-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Under Windows, programmatically retrieving the parent process ID of the openvpn instance which called a script is practically impossible. The only sensible way, currently available, is to write a PID file.
This patch adds a single integer variable, named daemon_pid, to the
script environment. The value of which is set to the openvpn process
ID that called the script.
Providing this variable via the running openvpn process is more secure,
faster and far less prone to user-error than using a PID file.
Signed-off-by: Richard T Bonhomme tincant...@protonmail.com
src/openvpn/tls_crypt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 7b5016d3..23d93a6c 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx,
setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str);
setenv_str(es, "metadata_file", tmp_file);
- setenv_int(es, "daemon_pid", platform_getpid());
struct argv argv = argv_new();
argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script);
--
2.25.1
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsBzBAEBCAAGBQJgitDzACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ3tigf9GP21RvAuybG60NgMaC5t9LIyjlBjaNOcWjLgbCUh7KhFSPMu
6r48YAsdy2PB7vd753GhjoQbQuM8+JhS0+fXBIgtToOxMOSGJoSJLu0RoYL3
ScRLXgx2M0p5wbQdHD9tx3ZsVXKyLPTwRWg3w3V7viIJ2A9tmiAUuX4YflJ+
hyfhp1sT648Hb2PW3eIBvEMZNOGG9Et/jS833/Yk5WRn8Wee/nPASOYYbHGf
amX51gbevtmJy67Dti0ibUNomf9uYFd95ojG9qdqJDDQaff76nbda/bRX38g
SUu50B2mNpS/sHeirUAKCpuzmMxqpLl9NOxS4m3SFLk+sfeDgSJRSA==
=6a1K
-----END PGP SIGNATURE-----
From 91baf93e62db2ed063a8c4cfdf5b6ff750ac6103 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincant...@protonmail.com>
Date: Thu, 29 Apr 2021 16:17:06 +0100
Subject: [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment
Under Windows, programmatically retrieving the parent process ID of
the openvpn instance which called a script is practically impossible.
The only sensible way, currently available, is to write a PID file.
This patch adds a single integer variable, named daemon_pid, to the
script environment. The value of which is set to the openvpn process
ID that called the script.
Providing this variable via the running openvpn process is more secure,
faster and far less prone to user-error than using a PID file.
Signed-off-by: Richard T Bonhomme <tincant...@protonmail.com>
---
src/openvpn/tls_crypt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 7b5016d3..23d93a6c 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx,
setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str);
setenv_str(es, "metadata_file", tmp_file);
+ setenv_int(es, "daemon_pid", platform_getpid());
struct argv argv = argv_new();
argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script);
--
2.25.1
0001-Add-daemon_pid-to-tls-crypt-v2-verify-environment.patch.sig
Description: PGP signature
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
