From patchwork Sat Apr 26 12:19:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Klemens Nanni X-Patchwork-Id: 4227 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:23:b0:656:2334:b60b with SMTP id rm35csp105851mab; Sat, 26 Apr 2025 05:19:41 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXFHHS09v8WQwpv3aKwW7XwrqV7kqQZSdyoeRuLlq11yyCKDDZ3GhBvkHaj+W0eIMc5Glpq+8+7H5I=@openvpn.net X-Google-Smtp-Source: AGHT+IFO3VuqXNyy6q1t/ctEteP0JOFKuO95wWGEQIOOTVYR2BTKzuXqnXeEQimCoB2KUiGYtjN7 X-Received: by 2002:a05:6602:608c:b0:85a:e279:1ed6 with SMTP id ca18e2360f4ac-8645cd4ef58mr649242239f.11.1745669981580; Sat, 26 Apr 2025 05:19:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1745669981; cv=none; d=google.com; s=arc-20240605; b=T9rcAoagAOV9fRZXsYwYUCImjj9FpmTFPL7A8Xlo+fkFh0Ee/ChAV+wbZHEo0W3be2 2tTB28k3sg+XV4ZL3veSs2nAU+6lTZSXCQMQVpHLFVz1lgAjazjLpzcFM7V+gJmH9VgM SB3sg0jL7uyp/oFrq4z8Dc+1JjdW7O73NRLbfHWxE60qYvMcBOFR/lMFbI8dkI4OFEj0 Q61nWjVeKpT6pFSbHwdG9p1buyO0AzqpB0kg0kTUu5PzJ/SHM19ObqiaFlbUSi5GcHth ZEzedfy/wmyZNI4qKqHvt3Uf/0O46r7QSam5FbtgojGNY8zGHt+Z+hryCNwThKwRGm5H dnEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=eX6zRpFv7kuv0XF3tq35T/eGDceK65SaL9TnJLRndzw=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=ClgaR1qP/Qo/BhOlWtzeHaLx8lsHN40khbQQb99YnyDugeGU1PMAaRCE1vghnLy3C/ utKQPXp8PSAQBbwFlGQdnKth69n+1Uy70BS0f9prb8Jfa0j2/PwLnMeufJt08ITdaLH/ TSducz6CH0uR30vPAABhwGuN3Ckk7iYvinDyh8uxYcSDu4u46Q6h4Tm9NCNjeK2EdVVI sI2B5TTfBEmS8gXJufAzR/TsEGamRGpyQV1z3pXz4xdXc9OcFocmZ8qOPB+I4Azqo/B0 4xPerMZELU8n6QS91s4RFQzFtYis8wHLlOhnr19AqLru90lHBE5UPxZCLNVtXSneNWH3 96Eg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YVl2sUxX; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gfqeb1eS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 8926c6da1cb9f-4f8249eea6bsi2905550173.7.2025.04.26.05.19.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 26 Apr 2025 05:19:41 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YVl2sUxX; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gfqeb1eS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1u8eVK-0001mA-89; Sat, 26 Apr 2025 12:19:35 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1u8eVJ-0001lx-5T for openvpn-devel@lists.sourceforge.net; Sat, 26 Apr 2025 12:19:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Subject:Content-Transfer-Encoding:MIME-Version: Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+5N7bDkJflTJapC5yMbbix69e4PVgubEbetUBuhiV4E=; b=YVl2sUxXf8sm2jkmB1FKYHTAUC YlyfsjQAFwTNUZB81EYTvHcHgm8QxMMfk5WS2EIu+26jFbSzd76+GafLawUSUsWYDDePWq3Yl9Vzs HwQ6TEP6xzubSx3H9GvrsTbuPjji3tXrsTCrP84QnrhifsQ06klmf5R9GOUxBU9lnnKM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Subject:Content-Transfer-Encoding:MIME-Version:Message-ID:Date:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=+5N7bDkJflTJapC5yMbbix69e4PVgubEbetUBuhiV4E=; b=g fqeb1eSDWv0CKI90l/umIZ4Fw4cPsg3mAk/Uuz3Y95pfOD57ntXNBrPGhfTrcgkZRJ62wdTRdMjkY eXS3D+FV84UxdRYzQT7w74/HFzh0BmpwLrrMBQdPadB3IldLPp6FMQp82Ovd/O4pBdybuY46qKcAu rpvOzph+OSGKsahk=; Received: from 94-29-31-189.dynamic.spd-mgts.ru ([94.29.31.189] helo=localhost) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1u8eV3-0005GI-CO for openvpn-devel@lists.sourceforge.net; Sat, 26 Apr 2025 12:19:33 +0000 Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 3fb2da0c for ; Sat, 26 Apr 2025 15:19:03 +0300 (MSK) From: Klemens Nanni To: openvpn-devel@lists.sourceforge.net Date: Sat, 26 Apr 2025 15:19:03 +0300 Message-ID: <20250426121903.67930-1-kn@openbsd.org> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-Helo-Check: bad, Not FQDN (localhost) X-Spam-Score: 8.9 (++++++++) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Mention its default (on non-Windows systems), rephrase for brevity, fix grammar, correct the module environment variable name and remove a wrong default mentioned in a related option. --- doc/man-sect [...] Content analysis details: (8.