Fix --askpass not allowing for password input via stdin

This resolves --askpass treating stdin as a file during the file access
check. In turn, this leads to openvpn failing to start if this option is
set to stdin.

By default, --askpass reads the certificate's password from stdin rather
than a file. Without passing the CHKACC_ACPTSTDIN flag to
check_file_access(), stdin is marked as being a nonexistent file.

Trac #248

Signed-off-by: James Geboski <jgeboski@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <55A41225.2020705@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9918
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 4e1e3ba1d8582a1e95dd6f9564e97c99784959a7)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 98ddb69c978b91eec2198e63e243510abb64a77c..99c01873fc4227700244f82a7b2fc1b6c652f81c 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2774,8 +2774,8 @@ options_postprocess_filechecks (struct options *options)
 
   /* ** Password files ** */
 #ifdef ENABLE_SSL
-  errs |= check_file_access (CHKACC_FILE, options->key_pass_file, R_OK,
-                             "--askpass");
+  errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
+                            options->key_pass_file, R_OK, "--askpass");
 #endif /* ENABLE_SSL */
 #ifdef ENABLE_MANAGEMENT
   errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,