXa5l1iggQZLgqAhKE4qNO0Qy2eZHlKYEYe8+EEbY1smSBTqPJxh2 NLzdnoBNu5GiChaD98e1W9XfBYeyssC6ruLXvkEZwFSO/dy68ToApHq32eu9sJqwAxIM bY3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/JN6iPzhfKViG9JpGYJ7vCmhgJ3QK3/eKXAjb+ksHCE=; b=HZAkyeVihhRDGB3tfRHn2vdjWCQHEH5d+Y4CDwRQLgVuKbSjksWisaI1ec1vefENBM OWq1sW04kSIz5cTrzCS1z2XE3QGH4IEyQgLkD9dfWb25j0xR0LcgSkSa1oi+ROhVBXt/ O6Ew11zlyfJ6aFli3RMpdsebNdAIm8yNhQWQCzpqdBcz7yc905l0p6rHAvuJ1rLRIuxG 1qoMVCvFzWr60WqOb9i+vAeY5y3Yh9f87986atUbAwdwCyheiV53O4JwkRohMDEEKpl1 DvG448H8b2m+dTTLhBwY2lSJt18oCv2IErFUuzIWNZT+PuucAqj/I8BulRcywA6R5Alo BHzg== X-Gm-Message-State: AOAM531GP1rtBHj+ftxoDfUAH3kneTsNGhbFVRoO63/01mu9VYARFc+i hk64A5wacIQ/g8cpqzqbKFogsXs4akqwH+SD X-Google-Smtp-Source: ABdhPJzZqwalcNf4qMpnA9kQsr0m609iPtRH5S106xL1OWVEa92q5DbmONbzSrFMNbIomFbFQGu+AA== X-Received: by 2002:adf:ef8f:: with SMTP id d15mr965350wro.326.1619716521229; Thu, 29 Apr 2021 10:15:21 -0700 (PDT) Received: from localhost.localdomain (host-92-0-33-249.as13285.net. [92.0.33.249]) by smtp.gmail.com with ESMTPSA id c8sm10925913wmr.48.2021.04.29.10.15.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Apr 2021 10:15:20 -0700 (PDT) From: Richard T Bonhomme X-Google-Original-From: Richard T Bonhomme To: openvpn-devel@lists.sourceforge.net Date: Thu, 29 Apr 2021 18:15:04 +0100 Message-Id: <20210429171504.1081888-1-tincantech@protonmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (stringvest88[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.42 listed in list.dnswl.org] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: protonmail.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.42 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (stringvest88[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1lcAG7-00075J-Bz Subject: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: string vest Under Windows, programmatically retrieving the parent process ID of the openvpn instance which called a script is practically impossible. The only sensible way, currently available, is to write a PID file. This patch adds a single integer variable, named daemon_pid, to the script environment. The value of which is set to the openvpn process ID that called the script. Providing this variable via the running openvpn process is more secure, faster and far less prone to user-error than using a PID file. Signed-off-by: Richard T Bonhomme --- src/openvpn/tls_crypt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 7b5016d3..23d93a6c 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "metadata_type", metadata_type_str); setenv_str(es, "metadata_file", tmp_file); + setenv_int(es, "daemon_pid", platform_getpid()); struct argv argv = argv_new(); argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script);