From patchwork Wed Apr 28 07:44:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 1781 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id OOy6G2efiWDOZgAAIUCqbw (envelope-from ) for ; Wed, 28 Apr 2021 13:46:15 -0400 Received: from proxy19.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id UA6LG2efiWBPGAAAovjBpQ (envelope-from ) for ; Wed, 28 Apr 2021 13:46:15 -0400 Received: from smtp11.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.ord1d.rsapps.net with LMTPS id IEqyGmefiWDaKAAAyH2SIw (envelope-from ) for ; Wed, 28 Apr 2021 13:46:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=pass header.d=lists.sourceforge.net; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=protonmail.com; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: NO X-Classification-ID: a082199e-a849-11eb-9b40-5254005f837b-1-1 Received: from [216.105.38.7] ([216.105.38.7:57136] helo=lists.sourceforge.net) by smtp11.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 59/10-07601-66F99806; Wed, 28 Apr 2021 13:46:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Reply-To:From:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Content-Type: MIME-Version:Message-ID:To:Date:Sender:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=MrjBDf+tqyXySU79vmt8DrTmMrIdZ21TegLRq/Pio+g=; b=gwKkQylOkVENf+S7Wh+RbJmga8 NUm1JNFB+a0h4nbaeGqt4NixOSuk6zSKmzidqPwhiAzQwuzcI/jHqjXS4K+RjAlDYGdHaQKZu/iWP 1Lyd1Ex08IvFzJlpICLTxCpKaRQ9IsbZdDpAoc/rxlCbzjfOvByjLW9O8+eEaNDR0zWU=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lboFV-0002SF-LK; Wed, 28 Apr 2021 17:45:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lboFT-0002RS-93 for openvpn-devel@lists.sourceforge.net; Wed, 28 Apr 2021 17:45:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:MIME-Version:Message-ID:Subject: Reply-To:Cc:From:To:Date:Sender:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a1JzQzfARQvZ4e0cDnexmaZzXig+6r28FCtV8zSBL9M=; b=GKgnhKOV8HwZKdMOdHGXgkEDep S/N9DhHtbe1MAuauq2Fub5gMTT9kYyshV0yNir+Fz1jI5lTXQ6F6E0/KrXvW9DlduT2CePDP63X1D /i18FiEOncjtAHNjVNtebegWyJiNkj2K1C77sh/pdLXcsf+RS/KNX9MQv5o0tVIsil/E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:MIME-Version:Message-ID:Subject:Reply-To:Cc:From:To:Date: Sender:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=a1JzQzfARQvZ4e0cDnexmaZzXig+6r28FCtV8zSBL9M=; b=L CBHcIH6y3FFZJfyDFku0syE+301ivJYTn3VocbxKoVGhX+/PaGgL6AZosdCE2XYPbqk0A/moaUer9 OZ1ayLfoE56X2TxP25WytYmSbINHu96uvASz5oTcUYdzrn/AC/HBSwC3Mak6/UPQoBpMYN9Crkd2K 0+6gg7qTw6YOqmTM=; Received: from mail-40137.protonmail.ch ([185.70.40.137]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lboFO-005724-Gl for openvpn-devel@lists.sourceforge.net; Wed, 28 Apr 2021 17:45:19 +0000 Date: Wed, 28 Apr 2021 17:44:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1619631902; bh=a1JzQzfARQvZ4e0cDnexmaZzXig+6r28FCtV8zSBL9M=; h=Date:To:From:Cc:Reply-To:Subject:From; b=o2QftKu0sfPzhvvnvCp2NC1fQPA7b37F0yMUhtF49r9Z7LBspyJ8kzdmamlCqoUNs nbLxDpQCCMwVPo5DVeSBTyePWDkfTdMMSzA09l753KeeS4Cx0rb03rU0oIxDolW3fl Ey1Zm09xX8nTKqPnVp84wduJoqCXv703RoiaeINg= To: "openvpn-devel@lists.sourceforge.net" Message-ID: MIME-Version: 1.0 X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (tincantech[at]protonmail.com) 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [185.70.40.137 listed in wl.mailspike.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1lboFO-005724-Gl Subject: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify script environment X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: tincantech via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: tincantech Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Openvpn process ID (daemon_pid) provides the most secure way for scripts to verify which process they were called by. This patch adds daemon_poid to --tls-crypt-v2-verify environment. Tested on Linux and Windows. --- git version 2.25.1 I hope my MTA has not mangled this patch but I don't currently have access to an SMTP server port. If it is borken then please ignore this and I'll find another way. Feel free to send other feedback. eg: NAK + Reason. Thanks R # -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgiZ8TACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ3KTAf+OfRyvNNBqDTulTPHsULxhehPve6mgqsoovqlYomkFnIu20CJ 497Yiqno7Nz49Wy2Ka5nu88sTptp0CdFg6QE2yytol1H8D0vFYwNwyIIS9eq d8pPa/sI0ga8DHSF5QjbvsTJusPolIjR4H7yXPFjrqMXlXYdRgof6IT+P3+G b/ev08nhPSjS0ZlciAPymW1wL5zsttDxSWU8vy/T6NYoq+QTaNfYgqNjlW8M BR48OSAc1aTPBzHeYW8MxOkm3Si9u2qS+hSSMgT0yS8EnvpCZn0vw+tOQ2Ey WR7RmdyoQRsJYANnlY4Pqe+c3h4tuWBK9UCJRnpgz/ytIog8V1VBjg== =iX52 -----END PGP SIGNATURE----- diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 7b5016d3..23d93a6c 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "metadata_type", metadata_type_str); setenv_str(es, "metadata_file", tmp_file); + setenv_int(es, "daemon_pid", platform_getpid()); struct argv argv = argv_new(); argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script);