[Openvpn-devel] Error out if both remap-usr1 SIGHUP and config stdin are used

Message ID 20220722125122.2441814-1-arne@rfc2549.org
State Changes Requested
Headers show
Series [Openvpn-devel] Error out if both remap-usr1 SIGHUP and config stdin are used | expand

Commit Message

Arne Schwabe July 22, 2022, 2:51 a.m. UTC
OpenVPN for Android uses config stdin to avoid writing the config
file containing private keys to 'disk'. However using stdin means
that config cannot be reread using SIGHUP. While there might be other
corner cases that trigger SIGHUP, this is an obvious one, so we
error out if we detect this misconfiguration.
---
 src/openvpn/options.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Frank Lichtenheld July 22, 2022, 2:57 a.m. UTC | #1
On Fri, Jul 22, 2022 at 02:51:22PM +0200, Arne Schwabe wrote:
> OpenVPN for Android uses config stdin to avoid writing the config
> file containing private keys to 'disk'. However using stdin means
> that config cannot be reread using SIGHUP. While there might be other
> corner cases that trigger SIGHUP, this is an obvious one, so we
> error out if we detect this misconfiguration.
> ---
>  src/openvpn/options.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index abda8c379..e56df7d4c 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -3680,6 +3680,12 @@ options_postprocess_mutate(struct options *o, struct env_set *es)
>          o->verify_hash_no_ca = true;
>      }
>  
> +    if (streq(o->config, "stdin") && o->remap_sigusr1 == SIGHUP)
> +    {
> +        MSG(M_USAGE, "Options 'config stdin' and 'remap-sigusr SIGHUP' are"
> +                     "incompatible with each other.");

FWIW, the option is called remap-usr1, not remap-sigusr.

Regards,

Patch

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index abda8c379..e56df7d4c 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3680,6 +3680,12 @@  options_postprocess_mutate(struct options *o, struct env_set *es)
         o->verify_hash_no_ca = true;
     }
 
+    if (streq(o->config, "stdin") && o->remap_sigusr1 == SIGHUP)
+    {
+        MSG(M_USAGE, "Options 'config stdin' and 'remap-sigusr SIGHUP' are"
+                     "incompatible with each other.");
+    }
+
     /* check if any option should force disabling DCO */
 #if defined(TARGET_LINUX)
     o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o);