openvpn icon indicating copy to clipboard operation
openvpn copied to clipboard

Published 20 hours ago verified publisher icon OpenVPN

Close stdout/stderr/stdin fds in auth-plugin fork

Open gollub opened this issue 7 years ago • 5 comments

The auth-pam plugin gets forked to run in background and kept stdin/stdout/stderr open. This might block the callee of the OpenVPN which expect that it nicely turns into a daemon.

gollub avatar Mar 03 '17 09:03 gollub

Any progress on this?

Jnchi avatar Jun 07 '19 13:06 Jnchi

Hi,

On Fri, Jun 07, 2019 at 06:25:22AM -0700, kawakami wrote:

Any progress on this?

Please send patches to the [email protected] mailing list. Our current process requires the patch to be in the list archives and ACKed on the list.

PRs are - as the intro document says - not something we work with (but you cannot turn them off on github).

The patch description itself sounds like something we want to fix :-)

gert

-- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany [email protected]

cron2 avatar Jun 23 '19 19:06 cron2

Before considering this patch we should understand what the issue is. I am not sure how closing stdout/err could help here.

Any extra detail @gollub ?

(Sorry for the latency, but we really not pay attention to GH, as development happens on the ml)

ordex avatar Sep 17 '22 22:09 ordex

@Jnchi do you know why this patch was important and what it was fixing?

ordex avatar Oct 04 '22 08:10 ordex

Hi,

On Fri, Mar 03, 2017 at 01:44:12AM -0800, Daniel Gollub wrote:

The auth-pam plugin gets forked to run in background and kept stdin/stdout/stderr open. This might block the callee of the OpenVPN which expect that it nicely turns into a daemon.

Not sure I am following - in which scenario is this relevant? If I run openvpn with "--daemon" (which would be the expected scenario), OpenVPN takes care of that before forking plugins.

This is what I see if I do "lsof -p $pluginprocess" on one of my instances using plugin-auth-pam

$ ps axwu |grep pam root 16081 0.0 0.1 7744 5468 ? Ss 12:25 0:00 ./bin/openvpn --daemon tun-udp-p2mp-global-authpam --cd tun-udp-p2mp-global-authpam --config server.conf --writepid ../openvpn-tun-udp-p2mp-global-authpam.pid root 16083 0.0 0.0 7612 656 ? S 12:25 0:00 ./bin/openvpn --daemon tun-udp-p2mp-global-authpam --cd tun-udp-p2mp-global-authpam --config server.conf --writepid ../openvpn-tun-udp-p2mp-global-authpam.pid gert 16102 0.0 0.0 7764 2320 pts/0 S+ 12:25 0:00 grep --colour=auto pam

$ SU lsof -p 16083 ... openvpn 16083 root 0u CHR 1,3 0t0 5780 /dev/null openvpn 16083 root 1u CHR 1,3 0t0 5780 /dev/null openvpn 16083 root 2u CHR 1,3 0t0 5780 /dev/null

So - this is how it should be.

gert

"If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany @.***

cron2 avatar Oct 11 '22 07:10 cron2