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [94.29.31.189 listed in zen.spamhaus.org] 3.6 HELO_LOCALHOST No description available. 0.0 FSL_HELO_NON_FQDN_1 No description available. 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [94.29.31.189 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [94.29.31.189 listed in bl.score.senderscore.com] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS X-VA-Spam-Flag: YES X-Spam-Flag: YES X-Headers-End: 1u8eV3-0005GI-CO Subject: [Openvpn-devel] [SPAM] [PATCH] Fix tmp-dir documentation X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1830467646573592255?= X-GMAIL-MSGID: =?utf-8?q?1830467646573592255?= Mention its default (on non-Windows systems), rephrase for brevity, fix grammar, correct the module environment variable name and remove a wrong default mentioned in a related option. Acked-by: Frank Lichtenheld --- doc/man-sections/generic-options.rst | 11 +++++------ doc/man-sections/script-options.rst | 8 +++----- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index ba9376be..882cf283 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -454,12 +454,11 @@ which mode OpenVPN is configured as. independently of network and tunnel issues. --tmp-dir dir - Specify a directory ``dir`` for temporary files. This directory will be - used by openvpn processes and script to communicate temporary data with - openvpn main process. Note that the directory must be writable by the - OpenVPN process after it has dropped it's root privileges. + Specify a directory ``dir`` for temporary files instead of the default + :code:`TMPDIR` (or "/tmp" if unset). Note that it must be writable by the main + process after it has dropped root privileges. - This directory will be used by in the following cases: + This directory will be used to communicate with scripts and plugins: * ``--client-connect`` scripts and :code:`OPENVPN_PLUGIN_CLIENT_CONNECT` plug-in hook to dynamically generate client-specific configuration @@ -469,7 +468,7 @@ which mode OpenVPN is configured as. * :code:`OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY` plug-in hooks returns success/failure via :code:`auth_control_file` when using deferred auth - method and pending authentication via :code:`pending_auth_file`. + method and pending authentication via :code:`auth_pending_file`. --use-prediction-resistance Enable prediction resistance on mbed TLS's RNG. diff --git a/doc/man-sections/script-options.rst b/doc/man-sections/script-options.rst index 0d1f9aec..e48710ba 100644 --- a/doc/man-sections/script-options.rst +++ b/doc/man-sections/script-options.rst @@ -87,11 +87,9 @@ SCRIPT HOOKS and password to the first two lines of a temporary file. The filename will be passed as an argument to ``cmd``, and the file will be automatically deleted by OpenVPN after the script returns. The location - of the temporary file is controlled by the ``--tmp-dir`` option, and - will default to the current directory if unspecified. For security, - consider setting ``--tmp-dir`` to a volatile storage medium such as - :code:`/dev/shm` (if available) to prevent the username/password file - from touching the hard drive. + of the temporary file is controlled by the ``--tmp-dir`` option. For security, + consider setting it to a volatile storage medium such as :code:`/dev/shm` (if + available) to prevent the username/password file from touching the hard drive. The script should examine the username and password, returning a success exit code (:code:`0`) if the client's authentication request is to be