From 792fa6373244c732d97ff69799b7739326774784 Mon Sep 17 00:00:00 2001
From: Pete Nelson <pete.nelson@unitedlex.com>
Date: Thu, 11 Feb 2016 19:03:59 -0500
Subject: add second fork for proper daemonize

---
 duo_openvpn.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/duo_openvpn.c b/duo_openvpn.c
index d7db313..b4ba6eb 100644
--- a/duo_openvpn.c
+++ b/duo_openvpn.c
@@ -67,10 +67,32 @@ auth_user_pass_verify(struct context *ctx, const char *args[], const char *envp[
 	}
 
 	if (pid > 0) {
+		int status;
+
+		/* openvpn process forked ok, wait for first child to exit and return its status */
+		pid = waitpid(pid, &status, 0);
+		if (pid < 0) {
+			return OPENVPN_PLUGIN_FUNC_ERROR;
+		}
+
+		if (WIFEXITED(status)) {
+			return WEXITSTATUS(status);
+		}
+
+		return OPENVPN_PLUGIN_FUNC_ERROR;
+	}
+
+	pid = fork();
+	if (pid < 0) {
+		return OPENVPN_PLUGIN_FUNC_ERROR;
+	}
+
+	if (pid > 0) {
+		/* first child forked ok, pass deferred return up to parent openvpn process */
 		return OPENVPN_PLUGIN_FUNC_DEFERRED;
 	}
 
-	/* daemonize so PID 1 can reap */
+	/* second child daemonizes so PID 1 can reap */
 	umask(0);
 	setsid();
 	chdir("/");
-- 
cgit v1.2.3