File 0001-Allow-systemd-ask-password-to-access-credentials-dir.patch of Package openvpn

From 6319781a565fd5c5d72f87a5b972b73c375c319f Mon Sep 17 00:00:00 2001
From: William Brown <william.brown@suse.com>
Date: Thu, 11 Apr 2024 14:11:18 +1000
Subject: [PATCH] Allow systemd ask password to access credentials directory

---
 src/openvpn/console_systemd.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git src/openvpn/console_systemd.c src/openvpn/console_systemd.c
index c7cf1ad..dae5399 100644
--- src/openvpn/console_systemd.c
+++ src/openvpn/console_systemd.c
@@ -61,6 +61,10 @@ get_console_input_systemd(const char *prompt, const bool echo, char *input, cons
     int std_out;
     bool ret = false;
     struct argv argv = argv_new();
+    char credentials_directory[128] = {0};
+    char *env_credentials_directory = NULL;
+    struct env_set *es = env_set_create(NULL);
+
 
     argv_printf(&argv, SYSTEMD_ASK_PASSWORD_PATH);
 #ifdef SYSTEMD_NEWER_THAN_216
@@ -73,7 +77,21 @@ get_console_input_systemd(const char *prompt, const bool echo, char *input, cons
     argv_printf_cat(&argv, "--icon network-vpn");
     argv_printf_cat(&argv, "%s", prompt);
 
-    if ((std_out = openvpn_popen(&argv, NULL)) < 0)
+    /*
+     * It seems counter intuitive, but we need to get this directly from getenv. This is
+     * is because during a pkcs11 load, we don't have a way to pass our envp pointer in.
+     */
+    env_credentials_directory = getenv("CREDENTIALS_DIRECTORY");
+    if (env_credentials_directory) {
+        openvpn_snprintf(credentials_directory, sizeof(credentials_directory), "CREDENTIALS_DIRECTORY=%s", env_credentials_directory);
+        env_set_add(es, credentials_directory);
+    }
+
+    std_out = openvpn_popen(&argv, es);
+
+    env_set_destroy(es);
+
+    if (std_out < 0)
     {
         return false;
     }
-- 
2.44.0