From patchwork Thu Apr 29 05:30:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 1782 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id yHC5F0fRimBrGQAAIUCqbw (envelope-from ) for ; Thu, 29 Apr 2021 11:31:19 -0400 Received: from proxy12.mail.iad3b.rsapps.net ([172.31.255.6]) by director14.mail.ord1d.rsapps.net with LMTP id cOhiF0fRimCzewAAeJ7fFg (envelope-from ) for ; Thu, 29 Apr 2021 11:31:19 -0400 Received: from smtp34.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3b.rsapps.net with LMTPS id mLcREkfRimCZYgAAEsW3lA (envelope-from ) for ; Thu, 29 Apr 2021 11:31:19 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp34.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=pass header.d=lists.sourceforge.net; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=protonmail.com; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: NO X-Classification-ID: f1241f08-a8ff-11eb-bf1a-5254005e8ddb-1-1 Received: from [216.105.38.7] ([216.105.38.7:42204] helo=lists.sourceforge.net) by smtp34.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C0/5C-19686-641DA806; Thu, 29 Apr 2021 11:31:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Reply-To:From:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Content-Type: MIME-Version:Message-ID:To:Date:Sender:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=ra+z1sY76ZHCDxQHa4vdtNvE/Owom3C316b/iuZLTfY=; b=Eqe+0hdJwyDEOgUQuZZt1G+g5M JnmUFlAas+zX2XWKI+OUjamGyA6aM4QC10vN+YZ/VRzPM9Bzuwf6D0YHH/ZhXqWQYkPXHQMUNY7at 3AeQQ2q6ZV/P/YdQkn0t9Lx6mUuHg+QGkV7VXBZujxm8sAOfZnydnA+m3SHFEsJWGcPs=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lc8cO-0007PO-4t; Thu, 29 Apr 2021 15:30:20 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lc8cM-0007Oy-0A for openvpn-devel@lists.sourceforge.net; Thu, 29 Apr 2021 15:30:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:MIME-Version:Message-ID:Subject: Reply-To:Cc:From:To:Date:Sender:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=X1N7x0HtbKLF/JfsyEJlVi/mYDu334LhzN83bzd9SZM=; b=Lr/l63fXECcI8mUAUT8lfIwmW/ b61QL/zpJAy+Y5WZmY2zBTmVrqSRFBje7Pe+bCVw4er492kr12IKlbQ7qHmGXpZ3J2Fu+BvjjEwbc c7G8xz2zaAzI2Tou/A9FF7EdDJF44lORBBQOV2UWUDDIzdlwm1kGNqRNqZ+qiHgJKiBo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:MIME-Version:Message-ID:Subject:Reply-To:Cc:From:To:Date: Sender:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=X1N7x0HtbKLF/JfsyEJlVi/mYDu334LhzN83bzd9SZM=; b=P ICPECTkSPALiyBxn5zdfTz00LEvwJJmaY5eoz4NmhwEN8sBy6Jv0grdsiLP0YvePAIDdCuxIsvqWC zfvkhfimonXxowLTqA8nZWMMobqj88ykgvaDAdsK+fl1ZLaHVL2jN9LG1M+5dwIZaUCiUSUAnkRA4 Cao/dZ/grgN+uVbY=; Received: from mail-40132.protonmail.ch ([185.70.40.132]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lc8cJ-009BZr-Vy for openvpn-devel@lists.sourceforge.net; Thu, 29 Apr 2021 15:30:19 +0000 Date: Thu, 29 Apr 2021 15:30:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1619710208; bh=X1N7x0HtbKLF/JfsyEJlVi/mYDu334LhzN83bzd9SZM=; h=Date:To:From:Cc:Reply-To:Subject:From; b=r9KTqgFnqx1bXY0PlvFewcWATVUccWRvgSoJsYQnAJCpnjPK485iHMMf1WwXs+L8d dmBsU2wrdmso5GxdwkY0l3LE12kUzqT8woq8dgT5xePnue5HgCZFpZ4CNB0bELphC3 aDv9D61iHU4ZuiGnkvEHutBBJoJEFOLDfNX7MJow= To: "openvpn-devel@lists.sourceforge.net" Message-ID: <99YBapCXJmmHmv2-QASLJLHdHKs0z9Z_6lFqkYECQLOHtcD5haoAHMICbOF_ool1UFxDjQm39QRFXvVDtfekNHEF0XQf3dukBKeitu_88gA=@protonmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (tincantech[at]protonmail.com) 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: protonmail.com] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [185.70.40.132 listed in wl.mailspike.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1lc8cJ-009BZr-Vy Subject: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: tincantech via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: tincantech Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Under Windows, programmatically retrieving the parent process ID of the openvpn instance which called a script is practically impossible. The only sensible way, currently available, is to write a PID file. This patch adds a single integer variable, named daemon_pid, to the script environment. The value of which is set to the openvpn process ID that called the script. Providing this variable via the running openvpn process is more secure, faster and far less prone to user-error than using a PID file. Signed-off-by: Richard T Bonhomme tincantech@protonmail.com src/openvpn/tls_crypt.c | 1 + 1 file changed, 1 insertion(+) --- 2.25.1 -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgitDzACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ3tigf9GP21RvAuybG60NgMaC5t9LIyjlBjaNOcWjLgbCUh7KhFSPMu 6r48YAsdy2PB7vd753GhjoQbQuM8+JhS0+fXBIgtToOxMOSGJoSJLu0RoYL3 ScRLXgx2M0p5wbQdHD9tx3ZsVXKyLPTwRWg3w3V7viIJ2A9tmiAUuX4YflJ+ hyfhp1sT648Hb2PW3eIBvEMZNOGG9Et/jS833/Yk5WRn8Wee/nPASOYYbHGf amX51gbevtmJy67Dti0ibUNomf9uYFd95ojG9qdqJDDQaff76nbda/bRX38g SUu50B2mNpS/sHeirUAKCpuzmMxqpLl9NOxS4m3SFLk+sfeDgSJRSA== =6a1K -----END PGP SIGNATURE----- From 91baf93e62db2ed063a8c4cfdf5b6ff750ac6103 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Thu, 29 Apr 2021 16:17:06 +0100 Subject: [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment Under Windows, programmatically retrieving the parent process ID of the openvpn instance which called a script is practically impossible. The only sensible way, currently available, is to write a PID file. This patch adds a single integer variable, named daemon_pid, to the script environment. The value of which is set to the openvpn process ID that called the script. Providing this variable via the running openvpn process is more secure, faster and far less prone to user-error than using a PID file. Signed-off-by: Richard T Bonhomme --- src/openvpn/tls_crypt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 7b5016d3..23d93a6c 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "metadata_type", metadata_type_str); setenv_str(es, "metadata_file", tmp_file); + setenv_int(es, "daemon_pid", platform_getpid()); struct argv argv = argv_new(); argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script); -- 2.25.1